Week in review: WordPress sites under attack, Android Trojan downloaded by millions, pass-thought s instead of passwords
Posted on 22 April 2013.
Bookmark and Share
Here's an overview of some of last week's most interesting news, videos and articles:


Real-world test of 21 antivirus products
AV-Comparatives have released results of their latest Real-World Protection Test. These show that in a real-world digital environment with ever-increasing malicious programs, keeping computers secure may prove to be a challenge not everybody is up to.

Employees admit to accessing or stealing private company information
In a survey of 1,000 employers by LogRhythm, 80 percent do not believe any of their workers would view or steal confidential information, while three quarters (75 percent) admitted to having no enforceable systems in place to prevent unauthorised access to company data by employees.

FAA and EASA say hijacking planes using an app is not possible
According to the latest statements released by both the organizations and by Honeywell and Rockwell Collins, companies that provide avionics, information technology systems and aerospace systems to aircraft manufacturers and whose simulation equipment Teso used in his research, the attack he described is not feasible.

A closer look at Hack In The Box 2013 Amsterdam
Here's a look at Hack In The Box 2013 Amsterdam, that took place at the Okura Hotel on April 10-11.

Set your Google account to be deleted after you die
Google has rolled out an interesting feature: the Inactive Account Manager.

WordPress sites targeted by mass brute-force attack
US-CERT has issued an alert regarding the ongoing massive brute-force attacks against WordPress sites, warning users and administrators to keep their installation always updated and to change the username and password for their WordPress accounts.

90% of game hacks and cracks contain malware
Computer and online gaming is big business for companies creating the games, but a considerable drain on the finances of gamers, so it should not come as a surprise that many of the latter decide against buying games and add-ons, choosing instead to download cracked games, keygens, patches and more from torrent or file-sharing sites. But that decision could cost them much more in the long run.

Pass-thoughts as a solution to the password problem
A group of researchers from University of California, Berkeley, claims to have achieved 99 percent accuracy when using brainwave signals instead of passwords for user authentication.

A guide to negotiating and assuring cloud services
There is a confusing jungle of advice on the risks of cloud computing and how to manage these risks. This guide provides the top tips to negotiating and assuring cloud services.

News of Boston Marathon bombings used to spread malware
Kaspersky Lab researchers are warning about spam emails offering nothing more than a simple link to a web page that contains URLs of non-malicious YouTube videos about the attacks.

Pirate Bay co-founder charged with hacking Swedish bank, agencies
Gottfrid Svartholm, one of the founders of The Pirate Bay, has been charged along with three other men with hacking into several Swedish agencies and firms and stealing (or attempting to steal) money from a number of Nordea bank accounts.

Average DDoS attack bandwidth up 718 percent
Early last year, a different type of DDoS attacker emerged: one with considerable botnet resources, but also an intimate understanding of how the Internet routing topology works. As a result, Prolexic detected a clear shift to high packet-per-second DDoS attacks specifically designed to overwhelm infrastructure elements such as routers.

Microsoft rolls out optional two-step authentication
The option can be used on any software and device users usually use to access their accounts.

Widely used routers easy to hack even by remote attackers
Security researchers from Independent Security Evaluators have tested thirteen widely used small office/home office routers and wireless access points, and have discovered that every single one of them has critical security vulnerabilities that allow local and remote attackers to take control of the device.

How financial institutions can overcome the cloud security barrier
In financial services, with the hundreds of complex regulations that apply to data, private cloud adoption is still more common than the public cloud to date. However, that is changing quickly.

Research reveals damage that privacy breaches can cause
A global study of consumer attitudes towards company stewardship of personal data conducted by the Economist Intelligence Unit shows that data breaches can cause major damage to the business of the companies affected.

New Android Trojan downloaded from Google Play by millions
The newly discovered malware family has been dubbed BadNews, and it's capable of harvesting and sending information about the device to its C&C server, send out fake news messages, and prompt users to install additional malicious applications such as the AlphaSMS premium rate SMS Trojan.

Sony Pictures LulzSec hacker sentenced
Kretsinger initially denied any involvement in the breach, but has subsequently pleaded guilty to the charges of conspiracy and unauthorized impairment of a protected computer raised against him.





Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //