Week in review: Android spam-spreading botnet, highest profile software failures of 2012, and data center design innovations
Posted on 24 December 2012.
Bookmark and Share
Here's an overview of some of last week's most interesting news, interviews and articles:


Improving information security with one simple question
Anyone who has children, or has had to deal with very young children, will understand how powerful the word “why” is and how it can drive their curiosity. Those same three letters that drive many parents crazy were also the driving force for many of the early pioneers in information security.

Carberp-in-the-Mobile found on Google Play
Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile transaction authentication numbers (mTANs) sent by banks.

Reinvent your security approach
Tasked with ensuring the success of business-changing IT initiatives from mobile and BYOD to virtualization and cloud services, IT security is finding that existing security controls and processes create complexity instead of reducing risks.

Payment processor for scareware cybercrime ring jailed
A Swedish credit card payment processor was sentenced to 48 months in prison for his role in an international cybercrime ring that netted $71 million by infecting victims’ computers with scareware and selling rogue antivirus software.

Get ready for invited break-ins, malware-ridden apps and spoof attacks
AlienVault's Chief Hacking Officer Dominique Karg's top predictions for the coming months.

56 alleged members of card fraud ring arrested in Europe
During the successful operation, the key suspects involved in the organized crime group were arrested and an illegal payment card factory, in Plovdiv, Bulgaria, was raided.

Who has access to your network and data?
GFI Software released guidelines for businesses ahead of the end of year holiday period, traditionally a time when many office-based businesses close for the festive season, leaving IT departments unmanned and key IT systems at heightened risk of hacking and denial of service attacks, malware infections and unauthorized access.

Scarlett Johansson hacker gets 10 years in prison
36-year-old Florida resident Christopher Chaney has been sentenced to 10 years in prison and to pay $66,000 restitution for having hacked the email accounts of Scarlett Johansson, Mila Kunis and many other celebrities.

Java apps can now be prevented from running in the browser
Oracle has released the newest version of its Java SE Development Kit (JDK 7u10), and apart from patching a few bugs, it has also introduced a couple of welcome changes that should make the hundreds of millions Java installations worldwide a little less dangerous for the users.

Android botnet spreads SMS spam
Lookout has named the Trojan SpamSoldier, and warns that it has the potential to make a big impact at a network level as a single prolonged infection could result in thousands of SMS spam messages.

Exploring data center design innovations
Douglas Alger is Cisco’s IT Architect for Physical Infrastructure. He develops architecture roadmaps, solutions and policies for the physical infrastructure of the company’s data centers and other critical facilities around the world. He has participated in more than 80 major data center projects, from all-new construction to substantially retrofitting existing facilities. In this interview Alger discusses modern data center innovations, the evolution of the data center in the past decade, his latest book - The Art of the Data Center, offers a variety of tips and insight into the future of data center design.

2013: The year of cyber war or just cyber panic?
At the end of the year experts at G Data SecurityLabs are taking a moment to look both back and forward at IT security, attacks and cyber crime.

Bans fail to prevent data leakage
According to the 1,300 respondents to a survey conducted by storage firm Nasuni, one in five employees is using Dropbox. What is more worrying is that 49 percent of users ignore corporate policies and use the service regardless.

Highest profile software failures of 2012
SQS compiled a list of the worst software failures over the past 12 months. This year’s annual survey is based on major software failures throughout 2012 and highlights the continuing problems faced by the financial and banking sector, which have dominated the software glitch top ten lists over the past three years.

Apache malware targeting online banking
Analysis of a malicious Apache module, detected by ESET as Linux/Chapro.A, found that the world's most widely used web server, Apache, is being used to carry out these attacks, injecting malicious content into web pages served by an infected Linux server, without the knowledge of the website owner.

Online reputation management tips
AVG announces twelve tips for individuals to safeguard their reputations while engaging in heightened e-commerce and social media activities during the holidays.

Exploits, security threats and hacks will mutate in 2013
The New Year – and beyond – will be a time of highly adaptive security threats, with four main strands - cyber-criminals, cyber-terrorists, political hacktivists and rogue employees – conspiring to create severe headaches for IT security professionals in all classes of public and private sector industries.

Will the Sweet Orange exploit kit dethrone Blackhole?
There's a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity. Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE and Firefox vulnerabilities, and is regularly updated.

Ten tips for mobile security
Malware can be harmful to mobile devices and the information contained by a smart phone or tablet can easily get into the wrong hands. As a result, Stonesoft has provided 10 tips to ensure the secure use of mobile devices.

Sudoku puzzle generating spreadsheet carries malware
The attack begins with the delivery of a Excel based Sudoku generator spreadsheet or a link to it. Once the victims download the file, they are urged to enable macros in Office Documents and given instructions on how to do it.





Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //