InfoSec News 2012-06-05

Posted by on Jun 5, 2012 in ISN | 0 comments

InfoSec News for Tuesday June 5, 2012.

  1. Attackers Hit Weak Spots in 2-Factor Authentication
    An attack late last week that compromised the personal and business Gmail accounts of Matthew Prince, chief executive of Web content delivery system CloudFlare, revealed a subtle but dangerous security flaw in the 2-factor authentication process used in Google Apps for business customers. Google has since fixed the glitch, but the incident offers a timely reminder that two-factor authentication schemes are only as secure as their weakest component.

    In a blog post on Friday, Prince wrote about a complicated attack in which miscreants were able to access a customer’s account on CloudFlare and change the customer’s DNS records. The attack succeeded, Prince said, in part because the perpetrators exploited a weakness in Google’s account recovery process to hijack his CloudFlare.com email address, which runs on Google Apps

  2. Flame Malware Prompts Microsoft Patch
    Microsoft has issued a security update to block an avenue of attack first seen in “Flame,” a sophisticated new malware strain that many experts believe was designed to steal data specifically from computers in Iran and the Middle East.

    According to Microsoft, Flame tries to blend in with legitimate Microsoft applications by cloaking itself with an older cryptography algorithm that Microsoft used to digitally sign programs.

  3. SwaggSec claims China Telecom data breach
    Hacktivists not happy with China ‘screwin with the Pentagon’: Hacktivist group SwaggSec is claiming the scalps of China Telecom and Warner Brothers after apparently taking advantage of poor security to infiltrate their networks and steal a sizeable booty of sensitive data.
  4. Researchers hide malware from Google Bouncer
    Nastyware makes it into Android Market: Googles Bouncer malware detection system might not be as strong as the Chocolate Factory hopes, with a pair of security researchers demonstrating flaws in the system.
  5. HP doubles down with dedupe speed record
    Boosted HP no longer needs Sepaton: HP reckons it can claim the dedupe speed king crown, ingesting at 100TB/hour and spitting it our at 40TB/hour, faster by far than the dedupe dominator, Data Domain.
  6. Facebook may be working to bring in users under 13
    Speculation is flying that Facebook executives may be developing technology that would enable kids under the age of 13 to join the site with parental supervision.
  7. Microsoft throws ‘kill switch’ on own certificates after Flame hijack
    Microsoft on Sunday revoked several of its own digital certificates after discovering that the makers of the Flame super-cyber spy kit figured out a way to sign their malware with the company’s digital “signature.”
  8. Imation Introduces RDX Media Secure With CyberSafe Pro Security Technology
  9. How security pros are handling data overload
  10. Veterans of Israels secretive Unit 8200 head many successful high-tech start-ups
  11. Flame malware wielded rare “collision” crypto attack against Microsoft
  12. Best Gore should be charged for hosting alleged Magnotta murder video: lawyer
  13. Researchers devise hack that sneaks Android malware into Google market
  14. Flame malware hijacks Windows Update to spread from PC to PC
  15. Microsoft Patches Digital Certificate Flaw Exploited by Flame
  16. Microsoft revokes certificates used in Flame malware
  17. Flame Hijacks Microsoft Update to Spread Malware Disguised As Legit Code
  18. Flame Malware Fascinates Antivirus Researchers, Conspiracy Theorists
  19. Iran-targeting Flame malware used huge network to steal blueprints
  20. Windows 8′s built-in antivirus will put third-party products first
  21. Flame Malware Registered in 85 Domains, Security Researchers Find
  22. Nike to launch personal training game for Microsoft Xbox
  23. Microsoft recalls certificates exploited by Flame malware
  24. Flame malware’s structure among most complex ever seen, says Kaspersky Lab
  25. Spy virus Flame got help from doctored Microsoft certificates
  26. Penn Station, Inc. And Its Franchisees Alert Customers Of Credit Card Security Issues
  27. ‘Flame’ Spread Via Rogue Microsoft Security Certificates
  28. Opinion: Cyberwar on your desktop
  29. UGNazi attack, compromised 4chan, CloudFlare
  30. Flame Attack ‘sought Iran data’
  31. 5 Flame Security Lessons For SMBs
  32. A Massive Web of Fake Identities and Websites Controlled Flame Malware