Welcome to our Weekly News Roundup. Read on to learn about the latest this week in the world of security, put together for you by our marketing team. Enjoy!
1. Android users potentially hit by malware attacks: Two possible Android attacks, one, according to Symantec, due to thirteen applications from three different developers that have been collecting data and performing tasks without the user’s knowledge (Millions Of Android Users Potentially Hit By New Malware Attack, by Oliver Haslam). Another is a bug unique to HTC smartphones that allows some applications to send the user’s Wi-FI network username, password, and SSID information to a remote server for collection (HTC Android phones allow apps to harvest users' Wi-Fi password by Zeljka Zorz).
As a footnote to this news - Google announced a new service on February 2nd, 2012 called “Bouncer” that would automatically scan Android apps for malware. Check out this post by Elinor Mills at CNET to learn more.
2. Government web applications contain the most vulnerabilities by the SC Magazine Staff (@scmagazineUK). After carrying out over 600 penetration tests on custom-built applications, Context Information Security found that UK government web applications contained the highest number of vulnerabilities. Interestingly here at Veracode we have also seen similar patterns in the US and we blogged about this earlier this year.
You can download the full State of Software Security, Volume 4 report here.
3. Twitter Censoring Tweets in Various Countries: Twitter Censorship Movie Sparks Backlash: Is It Justified? by David Kravets (@dmkravets). By announcing Thursday that it would exercise its ability to withhold content from users in a specific country, Twitter sparked a massive debate in which participants toyed with the ideas of a company abiding by the law, the responsibilities of the messenger, and freedom of speech.
4. The DMARC coalition bands together to stop phishing: Google, Facebook, and Others Join to Write New Email-Authentication Spec Called DMARC by Dennis Fisher (@DennisF). Google, Yahoo, AOL, Microsoft, and others have joined forces in order to develop a new framework for email. The new specification will be called the Domain-based Message Authentication, Reporting, and Compliance, and aims to stop phishing schemes and other email-borne attacks.
5. Committee in the UK pushing for cyber security education, awareness campaigns, secure public sites, and safety standards on software: Demand for safety kitemark on software stepped up by John Leyden (@regvulture). Political types on the Science and Technology Select Committee in the UK have called for the expansion of the Get Safe Online and similar campaigns, in order to dispel fears and encourage secure usage behaviors on the Internet. Perhaps the most significant of the demands is for, “safety standards on software sold within the EU, similar to those imposed on vehicle manufacturers.” Also be sure to check out the comments.
6. Finally, this weekend is home to Superbowl! The New England Patriots will be taking on the New York Giants this Sunday in Indianapolis, but what may not be as apparent as the fans, food, and commercials is the security. By utilizing defense contractor SAIC, an $18 million Regional Operation Center, a Mobile Command Center, and even gamma-ray scanners, this Superbowl will be the most technologically secure in history. Game On: Gamma Ray Scanners To Guard 'Most Technologically Secure' Super Bowl Ever by Christopher Brook (@threatpost)