Cybersecurity News Roundup: Sophos IDs Its Own Antivirus Software as Malware

It doesn’t get much more embarrassing for a security company than this: An update to Sophos’s antivirus software for Windows detected parts of its own software as malicious code. Once detected the software then disabled and/or deleted sections of the company’s Endpoint security suite, including its ability to auto-update and thus repair itself.

The company tried to play it cool on its website:

“Some Sophos customers have reported detections today of Shh/Updater-B. Many of these reports involve detections of Sophos’s own code, but there are a number of third-party applications which are also being identified. Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologizes for any inconvenience.”

However, a commenter at SlashDot reported, “For many hours on the 19th, Sophos technical call centers were so busy customers were unable to even get through to wait on hold for assistance. Today thousands of enterprise customers remain crippled and unable to update their security software.”

Sophos says an investigation is underway. OOOOOOOOOOOOOOOOOOOOOOPS.

Absurd Quote of the Week: “Huawei has not and will not jeopardize our global commercial success nor the integrity of our customers’ networks for any third party or government – ever,” Huawei Senior Vice President Charles Ding during a House Intelligence Committee hearing. Mr. Ding later said he knows of some water-front property in Arizona, if anyone was interested.

Funny Story of the Week: How to Fake Network Security Monitoring (InfoSec)

Other Notable IT Security Stories from the Past Week:

• Microsoft issues stopgap fix for IE 0-day flaw: (KrebsOnSecurity) Microsoft today released a stopgap fix for a critical security flaw in most versions of Internet Explorer that hackers exploited to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21.
• Cyberwar on Iran more sophisticated than first thought, say researchers: (Guardian UK) A study of the Flame malware used in the Middle East and north Africa reveals its programmers probably had national backing.
• Japan confirms cyberattacks over island dispute: (ZDNet) At least 19 Japanese websites were hit by cyberattacks, reportedly from China, over the two countries’ territorial dispute involving islands in East China Sea, according to Japan’s National Police Association.
• New espionage campaign tied to RSA breach, GhostNet attacks: (SC Magazine) Dell SecureWorks researchers believe recent attacks targeting oil and energy companies in various countries are connected to the cyber criminals behind RSA’s breach and the GhostNet espionage campaign.
• Flaw in oracle logon protocol leads to easy password cracking: (ThreatPost) There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable remote attackers to brute-force tokens provided by the server prior to authentication to determine a user passwords.
• Over 9 million PCs infected – ZeroAccess botnet uncovered: (NakedSecurity) ZeroAccess is a widespread malware threat that has plagued individuals and enterprises for years. It has evolved over time to cater to new architectures and new versions of Windows.
• Phone numbers are enough to access user accounts on some mobile operator portals: (NetworkWorld) Attackers could impersonate legitimate mobile users on the Web portals many mobile operators use to sell content and services to their customers because of a security flaw in the sites, according to Bogdan Alecu, an independent security researcher from Romania.
• Android NFC hack lets travelers ride US subways for free: (NetworkWorld) Contactless fare cards for the New Jersey and San Francisco transit systems can be manipulated using an Android application, enabling travelers to reset their card balance and travel for free, researchers demonstrated on Thursday during the EUSecWest security conference in Amsterdam.
• FBI says cybercriminals shift focus to bank employees: (CSOOnline) The preferred target in the financial industry is moving from the bank customer to the employee. That is according to the FBI, which issued a warning earlier this week that the latest trend by cybercriminals is to get employee login credentials, using spam and phishing e-mails, keystroke loggers and Remote Access Trojans (RAT).
• Cyberspying effort drops ‘Mirage’ on energy firms: (CNET) The Mirage malware targets individuals at organizations in the Philippines, Taiwan, Canada and elsewhere via “spear-phishing” e-mails bearing tainted PDF files.
• ID theft service tied to payday loan sites: (KrebsOnSecurity) A website that sells Social Security numbers, bank account information and other sensitive data on millions of Americans appears to be getting at least some of its records from a network of hacked or complicit payday loan sites.
• Phonetic attack commands crash bank phone lines: (SC Magazine) A security researcher demonstrated a series of attacks capable of disabling touch-tone and voice-activated phone systems and forcing them to disclose sensitive information.

From the Damning With Faint Praise Dept.: TrustGo Says Google Play is Fifth Safest App Market

From the Quis custodiet ipsos custodies Dept.: Police in Prince George’s County, MD, installed cameras to watch the cameras used to catch speeding drivers. Some people–presumably people caught speeding–have taken to destroying the traffic enforcement cameras. Now they have another target as well.