|
Security Headlines
Back
April 30, 2007
Corporate brand hijacking common on Web: report (Reuters)
Corporate brands face multi-pronged assaults from fraudulent online
attackers, according to a report published on Monday that quantifies the
scope of the most common threats.
_____________________________________________________________________________________ April 27, 2007
Vista Security (PC World)
Though Windows Vista may be safer than XP, Microsoft's far-from-impregnable
new operating system is already proving to be vulnerable.
Anti-Spam Company Files Billion Dollar Spam Lawsuit (Information Week)
Unspam Technologies is seeking damages on behalf of the members
of Project Honey Pot, based on the CAN
Analysis: Enterprise Key Management (Network Computing)
If you don't manage encryption--and the keys that it
generates--wisely, data will eventually be lost or compromised. We discuss
how to keep keys manageable and safe now, and discuss what to look for in an
enterprise key management system.
_____________________________________________________________________________________
April 26, 2007
'Critical' Apple QuickTime Bug Affects iPod Users (Information Week)
The flaw affects all Java-enabled browsers, including Microsoft's
Internet Explorer, Mozilla's Firefox and Apple's Safari.
Flaw in Adobe Photoshop could compromise systems (SC Magazine)
A popular Adobe image-editing program contains a major vulnerability for
which public exploit code is available, researchers said today.
_____________________________________________________________________________________
April 25, 2007
QuickTime flaw found at CanSecWest also affects Internet Explorer on Vista
(SC Magazine)
Researchers at TippingPoint said today that the vulnerability
exploited last week to hack into a MacBook Pro at CanSecWest also affects
Microsoft's Internet Explorer browser on the Windows Vista operating system.
5 Cheap But Effective Tips To Improve Security (Information Week)
Periodically check for rogue wireless access points, plus four other simple,
yet inexpensive, improvements you can implement to boost the security of
your enterprise.
Neiman Marcus Workers Face Security Breach (NBC)
Upscale retailer Neiman Marcus is facing a security breach of its
own. A computer containing information on employees was stolen. Files on the
laptop contained personal information on roughly 160,000 current and former
employees.
_____________________________________________________________________________________
April 24, 2007
Endpoint Security: 6 Questions To Ask Before You Buy (Information Week)
Here's a roadmap, suggestions on price points, and a guide on what
you need to assess before you purchase any endpoint security product for
your enterprise.
_____________________________________________________________________________________
April 23, 2007
Update: Hacker breaks into Mac at security conference (PC World)
hacker managed to break into a Mac and win a US$10,000 prize as part
of a contest started at the CanSecWest security conference in Vancouver.
Oracle Ships Delayed Patch (PC World)
An addendum to the database's quarterly update fixes a flaw on Windows
systems. April 20, 2007
Surveillance video tapes man stealing server with confidential data (KSBY)
SAN FRANCISCO Police are hoping a surveillance video will help them
catch the thief who stole a computer server containing confidential
information...
_____________________________________________________________________________________
April 19, 2007
Apple Updates for Multiple Vulnerabilities (US-CERT)
Apple has released Security Update 2007-004 to correct multiple
vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most
serious of these vulnerabilities may allow a remote attacker to execute
arbitrary code. Attackers may take advantage of the less serious
vulnerabilities to bypass security restrictions or cause a
denial of service.
E-mail Alerts May not be Best Bet in an Emergency (PC World)
In an emergency, is an e-mail message enough to notify people of what's
happening so they can take shelter, evacuate or take other evasive action?
_____________________________________________________________________________________
April 18, 2007
Government Network Hacker Intrusions Investigated (PC World)
A House subcommittee will hear testimony about the extent to which
federal networks and critical infrastructure have been compromised by
foreign hackers.
Two cautioned over wireless Internet "piggy-backing" (Reuters)
Two people have been arrested and cautioned for using someone else's
wireless Internet connection without permission, known as "piggy-backing",
British police said on Wednesday.
_____________________________________________________________________________________
April 17, 2007
Oracle releases 36 patches (SC Magazine)
Oracle today released fixes for 36 vulnerabilities, marking one of
the smallest patch updates since the database giant began issuing quarterly
distributions more than two years ago.
New Wave of Net Insecurity? (PC World)
The rapid takeoff of the so-called Storm worm likely represents the
beginning of a major blast of illegal activity.
Questions Surround Virgina Tech Security, In Wake Of Shooting Rampage
(Information Week)
The gunman who killed 32 people at Virginia Tech university was an Asian
male who was a student at the university and a dormitory resident,
university president Charles Steger told CNN Tuesday.
_____________________________________________________________________________________
April 16, 2007
Microsoft Warns of New DNS Exploits (NewsFactor)
In what has become a string of vulnerabilities in recent weeks,
Microsoft has confirmed limited, targeted attacks against its Windows Server
Domain Name System (DNS) service.
Microsoft: Critical security bug in Windows Server DNS Service (SC Magazine)
Microsoft issued a security advisory on Thusday night about targeted attacks
exploiting a vulnerability in the Windows Server DNS Service.
Web 2.0 Arrives to Find Web 3.0 Underway (Information Week)
TopQuadrant and Franz to announce development of semantic Web
technology that aims to make computers smarter. April 13, 2007
Federal agencies earn C- on FISMA report card (SC Magazine)
Agencies within the federal government scored an average grade of C- in this
year's annual information security scorecard report.
New Storm Worm Outbreak Blasting The Internet (Information Week)
The latest variant is dangerous because it's encrypted to hide from
antivirus programs and uses a hard-to-squash peer-to-peer network.
_____________________________________________________________________________________
April 12, 2007
Course to focus on hacking (Courier-Post)
Local students of Internet security will be trained to fend off cyber
attacks like the ones that resulted in the theft of credit card numbers and
customer information at retailer T.J. Maxx.
_____________________________________________________________________________________
April 11, 2007
Microsoft refutes exploit-site reports of Office flaws (SC Magazine)
The same week Microsoft released April's second Patch Tuesday distribution,
a hacker claimed on exploit websites to have found a number of application
flaws. Microsoft today said it has found no such vulnerabilities.
Oracle to release 37 security patches next week (SC Magazine)
Oracle announced late Monday that it will release 37 security fixes
as part of its quarterly critical patch update scheduled for Tuesday.
Microsoft warns of 4 "critical" security holes (Reuters)
Microsoft Corp. warned of four security flaws in its software that it
categorized as "critical" on Tuesday that could allow attackers to gain
control of a user's computer.
_____________________________________________________________________________________
April 10, 2007
Microsoft Updates for Multiple Vulnerabilities (US-CERT)
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows and Microsoft Content Management Server. Exploitation
of these vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable system.
Apple patches 802.11n Airports (Infomatics)
A new security update from Apple addresses two flaws in the company's
Airport Extreme wireless hubs. The patch only affects the latest 802.11n
base stations. 802.11n-equipped notebooks, desktops, and earlier model
Airport base stations are not affected.
Addressing Threats from the Web (Computer Business Review)
AMCBR investigates Trend Micro's approach to ensuring that corporate
systems are protecting from numerous online threats.
_____________________________________________________________________________________
April 9, 2007
Microsoft Repatches Its .ANI Emergency Patch (InformationWeek)
Still dealing with problems with last week's emergency .ANI
vulnerability patch, Microsoft has fixed three more issues in a
"high-priority" update.
Protect Vista PCs from Viruses (Washington Post)
A computer virus can be much worse than a physical sniffle. A
particularly creative and nasty virus, Trojan horse, or worm can harvest
your e-mail inbox so an unscrupulous e-marketer can spam your friends.
That's embarrassing, but some viruses may damage your hard drive and data. A
Trojan horse...
Enforce password settings in Windows 2000 Professional (Tech Republic)
It can be easy to remember a good password—too easy, in fact. Learn
how to keep users from reusing the same passwords while maintaining
sufficient complexity to make it difficult for a would-be hacker to get into
the Windows 2000 Professional system with an old password.
