Week in review: CISPA, AP Twitter account hijacking and real-world consequences
Posted on 29 April 2013.
Here's an overview of some of last week's most interesting news, reviews and articles:


World's largest bitcoin exchange under DDoS attack
Mt.Gox, the world's largest bitcoin exchange, has been downed by what appears to be a "strong DDoS attack".

The fight for users' right to know what companies do with their data
CISPA's progress through the two houses of the U.S. Congress is and will be the major topic for discussion for privacy-minded individuals in the U.S. and around the world. Still, prospective bills focusing on user privacy are currently in the process of being introduced and voted on.

108,000+ account details of Sims players leaked
NewSeaSims, a website where Sims players can download custom content for their characters, has suffered a breach which resulted in the compromise of registered users' email addresses, username and passwords.

The age of information highway robbery
The practice of cyber-extortion is common; not only in the online gambling/gaming market, but in other sectors where downtime and reputational damage costs escalate to exceed the modest ransom amount.

Financial malware hijacking Twitter accounts
The spamming campaign is currently targeting Dutch users, but it's likely to spread widely. The messages that lure users to the sites serving the malware are a collection of true and false news and claims concerning a number of well-known Dutch and other famous individuals.

Wireless hack attacks target critical infrastructure
Critical infrastructure control systems are at risk from wireless attacks carried out over Software Defined Radio (SDR), according to Digital Assurance.

Reuters fires social media editor accused of collaborating with Anonymous
Matthew Keys, the former web producer for a Tribune Company-owned television station that was recently charged with providing Anonymous with log-in credentials for a computer server belonging to the company, has been fired from his job as a social media editor for Reuters.

Exploit for recently patched Java flaw added to CrimeBoss exploit kit
If you are still using Java, you insist on updating in manually and you haven't gotten around to installing the latest Critical Patch Update released a week ago, you are advised to do it now, as an exploit for one of the vulnerabilities it patched has been incorporated into a popular exploit kit and is being actively used in the wild.

Reddit was downed by record DDoS attack, motive is unknown
In order to relieve the curiosity of the huge Reddit community, systems administrator Jason Harvey has shared some details about the DDoS attack that recently hit the popular social news site and caused it to go down for a period of 50 minutes.

Cloud storage and sharing with MediaFire
After trying several popular cloud backup services and getting disappointed by most, our Editor-in-Chief was pleasantly surprised by MediaFire, one of the few services that actually made him take a closer look.

Remote users expose companies to cybercrime
Results of new remote access security research show half of companies with a remote workforce had their websites compromised in 2012, over a third had passwords hacked, and twice as many companies with remote users were victims of SQL injection attacks.

Hijacked AP Twitter account spreads fake news, fells Dow Jones
The tweet claimed that there had been two explosions in the White House and that U.S. President Barack Obama had been injured.

UK govt gives money to SMEs for improving their cyber security
The 2013 Information Security Breaches Survey has shown that 87 per cent of small businesses across all sectors experienced a breach in the last year. This is up more than 10 per cent and cost small businesses up to 6 per cent of their turnover, when they could protect themselves for far less.

Dutch DigiD e-signature system under DDoS attack
DigiD, the identity management platform that allows Dutch citizens to digitally sign bills, pay taxes, and more, has been unavailable since Tuesday evening due to a DDoS attack.

Two-step authentication for Twitter accounts coming soon
Both users and infosec pros are clamoring for the microblogging service to implement two-step authentication and, according to Wired, the moment is very close, as they already have a working solution that is in the last phases of internal testing.

Travelers to Israel can get their emails searched on entry
Travelers who enter Israel via the international Ben-Gurion Airport, especially those who aren't Israeli citizens, can be asked by Shin Bet (the country's security agency) officers to provide access to their email accounts in order to be allowed to enter the country.

Hosted virtual desktops can increase security
Properly implemented HVDs can increase security, and help organizations and infrastructure leaders meet compliance requirements. However, before assuming HVD is the right answer to all security and compliance concerns, security professionals need to consider the alternatives available.

U.S. government doesn't need CISPA to monitor communications
Documents obtained by EPIC through a Freedom of Information Act lawsuit has proved that even without a law such as CISPA, the NSA, the Defense Department and the Department of Homeland Security have found a way to get the information they needed from ISPs and other private sector businesses.

U.S. judge says FBI can't hack crime suspect's computer
A judge of the U.S. District Court for the Southern District of Texas has denied FBI's petition to install spying software on and using the built-in camera of an unidentified suspect's computer in order to discover his or her identity and gather evidence of the crime from the computer's hard drive, memory and storage.

CISPA is (practically) dead, says Senate representative
There's finally some good news for CISPA opponents: according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation, the Senate is unlikely to pass the controversial act.





Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //