Latest news
Week in review: Staying safe on Cyber Monday, Skype fixes account hijacking vulnerability, Adobe admits breach
Posted on 19 November 2012.
Here's an overview of some of last week's most interesting news and articles:
One in four users at risk due to outdated browsers
Nearly a quarter of users don't use the latest browser versions, and those using Mozilla Firefox are the slowest when it comes to updating, which leaves them open to all kinds of web-based attacks, Kaspersky Lab warns.
Blizzard sued over security concerns, "deceptive upselling"
Blizzard, the developer of popular online games such as World of Warcraft and Diablo, has been hit with a class action lawsuit claiming that the company engages in "deceptive upselling" by not making it clear to the customers buying the games that they will also be required to buy the Blizzard Authenticator in order to keep their Battle.net accounts safe.
12 scams of Christmas
The dozen most dangerous online scams to watch out for this holiday season as revealed by McAfee.
When will the public sector grasp basic lessons on information security?
It seems like we can’t get through a single month without a public sector body suffering a hefty fine over a data security blunder. Basic lessons on information security are simply not being headed.
Samsung Galaxy S3 found storing passwords in plain text
Samsung Galaxy S3, currently one of the most popular smartphones on the market, stores passwords in plain text. The culprit is actually Samsung's S-Memo app, and all the passwords stored in it can be accessed by anyone who has root access to the device.
Cyber-tension between nations fuels public desire for action
The UK public is growing increasingly concerned about national cyber security, following the number of high profile security incidents and malware discoveries reported this year. In a survey of 1,000 consumers, 65 percent of respondents stated that pre-emptive strikes on enemy states that pose a credible threat to national security are justified, and of those, 46 percent believe it depends on the level of threat posed.
Push notifications abuse hurts developers as well as users
Push notifications allow app developers to share news with their users, and are a great way of presenting new apps and features. Unfortunately, they are also a great nuisance when they are misused, bombarding users with unwanted and invasive content.
65% of organizations experience three DDoS attacks a year
Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape.
Skype fixes account hijacking vulnerability
Skype has temporarily disabled its password reset function while it was investigating reports about a vulnerability that has been misused to hijack users' accounts, but the function is now available again as they claim to have fixed the problem.
Testing proves advice on keeping computers safe is sound
Amid the often repeated advice about how to keep your computer and yourself safe from malware and criminals spreading it there are some real gold nuggets, as the German Federal Office for Information Security (BSI) has proved with a recent test.
The global expansion of cybercrime
McAfee released a new report which explores techniques in cybercrime as well as the global evolution of cyber exploits. It uncovers new details of “Operation High Roller,” tracks that mobile malware almost doubled the previous quarter’s total, and reveals an all-time high in database breaches.
Tips for staying safe this Cyber Monday
What should employees be mindful of to protect themselves AND the sensitive data on the corporate network while shopping online this Cyber Monday?
Adobe shutters forum site following breach and data leak
Adobe has confirmed that the records leaked on Tuesday by an Egyptian hackers were part of a database containing user information and login credentials for Connectusers.com, a forum site for users of its Adobe Connect Web conferencing platform.
Curiosity-piquing Twitter DM leads to double threat
A double threat has been aimed at Twitter users as Direct Messages carrying a Facebook link and the question "what on earth could you be doing in our movie?" are currently doing rounds.
Opera homepage spotted redirecting visitors to Blackhole kit
If you are an Opera user who hasn't changed the browser homepage or has visited Opera's Portal homepage (portal.opera.com) on Wednesday, you might want to check you computer for malware.
Windows 8 vulnerable to 15% of most popular malware
As users start to (very) slowly adopt the newly released Windows 8, researchers are intent on finding out whether the new OS version is more secure than the previous ones.
Companies collecting personal info face financial risks
The Edelman Privacy Risk Index reveals a lack of preparedness in managing the potential financial and reputational damage relating to the loss or misuse of personal information. Businesses, particularly at a senior level, are not reacting quickly enough to data and security risk.
PoC malware for remote hijacking of USB smart readers
Researchers from malware.lu, a Luxembourg-based malware analysis and incident response team, have created proof-of-concept malware that allows attackers to gain access to and remotely control users' USB smart card readers.
One in four users at risk due to outdated browsers
Nearly a quarter of users don't use the latest browser versions, and those using Mozilla Firefox are the slowest when it comes to updating, which leaves them open to all kinds of web-based attacks, Kaspersky Lab warns.
Blizzard sued over security concerns, "deceptive upselling"
Blizzard, the developer of popular online games such as World of Warcraft and Diablo, has been hit with a class action lawsuit claiming that the company engages in "deceptive upselling" by not making it clear to the customers buying the games that they will also be required to buy the Blizzard Authenticator in order to keep their Battle.net accounts safe.
12 scams of Christmas
The dozen most dangerous online scams to watch out for this holiday season as revealed by McAfee.
When will the public sector grasp basic lessons on information security?
It seems like we can’t get through a single month without a public sector body suffering a hefty fine over a data security blunder. Basic lessons on information security are simply not being headed.
Samsung Galaxy S3 found storing passwords in plain text
Samsung Galaxy S3, currently one of the most popular smartphones on the market, stores passwords in plain text. The culprit is actually Samsung's S-Memo app, and all the passwords stored in it can be accessed by anyone who has root access to the device.
Cyber-tension between nations fuels public desire for action
The UK public is growing increasingly concerned about national cyber security, following the number of high profile security incidents and malware discoveries reported this year. In a survey of 1,000 consumers, 65 percent of respondents stated that pre-emptive strikes on enemy states that pose a credible threat to national security are justified, and of those, 46 percent believe it depends on the level of threat posed.
Push notifications abuse hurts developers as well as users
Push notifications allow app developers to share news with their users, and are a great way of presenting new apps and features. Unfortunately, they are also a great nuisance when they are misused, bombarding users with unwanted and invasive content.
65% of organizations experience three DDoS attacks a year
Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape.
Skype fixes account hijacking vulnerability
Skype has temporarily disabled its password reset function while it was investigating reports about a vulnerability that has been misused to hijack users' accounts, but the function is now available again as they claim to have fixed the problem.
Testing proves advice on keeping computers safe is sound
Amid the often repeated advice about how to keep your computer and yourself safe from malware and criminals spreading it there are some real gold nuggets, as the German Federal Office for Information Security (BSI) has proved with a recent test.
The global expansion of cybercrime
McAfee released a new report which explores techniques in cybercrime as well as the global evolution of cyber exploits. It uncovers new details of “Operation High Roller,” tracks that mobile malware almost doubled the previous quarter’s total, and reveals an all-time high in database breaches.
Tips for staying safe this Cyber Monday
What should employees be mindful of to protect themselves AND the sensitive data on the corporate network while shopping online this Cyber Monday?
Adobe shutters forum site following breach and data leak
Adobe has confirmed that the records leaked on Tuesday by an Egyptian hackers were part of a database containing user information and login credentials for Connectusers.com, a forum site for users of its Adobe Connect Web conferencing platform.
Curiosity-piquing Twitter DM leads to double threat
A double threat has been aimed at Twitter users as Direct Messages carrying a Facebook link and the question "what on earth could you be doing in our movie?" are currently doing rounds.
Opera homepage spotted redirecting visitors to Blackhole kit
If you are an Opera user who hasn't changed the browser homepage or has visited Opera's Portal homepage (portal.opera.com) on Wednesday, you might want to check you computer for malware.
Windows 8 vulnerable to 15% of most popular malware
As users start to (very) slowly adopt the newly released Windows 8, researchers are intent on finding out whether the new OS version is more secure than the previous ones.
Companies collecting personal info face financial risks
The Edelman Privacy Risk Index reveals a lack of preparedness in managing the potential financial and reputational damage relating to the loss or misuse of personal information. Businesses, particularly at a senior level, are not reacting quickly enough to data and security risk.
PoC malware for remote hijacking of USB smart readers
Researchers from malware.lu, a Luxembourg-based malware analysis and incident response team, have created proof-of-concept malware that allows attackers to gain access to and remotely control users' USB smart card readers.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
