Week in review: IE 0-day and fake SSL certificates exploited in the wild, Bitcoin exchanges suspend withdrawals

Here’s an overview of some of last week’s most interesting news and articles:

Account details of 27,000 Barclays customers stolen, sold to brokers
(In)famous UK-based multinational bank Barclays has been hit this Friday with claims that someone has stolen personal and financial information of some 27,000 of its customers and has been selling it to City traders.

Sochi security forbids journalists to use private Wi-Fi
The Winter Olympics in Sochi are under way, and we have already written about the cyber risks awaiting visitors and viewers. But what about the ones awaiting the visiting media representatives?

Tips for handling your first security breach
Getting breached does not determine whether or not you have a good security program in place, rather how you respond to one does. Before you begin to stress out about how to keep your head (and your job) intact when the worse case scenario happens, here are the top five tips for handling an organization’s first security breach.

Free eBook: Understanding Big Data
A solid information integration and governance program should include automated discovery, profiling and understanding of diverse datasets to provide context and enable employees to make informed decisions.

DDoS attack toolkit simplifies the launch of large reflection attacks
Prolexic Technologies issued a high alert DDoS attack threat advisory on the DNS Flooder v1.1 toolkit. The toolkit makes it faster and easier for malicious actors to launch crippling reflection attacks and will likely be widely adopted in the DDoS-as-a-Service market, potentially increasing the number of attacks.

Microsoft introduces multifactor authentication for all Office 365 users
In a praiseworthy move, Microsoft has extended the multifactor authentication option to all users of Office 365, its popular subscription-based online office software suite.

Sophisticated cyber-espionage tool uncovered
Kaspersky Lab discovered “The Mask” (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007.

Beware of Trojanized Flappy Bird game
Trojanized versions of Flappy Bird, the mega-popular iPhone and Android game that has recently been pulled from Google Play and Apple’s App Store by its creator, have begun popping up on third-party Android markets.

Google offers five grants to women in security to attend HITB2014AMS
hese grants include a VIP ticket to the conference on the 29th and 30th of May, an exclusive invite to the HITBSecConf Speakers Reception on the 28th, an invite to the Girl Geek Dinner Amsterdam on the 29th and an invite to the HITB Post Conference Reception sponsored by Microsoft on the evening of the 30th. Winners of the grant will also receive up to 1000 EUR towards travel costs (to be paid after the conference).

400Gbps NTP-based DDoS attack hits Cloudflare
Matthew Prince, CEO of content delivery network Cloudflare, has confirmed on Twitter on Monday that one of its customers was being targeted with a very big Network Time Protocol (NTP) reflection attack – “bigger that the Spamhaus attack from last year.”

Absolute Computrace anti-theft software can be remotely hijacked
Kaspersky Lab’s security research team published a report confirming and demonstrating that the weak implementation of anti-theft software marketed by Absolute Software can turn a useful defensive utility into a powerful utility for cyberattackers.

HP says server security and safety updates will remain free
The news that starting on February 19, HP will provide firmware updates for its servers only to customers with a valid warranty, Care Pack Service or support agreement, has hit like a ton of bricks those who haven’t and don’t intend to pay for the service.

Hit with DoS, several Bitcoin exchanges suspend withdrawals
As popular Bitcoin exchanges continue to be bombarded with malformed transactions, a lot of them have decided to temporarily prevent its customers to withdraw their funds.

Mac Bitcoin-stealing Trojan lurks on download sites and GitHub
CoinThief, the recently discovered Bitcoin-stealing Trojan that targets Mac users, has been spotted being offered on several download websites such as CNET’s Download.com and MacUpdate.com, as well as masquerading as precompiled binaries in several GitHub projects.

Doing more to protect your DNS from DDoS
It’s clear then that DNS-based DDoS attacks are a growing threat, and one that’s being neglected by businesses when DNS security should really be seen as a priority because of the increasing risks. But how exactly do these attacks work? And what can businesses do to protect against them?

Linksys home routers targeted and compromised in active campaign
A yet undetermined vulnerability affecting certain Linksys WiFi routers is being actively and massively exploited in the wild to infect the devices with a worm dubbed “TheMoon”, warns SANS senior instructor and ISC researcher Johannes Ullrich.

Fake SSL certificates used to impersonate Facebook, Google, banks
Analysts with UK-based Internet research firm Netcraft have discovered a considerable number of fake SSL certificates in the wild, created to impersonate banks, social networks, payment and ecommerce providers, and so on.

Thousands of FTP sites compromised to serve malware and scams
Some 7,000 FTP sites and servers have been compromised to serve malware, and its administrators are usually none the wiser, claim Hold Security researchers.

Security vulnerability in the Duo WordPress two-factor authentication plugin
During an internal assessment, Duo Security found a vulnerability in their popular WordPress two-factor authentication plugin that completely bypasses the security measures provided by it.

Most organizations are unable to resolve a cyber attack
The lack of incident detection and investigation puts companies and their CISOs’ jobs at significant risk, according to a new Ponemon Institute study. In fact, when a CEO and Board of Directors asks a security team for a briefing immediately following an incident, 65% of respondents believe that the briefing would be purposefully modified, filtered or watered down.

IE 0-day used in watering hole attack tied to previous campaigns
An Internet Explorer zero-day vulnerability (CVE-2014-0322) is actively exploited in the wild in a watering-hole attack targeting visitors to the official website of the U.S. Veterans of Foreign Wars, FireEye researchers warned on Thursday.

Silk Road 2.0 allegedly hacked, user funds stolen
The second incarnation of the (in)famous Silk Road underground market has been hacked, claims one of its moderators who goes by the online handle “Defcon”, and an estimated 4,400+ Bitcoins (currently worth between $2 and $3 million) that the market kept in a central escrow service have been pilfered by attackers.