This week’s (somewhat belated) Highlights are short and sweet with a quick review of the week’s top infosec topics.
An Internet worm dubbed “Morto” was found spreading in the wild via Windows Remote Desktop Protocol (RDP). The worm is the first of its kind capable of spreading via RDP and has so far impacted a few thousand servers. Although the worm is not particularly fast moving, its proliferation is troubling, because it demonstrates how many organizations are still falling short when it comes to cybersecurity education among staff. Instead of attempting to exploit vulnerabilities in the software, it relies on weak passwords. When a Remote Desktop server is found, the malware simply scans through a library of weak and common passwords in an attempt to login as the administrator.
In another high-profile attack, the official Linux Kernal Organization confirmed that hackers had broken into multiple servers used to maintain and distribute the Linux operating system. The systems were infected with the self-injecting rootkit Phalanx, which gained root access, modified system software, and logged passwords and transactions of users.
Apple experienced a bout of deja-vu this week when for the second time, an Apple employee left an unreleased iPhone in a San Francisco bar. Although the media has yet to get a hold of the lost device, the new iPhone5 was reportedly sold on Craigslist for $200 – a bargain price compared to the $5,000 cash reeled in last year for a misplaced iPhone4.
On a more optimistic note, the UK Information Commissioner’s Office (ICO) launched a research project in hopes of demonstrating the importance of information security education in primary and secondary schools. It’s a trailblazing effort that has the potential to spark an advance in cybersecurity education among youth, a hot topic Steven Fox covered in his last Security Connected blog.
And finally, I’d like to highlight one of our favorite Twitter interactions for the week – a topic that I’m sure has come up in more than one office discussion: Ever wondered how to correctly pronounce McAfee?
Thanks for tuning in, and be sure to follow @IntelSec_Biz on Twitter for regular updates on McAfee & infosec community news.