Week in review: Staying safe on Cyber Monday, Skype fixes account hijacking vulnerability, Adobe admits breach
Posted on 19 November 2012.
Here's an overview of some of last week's most interesting news and articles:


One in four users at risk due to outdated browsers
Nearly a quarter of users don't use the latest browser versions, and those using Mozilla Firefox are the slowest when it comes to updating, which leaves them open to all kinds of web-based attacks, Kaspersky Lab warns.

Blizzard sued over security concerns, "deceptive upselling"
Blizzard, the developer of popular online games such as World of Warcraft and Diablo, has been hit with a class action lawsuit claiming that the company engages in "deceptive upselling" by not making it clear to the customers buying the games that they will also be required to buy the Blizzard Authenticator in order to keep their Battle.net accounts safe.

12 scams of Christmas
The dozen most dangerous online scams to watch out for this holiday season as revealed by McAfee.

When will the public sector grasp basic lessons on information security?
It seems like we can’t get through a single month without a public sector body suffering a hefty fine over a data security blunder. Basic lessons on information security are simply not being headed.

Samsung Galaxy S3 found storing passwords in plain text
Samsung Galaxy S3, currently one of the most popular smartphones on the market, stores passwords in plain text. The culprit is actually Samsung's S-Memo app, and all the passwords stored in it can be accessed by anyone who has root access to the device.

Cyber-tension between nations fuels public desire for action
The UK public is growing increasingly concerned about national cyber security, following the number of high profile security incidents and malware discoveries reported this year. In a survey of 1,000 consumers, 65 percent of respondents stated that pre-emptive strikes on enemy states that pose a credible threat to national security are justified, and of those, 46 percent believe it depends on the level of threat posed.

Push notifications abuse hurts developers as well as users
Push notifications allow app developers to share news with their users, and are a great way of presenting new apps and features. Unfortunately, they are also a great nuisance when they are misused, bombarding users with unwanted and invasive content.

65% of organizations experience three DDoS attacks a year
Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape.

Skype fixes account hijacking vulnerability
Skype has temporarily disabled its password reset function while it was investigating reports about a vulnerability that has been misused to hijack users' accounts, but the function is now available again as they claim to have fixed the problem.

Testing proves advice on keeping computers safe is sound
Amid the often repeated advice about how to keep your computer and yourself safe from malware and criminals spreading it there are some real gold nuggets, as the German Federal Office for Information Security (BSI) has proved with a recent test.

The global expansion of cybercrime
McAfee released a new report which explores techniques in cybercrime as well as the global evolution of cyber exploits. It uncovers new details of “Operation High Roller,” tracks that mobile malware almost doubled the previous quarter’s total, and reveals an all-time high in database breaches.

Tips for staying safe this Cyber Monday
What should employees be mindful of to protect themselves AND the sensitive data on the corporate network while shopping online this Cyber Monday?

Adobe shutters forum site following breach and data leak
Adobe has confirmed that the records leaked on Tuesday by an Egyptian hackers were part of a database containing user information and login credentials for Connectusers.com, a forum site for users of its Adobe Connect Web conferencing platform.

Curiosity-piquing Twitter DM leads to double threat
A double threat has been aimed at Twitter users as Direct Messages carrying a Facebook link and the question "what on earth could you be doing in our movie?" are currently doing rounds.

Opera homepage spotted redirecting visitors to Blackhole kit
If you are an Opera user who hasn't changed the browser homepage or has visited Opera's Portal homepage (portal.opera.com) on Wednesday, you might want to check you computer for malware.

Windows 8 vulnerable to 15% of most popular malware
As users start to (very) slowly adopt the newly released Windows 8, researchers are intent on finding out whether the new OS version is more secure than the previous ones.

Companies collecting personal info face financial risks
The Edelman Privacy Risk Index reveals a lack of preparedness in managing the potential financial and reputational damage relating to the loss or misuse of personal information. Businesses, particularly at a senior level, are not reacting quickly enough to data and security risk.

PoC malware for remote hijacking of USB smart readers
Researchers from malware.lu, a Luxembourg-based malware analysis and incident response team, have created proof-of-concept malware that allows attackers to gain access to and remotely control users' USB smart card readers.





Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //