A recap of the past week's IT security news features some big names as Google dealt with cyber-attackers, Citigroup announced a data breach and Adobe patched Flash.
RSA Security made waves this week when it offered to replace
for a certain subset of its customers in the wake of the
March data breach where attackers apparently stole intellectual property
relating to the company's two-factor authentication technology.
It claimed that attackers were interested in only a certain
segment of the industry, so only those companies would qualify for the
RSA admitted that defense contractor Lockheed Martin was
attacked using the stolen information from March. The problem is, the company
still wouldn't admit what was stolen, so customers are still left unsure of how
protected they are.
LulzSec and other hacking groups continued to have fun,
breaching various Sony sites, but LulzSec expanded its focus to other sites as
well, including Nintendo and a security organization with ties to the United
States Federal Bureau of Investigation.
Against the backdrop
of all these minor data breaches, financial giant Citigroup
sent shockwaves through the banking industry when it disclosed that
cyber-criminals had breached its customer Web portal in May and compromised
sensitive data belonging to about 210,000 customers. While credit card numbers
were exposed, the expiration dates and security codes were not. That breach
wasn't for fun, or -lulz.'
Technology professionals around the country descended on New
York City for Cloud Expo this week, and many of them were focused on security.
As more organizations move their services and applications to the cloud, they
are increasingly becoming worried about cloud
. Nowhere is that more evident as researchers uncover actual
systems in Amazon
serving up banking malware and people wonder how secure
Google continued investigating the attack on Gmail, alleged
to have originated in China. Needless to say, China vehemently denied all
allegations. In more positive security news, Google shelled out nearly $10,000
to developers through its bug bounty program for Google Chrome.
Oracle pushed out a fairly large update
6, addressing 17 vulnerabilities. They were all rated critical as
attackers could exploit them to remotely execute code, the company said. The
size of the update prompted many security researchers to start wondering
whether most end-users even needed Java, especially considering most Websites
nowadays use Flash to play video.
Not that Flash is any more secure, considering Adobe keeps
having to issue out-of-band
to close zero day vulnerabilities. The latest one allowed attackers
to inject code into the user's browser, such as in the settings of the victim's
Webmail accounts. An exploit in the wild was using this vulnerability to
compromise user email accounts without even needing a password.
Next week, Microsoft will roll out 16 security bulletins for
, but address "only" 34 vulnerabilities. While not as
monstrous as April, which had 64, the update is still expected to be pretty
extensive, addressing flaws in Microsoft Excel, all versions of Windows and all
supported versions of Internet Explorer, from IE 6 to IE 9.
On the same day, Adobe is also expected to release its
scheduled quarterly updates for Acrobat