Fallout from the Global Payments fiasco that could affect potentially millions of credit cardholders continues. First, Visa over the weekend dropped the Atlanta-based credit card processor from its ranks as a partner "compliant" in accepted industry data security standards.
Meanwhile, Global Payments said that cardholders' names, addresses and Social Security numbers were not obtained by hackers. The company says that only what’s known as Track 2 data (relating to the magnetic strip on the back of the card) was stolen--that is, the credit card numbers and their expiration dates.
"Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained," Global Partners added.
Another week, another announcement of new mobile malware found infecting Android phones. The new bug this week is DKFBootKit, a nasty bit of work that can come packaged inside seemingly legitimate applications--much like most of the other mobile malware we've seen thus far. What sets DKFBootKit apart from malware like DroidDream, is that DKFBootKit replaces certain boot processes and can begin running even before the system is completely booted up.
The malware was discovered by the NQ Mobile Security Research Center in collaboration with cyber security expert Dr. Xuxian Jiang. The researchers found that, though the malware can be placed in pretty much any app, it is usually found in apps that ask for root permissions. Once it gains access to the root system, DKFBootKit will begin to wreak havoc on system stability and phone home to a remote server in order to gain further commands.
You can better your chances of not getting infected by only downloading apps from trusted sources: Don't download pirated apps, and stay off of foreign app stores. For more advice on how to avoid getting your smartphone infected, check out my tips for a malware-free smartphone. Make smart choices, and you should remain malware free.
Google on Wednesday released Chrome 18 to its Stable channel complete with several new features and fixes for nine security vulnerabilities.
Officially named version18.0.1025.142, the new version of Google's open source browser offers improved graphics performance on both new and older hardware as well as closing numerous security holes, including three high-severity ones.
“Today’s web brings beautiful, rich experiences right into your browser,” wrote Vangelis Kokkevis, Google's “Chrome Graphics Olympian,” in a blog post on Wednesday announcing the new release. “With Chrome’s most recent Stable channel release, we’ve sped up graphics and drawing performance for users on capable hardware, and enabled fancier 3D content for other users on older computers.”
When Microsoft released its March 2012 Patch Tuesday security bulletins last week, security experts were unanimous that MS12-020 needed to be patched urgently. A few days later, the threat got even more real when proof-of-concept (PoC) exploit code was discovered online. Patching MS12-020 is no longer just urgent, it’s imperative.
The MS12-020 security bulletin addresses flaws in Microsoft RDP (Remote Desktop Protocol) that could be used in remote attacks. Because RDP generally doesn’t require additional network credentials, and it’s typically used by IT admins as a way to remotely manage servers the vulnerabilities pose an even greater risk.
Andrew Storms, Director of Security Operations for nCircle, stressed, “Patch this one immediately, if not sooner.”
Pinterest has exploded onto the social networking scene as the new hot thing to use. Beware what you click on or "pin," though. The skyrocketing popularity of the site isn’t lost on cybercriminals, and the very nature of the site makes it ripe for exploitation by online scammers.
At the root of the issue is that Pinterest is built on a behavior that is generally frowned upon from a security perspective--clicking on things around the web. Users pin linked images to virtual corkboards, and followers click on the images and links to see what all the fuss is about, and perhaps re-pin it to their own Pinterest boards.
So, what happens when someone inserts an image that's already linked to a malicious script or site? According to Symantec, survey scammers have discovered the wonder of Pinterest, and have begun to take advantage of it.
Microsoft released six new security bulletins today for the March 2012 Patch Tuesday. Six is a very reasonable number--far short of some of the overwhelming barrages typical of many 2011 Patch Tuesdays. But, one of the six is a dangerous flaw in RDP (Remote Desktop Protocol) that evokes post-traumatic stress flashbacks to the CodeRed, Nimda, and SQL Slammer days.
The other five include one Moderate and four Important security bulletins. They address issues in things like DNS, Windows kernel-mode drivers, and Visual Studio. Admins are free to follow normal patch operating procedure when it comes to assessing and deploying these fixes. But, when it comes to the one Critical update--MS12-020--security experts say you can’t patch fast enough.
I spoke with Qualys CTO Wolfgang Kandek, and Director of Vulnerability Labs Amol Sawarte. Both stressed that the RDP flaws revealed in MS12-020 are very dangerous. RDP allows remote access to systems--often to servers so admins can manage them remotely--and an exploit would not even require network credentials.
For security researchers, there's never a dull moment; online criminals constantly find new security holes to exploit, and new ways to get at your personal data. At this year's RSA security conference in San Francisco, I got to speak with representatives from several companies about what to expect in the coming months. Here are some of the dangerous new malware trends to watch for in 2012.
SSL Not So Safe? When you see the padlock icon in your browser's toolbar, you might think that your data is safe, but hackers have found ways to get at your information before you send it securely on the internet.
These new forms of malware can identify when you've visited sites protected with SSL--the encryption technology used to keep data safe from prying eyes as it travels across the Internet--and it can grab your username and password before the encryption kicks in. In addition, these sorts of attacks, according to security software maker Webroot, will ignore all Web traffic except encrypted sites to filter out information that it isn't interested in.