April 6, 2007
Researchers Find New Windows Code-Execution Bug (Information Week)
The vulnerability, which is getting a "high severity" rating, affects
Windows 2000, Windows 2003, and Windows XP, but does not affect Windows
Vista.
China Tightens Anti-Piracy Enforcement (AP)
China has extended criminal penalties for music and movie piracy to people
caught with smaller amounts of DVDs or CDs, a state news agency said Friday,
after foreign complaints that enforcement was too lenient.
Retailers, FBI Launch Crime-Tracking Database (Information Week)
U.S. retailers have teamed up with the FBI to support a central database
designed to track and share data on organized shoplifting, which costs the
industry an estimated $30 billion a year.
_____________________________________________________________________________________
April 5, 2007
A sad song: Kaspersky discovers iPod proof-of-concept virus (SC Magazine)
Music lovers might want to cover their ears for this one: Kaspersky
Lab announced today that it has discovered the first virus affecting iPod.
Hackers access personal info of 46,000 University of California, San
Francisco students, staff (SC Magazine)
Hackers have compromised a server to access the personal information
of some 46,000 students, faculty and staff at the University of California,
San Francisco.
DARPA Seeks Shape-Shifting War Robots (Information Week)
Developers can use several approaches, including shape-memory materials,
reversible chemical or particle associations, geometric transitions, and new
classes of materials. .
_____________________________________________________________________________________
April 4, 2007
New Ajax Attack Poses Threat To Web 2.0 Sites (Information Week)
A new attack called JavaScript Hacking allows hackers to pretend to
be a victimized user and request private information.
Firefox users also vulnerable to ANI attacks (SC Magazine)
Researchers are warning users of Mozilla's Firefox browser that they
are also vulnerable to attacks exploiting the animated cursor ANI bug.
Hackers Promise 'Nude Britney Spears' Pix To Plant .ANI Exploit (Information
Week)
There are problems with the patch Microsoft released Tuesday for a
critical .ANI vulnerability, and hackers have launched a new spam campaign
to take advantage of the flaw.
Microsoft Defends 100-day ANI Patch Process (PC World)
Why did it take Microsoft more than 100 days to issue an emergency patch for
the animated cursor flaw?
_____________________________________________________________________________________
April 3, 2007
MIT Kerberos Vulnerabilities (US-CERT)
The MIT Kerberos 5 implementation contains several vulnerabilities. One of
these vulnerabilities (VU#220816) could allow a remote, unauthenticated
attacker to log in via telnet (23/tcp) with elevated privileges. The other
vulnerabilities (VU#704024, VU#419344) could allow a remote, authenticated
attacker to execute arbitrary code on a Key Distribution Center (KDC).
Microsoft Update for Windows Animated Cursor Vulnerability (US-CERT)
Microsoft has released updates to address vulnerabilities in the way
that Microsoft Windows handles image files. A fix for the animated cursor
buffer overflow vulnerability (VU#191609) is included in these updates.
Pentagon, NASA hacker loses appeal, could face 60 years in prison after
extradition to U.S. (SC Magazine)
Gary McKinnon, accused of hacking into Pentagon and NASA networks,
has lost his fight against extradition to the United States in front of the
British High Court.
Microsoft Rushes Windows Patch Out (PC World)
Look for a fix today for a known Windows flaw deemed too serious for
Microsoft to delay.
_____________________________________________________________________________________
April 2, 2007
New Services Move More Security Into The Network Cloud (Information Week)
AT&T and Trend Micro are both expanding the network-based security
services they're offering to business customers.
Microsoft to release ANI patch a week early (SC Magazine)
Microsoft announced on Sunday that it will release an out-of-band patch to
fix a vulnerability in Windows Animated Cursor Handling (ANI) that some
security experts are calling one of the most significant flaws in years.
Florida Targets Online Predators (Information Week)
Pending law imposes stiffer penalties for child porn and offline
sexual encounters. |
