Week in review: Data broker databases breached, Apple Touch ID hack, and possible solution to click fraud problem
Posted on 30 September 2013.
Here's an overview of some of last week's most interesting news, reviews and articles:


IE 0-day attack reports push ISC to raise official threat level
FireEye researchers have managed to shed some light on the in-the-wild attacks leveraging the latest discovered Internet Explorer zero-day vulnerability (CVE-2013-3893), and have tracked it back to the Chinese hacking group that hit Bit9 earlier this year.

Free guide to iOS 7
The new version of iOS marks a notable improvement over the last in terms of aesthetics and features, and this guide should get you up to speed with the changes and additions to what Apple calls the world’s most powerful mobile OS.

Investigating the security of the Firefox OS
Firefox OS is Mozilla’s foray into the mobile operating system field and promises a more adaptive mobile OS. But as mobile threats, in particular in the Android platform, has gained momentum, the question in everyone’s mind is – how safe is it?

Major increase in Filecoder malware
The ESET HQ malware research lab is reporting an unusual spike in the actvity of Filecoder malware - Trojans that encrypt user files and try to extort a ransom from the victim in exchange for a decrypting software.

Widespread disregard for corporate cloud policies
While most business professionals are worried about the security of cloud-based applications, they are not deterred from using them to store their personal and professional data, and they are not losing sleep over their data and information, according to a recent survey from SafeNet Labs.

Attackers sharpen skills: What that really means for CISOs
For CISOs, it’s no surprise that tried and true attack tactics can cause the most damage to an enterprise. However, the latest IBM X-Force report also recognizes that attackers are improving their skills, which allows them to increase their return on exploitation.

Reactions from the security community to iOS 7
Apple released iOS 7, featuring a completely redesigned user interface, hundreds of new features and Touch ID, a fingerprint identity sensor. Here are some comments that Help Net Security received from a variety of security professionals.

Yahoo ID recycling scheme is potential security minefield
Yahoo's recently announced email account / Yahoo ID recycling scheme was meant to free up inactive (and attractive) accounts so that they can be snapped up by another user. But while the idea initially had been thought by company executives as good move, the reality has proven to be harsher.

Data broker databases breached, stolen info used by ID theft service
Stolen users information is regularly sold and bought online by cyber crooks and attackers, and many services have sprung up to meet the demand for information that can be used to compromise online accounts and facilitate identity theft. Among them is SSNDOB, which has been around for at least two years and has been used by some 1,300 customers to look up personal data and financial data - including Social Service numbers and date of birth - of millions of US citizens.

Apple Touch ID hack was easier than expected
It has been confirmed: Starbug of the German Chaos Computer Club has received the crowd-sourced prize for hacking Apple's Touch ID security feature.

1Password: Manage passwords or die trying
While it is available for other platforms, 1Password is probably the most popular password manager for the Mac. It also integrates into your browser to make website logins easier, and it enables you to effortlessly generate strong passwords. It may be well-known, but is it worth using? Read on to find out.

Phishing and malicious attachments on the increase
Spam volume has dropped in August, but with the level of phishing increasing tenfold and malicious attachments being found in 3.4 percent more emails when compared with July, spam has obviously became much more dangerous.

Amateur hacker behind DDoS attack on China?
When, in late August, China's Domain Name Service was targeted by a huge DDoS attack which ultimately lead to many websites being completely inaccessible for a period of time, the questions everybody wanted answered were: who did it, and why?

Icefog cyber espionage campaign exposed
Kaspersky Lab’s security research team discovered Icefog, a small yet energetic Advanced Persistent Threat (APT) group that focuses on targets in South Korea and Japan, hitting the supply chain for Western companies.

NSA letter reveals details of NSA analysts spying on their lovers
Details of twelve recorded cases since 2003 in which analysts misused US intelligence agencies' surveillance capabilities to spy on their love interest or other not authorized subjects have been revealed by NSA inspector General Dr. George Ellard.

US intelligence heads speak for FISA preservation
Two opposite forces have clashed in Thursday's open hearing by the US Senate Intelligence Committee on the subject of potential legislative changes to the Foreign Intelligence Surveillance Act.

Cybercriminals exploit most news within 22 hours
Cybercriminals continue to respond with lightning speed when they see an opportunity to exploit a national or global news story to spread malware. In fact criminals are inventing "breaking news" that appears to relate to high-profile current events.

Researchers may have solved the click fraud problem
Click fraud is a considerable drain on the finances of both advertiser and ad networks, but a group of researchers believed that they have managed to create a simple solution that is able to detect all the currently most used click-spam schemes.

Tor-using Mevade botnet is stealthy new version of old threat
The Mevade Trojan and botnet have gained unexpected notoriety when it turned out that the majority of the recent, sudden and massive uptick in Tor users was the result of it adding Tor as a method of communication between the bots and the C&C servers.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //