|
Security Headlines
Back
December 31, 2005
Workaround, Protections Emerge for WMF Exploit (eWeek)
Updated: Anti-malware products deploy detection signatures as
exploits multiply, and a registry-based workaround has been developed.
White House Will Continue to Track Net (Security Pipeline)
The White House said Friday its Web site will keep using Internet
tracking technologies, deciding that they aren't prohibited after all
under 2003 federal privacy guidelines.
Anti-Virus Protection for WMF Flaw Still Inconsistent (eWeek)
Updated: Many products provide complete protection against current
WMF exploits, but others are less successful; Microsoft's workaround
works, but has limits.
_____________________________________________________________________________________
December 30, 2005
White House Will Continue to Track Net (CRN)
The White House said its Web site will keep using Internet
tracking technologies, deciding that they aren't prohibited after all
under 2003 federal privacy guidelines.
Phishers Stay One Step Ahead (TechWeb)
Fraudsters stayed a step ahead of gullible Internet users in 2005
by fine-tuning their tactics and turning to more sophisticated
strategies.
Anti-Virus Protection for WMF Flaw Still Inconsistent (eWeek)
Many products provide complete protection against current WMF
exploits, but others are less successful; Microsoft's workaround works,
but has limits.
Copy Controls: How Far Will They Go? (PC World)
Sony's invasive antipiracy efforts point to a coming battle for control
of your PC.
_____________________________________________________________________________________
December 29, 2005
How To Beat Back The New Zero-Day Windows Bug (TechWeb)
With a patch for the worsening zero-day Windows vulnerability
perhaps weeks away, security companies and Microsoft recommended
workarounds and other ad hoc defenses.
Sony settles 'rootkit' class action lawsuit (CNET)
The record label agrees to offer U.S. customers money and free
downloads to encourage them to replace CDs that secretly install
software.
Microsoft Promises To Patch Worsening Zero-Day Flaw (TechWeb)
As bleaker details emerge about the threat posed by a zero-day
vulnerability in Windows, Microsoft scrambles to produce a patch for the
flaw but has thus far declined to put the fix on a timetable.
Marriott customer data missing (SC Magazine)
A division of the Marriott International hotel empire has
notified more than 200,000 clients of back-up security tapes missing
from the company’s Orlando corporate offices.
Man Pleads Guilty To Worm Attacks Against eBay, Others (Information
Week)
Anthony Scott Clark, of Beaverton, Ore., faces 10 years in
prison, a $250,000 fine, three years probation and other penalties for
the 2003 denial-of-service attacks against 20,000 computers.
NSA Web Site Places 'Cookies' on Computers (AP)
The National Security Agency's Internet site has been placing files
on visitors' computers that can track their Web surfing activity despite
strict federal rules banning most of them.
Trojan targets Spanish-speaking bank customers (SC Magazine)
A new trojan blending spyware and phishing techniques is
threatening Spanish-speaking bank customers, a European security firm
warned this week.
_____________________________________________________________________________________
December 28, 2005
Microsoft Windows Metafile Handling Buffer Overflow (US-CERT)
Microsoft Windows is vulnerable to remote code execution via an
error in handling files using the Windows Metafile image format. Exploit
code has been publicly posted and used to successfully attack
fully-patched Windows XP SP2 systems. However, other versions of the the
Windows operating system may be at risk as well.
Larger Lone Star lawsuit for Sony (SC Magazine)
Texas has added new charges, these citing use of MediaMax
technology, against recording industry giant Sony-BMG Entertainment
Attackers Exploit Critical Windows Metafile Flaw (eWeek)
Code for what Secunia is deeming an "extremely critical flaw" in
Windows Metafile Format files is being exploited on fully patched
systems. Avoiding attack is simple, researchers note: Don't click on it.
Virus tempting MSN messenger users (SC Magazine)
MSN instant messenger users are being warned of a new virus
posing as an unreleased beta.
McAfee, MSN Extend Security Deal To Dial-up Subscribers (TechWeb)
McAfee will provide its top-of-the-line consumer anti-virus and
firewall software to subscribers of MSN's dial-up.
Firm: IM threats to increase next year (SC Magazine)
Cybercriminals will become yet more sophisticated in 2006,
discovering new vulnerabilities in instant messaging systems and mobile
security, one firm noted in a year-end study.
Marriott Says Customer Data Missing (Information Week)
The company's timesharing division has notified customers that
backup tapes are missing with personal data--including Social Security
numbers, bank and credit-card account numbers---on them.
Virus Poses as MSN Messenger Beta (NewsFactor)
A new virus purporting to be a leaked pre-release version of MSN
Messenger has popped up on the Web. The sophistication of the ploy has
raised concerns among security researchers.
China to get tough on cellphone fraud, spam (Reuters)
China will require all mobile phone subscribers to register using their
real names next year, in a bid to curb rampant spam and growing fraud
conducted over mobile services, the official Xinhua news agency said.
_____________________________________________________________________________________
December 27, 2005
Virus tempting MSN messenger users (SC Magazine)
MSN instant messenger users are being warned of a new virus
posing as an unreleased beta.
Firm: IM threats to increase next year (SC Magazine)
Cybercriminals will become yet more sophisticated next year,
discovering new vulnerabilities in instant messaging systems and mobile
security, one firm noted in a year-end study.
Larger Lone Star lawsuit for Sony (SC Magazine)
The state of Texas has added new charges, the first citing use of
MediaMax technology, against recording industry giant Sony-BMG
Entertainment
Virus disguises itself as MSN Messenger beta (CNET)
File purporting to be the latest test version of Microsoft's IM
software tries to draw PCs into a botnet.
IT security professionals moving up the corporate pecking order (SC
Magazine)
Ultimate responsibility for information security is moving up
corporate management hierarchies, as board-level directors and CEOs - or
CISO/CSOs – are increasingly held accountable for safeguarding IT
infrastructures, new research has revealed.
'Leaked' Windows Live Messenger Really A Trojan (TechWeb)
A 'leaked' version of Microsoft's Live Messenger instant
messaging client plants a malicious bot worm, a security company warned
New Trojan Stalks Spanish Net Users (PC World)
Malware spreads via MSN Messenger and harvests passwords to
online banking sites.
Security experts fear Nazi Sober worm epidemic poised for January (SC
Magazine)
The recent Sober.AH epidemic could form part of an orchestrated
neo-Nazi strategy to saturate mailboxes worldwide with pro-Nazi spam,
security experts have warned.
Old worms, new tricks (CNET)
year in review Sober came back to bite, hackers tried out new ways to
attack and Sony stumbled into a rootkit debacle.
Password-stealing Trojan Snares Spanish Speakers (TechWeb)
A Trojan horse that arrives via MSN Messenger tries to swipe Spanish
speakers' online banking usernames and passwords, said Bilbao,
Spain-based Panda Software Tuesday.
_____________________________________________________________________________________
December 26, 2005
Security Trends: Follow the Money (PC World)
Fortune, not only fame, motivates hackers as services battle
cybercrime.
|
December 23, 2005
Google Plugs Site Security Holes (PC World)
Web site flaws could allow hijacking, warns security firm.
Database Breach at Computer Forensics Company Shocks Security Community
(eWeek)
Security and law enforcement professionals are appalled that
their personal information has been leaked by Guidance Software, a
security software and training company they say should have known better
than to leave an unencrypted database exposed on the Internet.
Fla. attorney general says his e-mails aren't spam (Reuters)
Florida's attorney general has spearheaded an aggressive
campaign against unsolicited e-mails, or spam. But as a candidate for
governor, he appears to be generating some unwanted Internet clutter
himself. _____________________________________________________________________________________
December 22, 2005
VMWare: Virtual Machine Security Flaw 'Very Serious' (eWeek)
The vendor has issued product patches for a very serious security
flaw that puts customers at risk of remote code execution attacks.
Santa Delivers More Christmas Malware (PC World)
Animated holiday greeting is Trojan horse that steals
information, security firm warns.
Symantec Says Vulnerability Impacts 63 Products (TechWeb)
Symantec has named more than 60 of its products as affected by
the critical vulnerability disclosed earlier this week.
Ford Computer With Employee Data Stolen (Information Week)
The data includes Social Security numbers; a letter has been sent
to employees urging them to take steps to safeguard their personal
information.
Symantec Readies Urgent Patch (PC World)
Security researcher finds serious (but not exploited) flaw in antivirus
software.
Spam Is on the Decline (NewsFactor)
Those annoying "spam" e-mails for Viagra or low-rate mortgages
that clog computer users' mailboxes appear to be on the decline, federal
regulators said Tuesday.
IT security professionals moving up the corporate pecking order (SC
Magazine)
Ultimate responsibility for information security is moving up
corporate management hierarchies, as board-level directors and CEOs - or
CISO/CSOs – are increasingly held accountable for safeguarding IT
infrastructures, new research has revealed.
Security experts fear Nazi Sober worm epidemic poised for January (SC
Magazine)
The recent Sober.AH epidemic could form part of an orchestrated
neo-Nazi strategy to saturate mailboxes worldwide with pro-Nazi spam,
security experts have warned.
Malware Attacks (McAfee)
McAfee AVERT Labs Celebrates 10 Years of Threat Protection and Predicts
the Top Threats for 2006
Illegal material uncovered on 16m web pages (SC Magazine)
Security experts have waned of a surge in the number of
global websites hosting terrorist, extremist and illegal content.
$20m software pirate sent to jail (SC Magazine)
Nathan Peterson, owner and operator of iBackups, has pleaded
guilty in a U.S. District Court in Alexandria, Va. to two counts of
criminal copyright infringement for illegally copying and selling nearly
$20m worth of computer software.
_____________________________________________________________________________________
December 21, 2005
Beware of Strange iTunes/QuickTime Movies (eWeek)
A private security researcher publishes a proof-of-concept
exploit for a potentially serious bug in Apple's popular iTunes and
QuickTime media players.
Feds Say Computer Surveillance Hindered Without Patriot Act (TechWeb)
Department of Justice releases a list of technology-related
ramifications if the remaining provisions of the Patriot Act aren't
passed by Dec. 31.
kdegraphics, curl, gpdf, udev, cups, and perl security updates (Red Hat Network Alert)
Updated kdegraphics, curl, gpdf, udev, cups, and perl packages are available as
patches to correct several bugs.
Bug Bites McAfee Anti-Virus (TechWeb)
A security research firm says McAfee's anti-virus line is
vulnerable to attack, the second such warning issued about anti-virus
software in two days.
Sober turns in child porn owner (SC Magazine)
An alleged German child porn offender has turned himself in to
authorities after mistaking an email sent by the Sober computer worm as
an official warning that he was being investigated, media reports said.
'High' risk in Symantec antivirus software flaw (CNET)
Bug affects most of company's products, including enterprise
and home user software, on Windows and Macintosh platforms.
IM trojan steals web banking passwords (SC Magazine)
Security experts today warned instant messaging (IM) network
users to beware of a newly intercepted trojan named W32/Banbra.BOK,
which is using the rise in holiday season web commerce to secretly steal
banking passwords from unwitting surfers.
Hackers find first Xbox cracks (SC Magazine)
It didn’t take long for hackers to find the first security
openings in games for Microsoft's new Xbox 360 system.
SMBs Reluctant To Trust VoIP (NewsFactor)
VoIP success stories are common today, but concerns about the security
of Internet Protocol telephony systems may slow adoption of the
technology by small and midsized businesses.
RPG site bit by hackers (SC Magazine)
Video game creator White Wolf Publishing, the maker of popular
“World of Darkness” role-playing games, had user data from its website
stolen earlier this month.
Scammers jingle all the way (CNET)
At this time of year, cyberscams take on a holiday flavor and
credit card fraud gets a snowball effect.
_____________________________________________________________________________________
December 20, 2005
Symantec Anti-virus Software Open To Attack (TechWeb)
A bug in Symantec's line of anti-virus software is vulnerable to
attack, a prominent security researcher says.
Here Comes Santa Claus Worm (PC World)
New instant-messaging worm promises a picture of Santa Claus, but
delivers a rootkit.
FTC Celebrates CAN-SPAM with Spam Suits (eWeek)
The U.S. Federal Trade Commission used the two year anniversary
of the CAN-SPAM act to announce a grab-bag of legal actions against
spammers.
Oracle Fortifies Application Security At The Source (Security Pipeline)
Oracle, which once claimed its applications were "unbreakable,"
plans to announce Tuesday that it is using Fortify Software's Source
Code Analysis software to analyze Oracle's application server,
collaboration suite, database server, and identity management software,
among others, for potential vulnerabilities as new versions of these
products are built.
FTC's CAN-SPAM Report Card (PC World)
FTC releases progress report on Congress's antispam law, but some
experts are not impressed.
World Wide Web Consortium calls for simplified secure browsing (SC
Magazine)
The World Wide Web Consortium (W3C) has called on IT security
industry experts for help with a forthcoming workshop that aims to
identify methods to simplify secure web browsing.
Computer worm traps child porn offender in Germany (Reuters)
A child porn offender in Germany turned himself in to the police after
mistaking an email he received from a computer worm for an official
warning that he was under investigation, authorities said on Tuesday.
Microsoft clamps down on illegal resale of its software (SC Magazine)
Microsoft has filed 10 lawsuits against companies for allegedly pirating
software and seven court action against individuals for allegedly
selling not-for-resale software to unsuspecting purchasers.
_____________________________________________________________________________________
December 19, 2005
2006: Year of the mobile malware (CNET)
Mobile security threats are expected to rise threefold next year
as mobile devices become more prevalent, according to McAfee Avert Labs.
Desktop Standard Solves Windows Permissions Dilemma (eWeek)
Desktop Standard's upgrade to its PMAS software can be used with
Microsoft Active Directory Group Policy Console to allow administrators
to raise or lower permissions on a specific basis.
Dasher Worm Infecting Windows PCs (NewsFactor)
A computer worm that exploits a critical Windows 2000 flaw first
revealed by Microsoft in October has been circulating since late last
week, and now has morphed into three new variants.
Actuate, Quantum To Debut Physical Security Analytics (BI Pipeline)
The firms plan to deliver a product that helps companies track,
manage and analyze building access controls, surveillance and similar
security functions.
Firms warned over adware promising video and music (SC Magazine)
Security experts have warned of a fast spreading adware file
designed to tempt unwitting recipients with the promise of free music
and videos.
Feds Assess 2-Year-Old Spam Law (PC World)
Feds to report on effectiveness of CAN-SPAM Act and describe new
antispam efforts.
Microsoft ‘fuming’ after Dasher-B exploits old Windows flaw (SC
Magazine)
Microsoft has been “left fuming” after security experts warned of new
malware that successfully exploits a Windows flaw that the Redmond firm
first identified over two months ago, a security expert claimed.
Poll Reveals Data Safety Fears (eWeek)
The Cyber Security Industry Alliance says a lack of federal
protection concerns the public.
IBM Steps Up Continuous Data Protection (eWeek)
IBM is planning a major upgrade to its Tivoli Continuous Data
Protection for Files software, a move designed to fill in a number of
functionality gaps in the offering.
Virus Fighters Can't Keep Up (Security Pipeline)
At 5:07 p.m. on Dec. 21 a year ago this
week, the Santy worm arrived at Kaspersky Lab in Moscow via an E-mail
message. It was immediately assessed, categorized, and routed to a virus
analyst. By 6 p.m., the analyst had dissected the worm and generated a
binary signature that the lab's antivirus software could use to block
it.
Data Privacy Issues to Persist Next Year (eWeek)
People may remember 2005 as the year that corporate America woke up to
the problem of data breaches, and expertrs say the threats will continue
in 2006.
|
December 16, 2005
Dasher Worm Attacks Windows (PC World)
Patch available, but separate IE exploits target browser
vulnerabilities.
Illegal swapping on the ropes (CNET)
Recent court activity suggests that illicit music downloads may
be facing their swan song.
Online Christmas shopping stretches corporate IT security in UK (SC
Magazine)
Newly published research claims that corporate IT security will be
stretched to the limit this festive season as an estimated 33 per cent
of staff rely on their office PCs for online Christmas shopping.
Fortune 100 firms' websites leaking sensitive data (SC Magazine)
The websites of many Fortune 100 firms host publicly accessible files
that reveal potentially sensitive metadata and hidden information such
as user names and email addresses, newly published research has
revealed.
_____________________________________________________________________________________
December 15, 2005
Worm Targets October Windows Flaw (Security Pipeline)
The first worm that successfully attacks an October vulnerability
in Microsoft Windows is spotted.
Regular Patch Schedules "Two-Edged Sword" (TechWeb)
A security analyst takes aim at the practice of some vendors to
roll out patches on regular schedules, calling the practice a "two-edged
sword."
Industry groups create united front against cyber criminals (SC
Magazine)
The Messaging Anti-Abuse Working Group (MAAWG) and the
Anti-Phishing Working Group (APWG) have come together for the first time
to jointly outline preliminary best practices aimed at eradicating
online fraud.
Kazaa owners may face time in jail (CNET)
Record industry in Australia initiates contempt of court proceedings
against the masterminds behind the file-sharing software.
Phishers turn to blended attacks to catch more surfers (SC Magazine)
Organized criminal gangs are targeting online consumers with ever
more sophisticated blended phishing attacks, some of which even find out
details of their interests and use them to generate tailored phishing
emails, security experts have warned.
_____________________________________________________________________________________
December 14, 2005
Microsoft's SUS Bug Makes Admins Go Manual (TechWeb)
Microsoft has run into another problem with its updates, this
time a bug in its aging Software Update Services (SUS) server software
that turned previously-approved updates into "unapproved."
MS Ends 2005 with 'Critical' Patch (NewsFactor)
Microsoft has released its last batch of scheduled software bug
fixes for the year, including one rated critical and one rated
important.
Microsoft Patch Cleans Up After Sony Rootkit (TechWeb)
Microsoft has included clean-up tools for the Sony CD copy
rootkit as part of its latest round of security patches.
HP's Trustgenix buy narrows federated identity market choice (SC
Magazine)
Hewlett-Packard recently agreed acquisition of Trustgenix, a
provider of federated identity solutions, will signal a reduction in
choice for companies seeking best-of-breed ID management system, Gartner
has warned.
AT&T launches news channel for Internet security (Reuters)
AT&T Inc. on Wednesday said it had launched a news channel that would
focus on Internet security issues for its business and government
customers.
Spammers and criminals working hard to trick Christmas shoppers (SC
Magazine)
Security fears have made 69 per cent of shoppers more cautious
about purchasing goods online, a newly published survey has claimed.
_____________________________________________________________________________________
December 13, 2005
Attack Targets Mozilla (PC World)
Hacker posts code to take control of computers running unpatched
versions of Firefox browser.
Microsoft Internet Explorer Vulnerabilities (US-CERT)
Microsoft has released updates that address critical
vulnerabilities in Internet Explorer (IE). A remote, unauthenticated
attacker could exploit these vulnerabilities to execute arbitrary code
or cause a denial of service on an affected system.
Insecurity over ID theft (CNET)
year in review A high-profile hack of Paris Hilton's phone and a
huge credit-card leak usher in a new age of anxiety.
Internet Security Gone Wild (NewsFactor)
People who install the latest security software often find themselves
the unwitting Rapunzels of the Internet, locked away from the outside
world by an overprotective caretaker.
End of 2005 sees virus count rise with ‘alarming force’ (SC Magazine)
Security experts have warned that during the second half of this
year the virus count rose with “alarming force”, increasing from 110,000
to approximately 150,000 by the end of the year.
Taking on rootkits with hardware (CNET)
newsmaker Travis Schluessler, an Intel security architect, explains how
the chipmaker's labs plan to take on sophisticated threats.
Software piracy estimated to cost $400bn (SC Magazine)
Cutting the global piracy rate by 10 percent from current
estimates of 35 percent over a four year period could generate 2.4
million new jobs, $400bn in economic growth, and $67 billion in tax
revenues worldwide, claims a newly published study.
_____________________________________________________________________________________
December 12, 2005
So much stolen data, so little time (SC Magazine)
Data breaches have been rarely used for financial fraud, a new
study on recent incidents has shown.
Microsoft Tightens IE 7's Security (PC World)
Browser's default security settings will change to match common
home, business setups.
Mozilla Says Firefox 1.5 Bug Not Serious (TechWeb)
Mozilla Corp. is asserting that a bug in its recently released
Firefox 1.5 is not serious and poses no risk "to users or their
computers."
Excel Security Flaw Yanked from eBay (NewsFactor)
Auction site eBay has stopped an auction of a seller trying to
hawk information about an alleged software exploit in Microsoft Excel
that gives hackers remote control of vulnerable PCs.
UK Charity Commission warns against high-tech hackers (SC Magazine)
Charities need to be on their guard against internet fraud, the
Charity Commission warned today after criminal hackers broke through the
online security systems of a Christian charity.
Better defenses for browsers (CNET)
Web industry group aims to lock out phishers with a stronger
program to vouch for legitimate e-commerce sites.
Aventail Improves Communication (Security Pipeline)
Security vendor Aventail’s new Web collaboration solution incorporates
VoIP and videoconferencing features to improve user-to-user
communications and boost productivity.
Verizon cuts off wireless nuisance calls (SC Magazine)
As part of its ongoing battle against SMS spam and unsolicited
sales calls, Verizon Wireless has won permanent injunctions to stop two
telemarketing firms from making illegal marketing calls to cell phone
users.
December 9, 2005
More than 10,000 new bots emerge in 2005 (SC Magazine)
Bots have emerged as the most prolific type of malicious code
during 2005, according to new research. Data published today by
PandaLabs reveals that more than 10,000 new samples of automated worms
or Trojans were detected during this year alone, leading to a sharp rise
in the number of zombie botnets used by cyber criminals.
Microsoft Planning IE7 Security Zone Lockdowns (eWeek)
The next version of Internet Explorer will ship with significant
default setting changes to the security zones, including the scrapping
of the "Intranet" zone for home users.
Researchers issue warning over Princess Diana spam scam (SC Magazine)
Security firms today issued a warning over a spam campaign which
pretends that the recipient has won a charitable grant from a global
humanitarian organisation set up to create a living memorial to the late
Diana, Princess of Wales.
eBay Pulls Bidding for MS Excel Vulnerability (eWeek)
An unknown security researcher chooses a novel way to issue a
warning for a code execution flaw in Excel—posting it for sale on eBay.
But the auction was pulled late Thursday after the bidding reached $53.
Cops, Crooks Find Cell Phones Handy Tools (PC World)
Securing phone data is an overlooked business concern, say experts.
FullArmor Launches Web Services Tool (eWeek)
The new PolicyPortal provides a centralized way to manage Active
Directory Group Policy on any machine connected to the Internet.
_____________________________________________________________________________________
December 8, 2005
Majority of Home PCs Still Unprotected (NewsFactor)
A new security study has found that the majority of home PC users
lack at least one of three critical types of security software, such as
a firewall or an antivirus package.
New attacks target small U.S. banks (SC Magazine)
Cybercriminals have launched at least nine highly orchestrated
and sophisticated phishing attacks against smaller U.S. banks during the
last three months, a security company warned today.
Fixes coming for Windows flaws (CNET)
Microsoft plans to release two security alerts with patches for
an unspecified number of flaws in the operating system.
Rootkits Making More Spyware, Adware Stick (TechWeb)
The sharp rise in rootkits is due to spyware and adware purveyors
trying to prevent their wares from being easily uninstalled, security
experts said Thursday.
Nazi Sober mutant gears up for anniversary onslaught (SC Magazine)
The next wave of attacks from this year's most prolific email
worm family, Sober, is scheduled to start on Jan. 5, 2006, analysis of
has revealed. The attack date coincides with the 87th anniversary of the
founding of the Nazi party.
EU Likely To Approve Data Retention Bill (Security Pipeline)
The European Parliament's two biggest groups have reached a
preliminary agreement to support proposed EU legislation requiring
telecommunications companies to retain phone and e-mail data, officials
said Wednesday.
Unchecked Software Piracy Could Cost Nations Hundreds of Billions Of
Dollars (InternetWeek)
Without a crackdown on global software piracy, countries stand to
lose hundreds of billions of dollars in economic growth and tax revenues
and millions of new jobs, a study shows.
FBI: Terrorists Lack Ability To Mount Serious Cyber Attacks
(InformationWeek)
Al-Qaida is surprisingly sophisticated in its use of computers
but can't mount crippling Internet-based attacks against U.S. airports
or the power grid, the FBI's top cyber crime official says.
Fears over identity theft overblown: US study (Reuters)
A new study suggests consumers whose credit cards are lost or stolen or
whose personal information is accidentally compromised face little risk
of becoming victims of identity theft.
_____________________________________________________________________________________
December 7, 2005
New Sony CD Security Issue Needs Patching (Security Pipeline)
MediaMax Version 5, which Sony uses to restrict how many times a
CD can be copied, installs a file folder in the computer that could
allow a guest user to gain unauthorized access. A patch is available
online.
Most Americans Unprepared For Phishing Attacks (TechWeb)
Americans are increasingly unable to tell the difference between
legitimate and scam e-mail, a survey released Wednesday showed.
Protecting Applications From Hackers (InformationWeek)
Tools to examine software vulnerability in the design and testing
stages have existed for years, but are now getting easier and more
intuitive to use as companies face the evolving landscape of threats.
Spyware is Biggest Web Threat, Study Says (PC World)
Security firm Sophos says virus writers are getting sneakier and
phishing may get nastier.
Next Sober Attack Slated For Jan. 5 (TechWeb)
The next big Sober worm attack is scheduled to take place January 5,
2006, a date probably picked because it's the 87th anniversary of the
founding of a precursor to the Nazi Party, a security firm said
Wednesday.
AIM Worm Mimics Talking IM Bots (eWeek)
A new malicious worm squirming through American Online's AIM
network has the ability to carry on an interactive chat session with
potential victims.
Net Threats Up 48 Percent This Year (NewsFactor)
The number of new Internet security threats rose by 48 percent
this year as Internet criminals turned to targeted attacks, security
firm Sophos warned in its annual security report.
e-Security, Cisco Partner on Application Security (eWeek)
A product that combines e-Security's security information management
technology with Cisco's application security hardware will provide
incident management, problem remediation and reporting.
Christmas MP3 players pose serious corporate security risks (SC
Magazine)
Companies need to take steps to protect themselves from “very serious
security threats” which will be posed by MP3 players received as
Christmas presents being brought into workplaces in greatly increased
numbers next year, security experts warned.
Cyber criminals fuel 2005 malware explosion (SC Magazine)
2005 has seen the number of new malware threats rise by a staggering
48 percent, according to new research.
_____________________________________________________________________________________
December 6, 2005
Security Threats Up Nearly 50 Percent In 2005 (TechWeb)
It's been a good year for cybercrooks, especially those with the
foresight to have gotten in on the boomingTrojan horse business.
Ignify Updates E-Commerce Engine To Detect Fraud (CRN)
Ignify updated its e-commerce platform for Microsoft and Sage ERP
products with advanced heuristics for fraud detection.
Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes (eWeek)
Statistics released by the company reveal that more than 20
percent of all malware removed from Windows XP SP2 machines is stealth
rootkits.
Colubris Adds Airtight Security To Wireless LAN Lineup (Security
Pipeline)
WLAN security vendor Colubris Networks Tuesday unveiled hardware it
claims will streamline the process of securing and managing wireless
networks.
MCI Launches Network Security Service (eWeek)
The NetSec Security Risk Management Service is a repackaging of MCI's
security offerings that helps users take steps to prevent security
incidents and take action against threats.
_____________________________________________________________________________________
December 5, 2005
Flaw Found in SQL Server 2000 Profiler (eWeek)
A recently discovered vulnerability in Microsoft's SQL Server
2000 database allows users to mask their log-in names.
Google Fixes Desktop Search Loophole (NewsFactor)
Google has strengthened its Desktop Search tool so that it cannot
be used any longer by hackers who are exploiting an unpatched
vulnerability in Internet Explorer.
3Com Turns On The Switch To Advance VoIP And Security (Security
Pipeline)
3Com this week plans to launch a line of SMB and branch office
LAN switches that add advanced features for VoIP and security.
Attacks rocket as organized cyber criminals target IM (SC Magazine)
IT security watchers today reported that the number of recorded
attacks using instant messaging (IM) to propagate is rocketing as
organized cyber criminals begin to target IM networks.
FTC Clamps Down on Web Fraud (PC World)
Two firms settle charges of promoting fraudulent Web-based
business opportunities.
Newbury Scales Security Software For Small WLANs (CRN)
Newbury Networks this week releases a new scaled-down version of
its Wi-Fi Watchdog WLAN security software aimed at helping companies
with small-scale WLAN deployments to secure their networks, and a new
partnership to integrate its software with Cisco Systems' hardware.
Security experts warn that hackers are exploiting IE bug (SC Magazine)
Security experts have warned internet users to take care when
surfing the web, following sightings of malware planted on websites that
exploits a recently discovered Internet Explorer security vulnerability
which has not yet been patched by Microsoft.
Juniper, Symantec to Take on Malware (eWeek)
Juniper will soon ship malware detection technology from Symantec
on all its Secure Access SSL VPN appliances. The integration will
enhance endpoint protection against Trojan horse programs, keyloggers
and remote control applications.
Quantum Leaps Into Security (Security Pipeline)
Quantum this week is moving to secure the data customers store on
its tape-based and disk-based backup products with the introduction of
its new Quantum Security Framework.
HP beefs up identity management with Trustgenix acquisition (SC
Magazine)
In a bid to improve the identity management functionality in its
OpenView product range, HP has signed a definitive agreement to acquire
Trustgenix, a provider of federated identity management technology.
December 2, 2005
HP beefs up identity management with Trustgenix acquisition (SC
Magazine)
In a bid to improve the identity management functionality in its
OpenView product range HP has signed a definitive agreement to acquire
Trustgenix, a provider of federated identity management technology.
Critical RealPlayer Flaw Flagged (eWeek)
Researchers at eEye Digital security flag another code execution
hole in the widely deployed media player.
Best Buy 'hacker' loses in court (CNET)
Thomas Eli Ray says someone else used his PC to try to extort $2.5
million from Best Buy. Judges didn't buy it.
Microsoft launches anti-virus service (SC Magazine)
Microsoft has decided to open the beta test version of its
forthcoming anti-virus and anti-spyware service, dubbed One Care Live,
to the general public.
IE Design Flaw Lets Hacker Crack Google Desktop (eWeek)
An Israeli hacker pinpoints a vulnerability in the cross-domain
protections in Internet Explorer and publishes a proof-of-concept
exploit to show how Google Desktop can be cracked to hijack sensitive
user data.
Microsoft launches anti-virus service (SC Magazine)
Microsoft has decided to open the beta test version of its forthcoming
anti-virus and anti-spyware service, dubbed One Care Live, to the
general public.
_____________________________________________________________________________________
December 1, 2005
Microsoft Likely To Break Cycle, Patch Early (Security Pipeline)
An "extremely critical" threat may cause Microsoft to release a
patch before its next scheduled round of software patches.
Phishers Pose as IRS Agents (PC World)
Security glitch enables hackers to usurp government sites and
mislead users into revealing personal data.
Microsoft Eyeing Off-Cycle Patch For Internet Explorer? (TechWeb)
An recently uncovered vulnerability in IE may cause Microsoft to
release a security update ahead of this month's scheduled patch day of
December 13th.
Sunbelt Will Buy Kerio Firewall (eWeek)
The company plans to rebrand the product as the Sunbelt Kerio
Personal Firewall and reduce the price of the full version of the
software.
Sober Worm Wreaking Havoc (NewsFactor)
The Sober-Z worm is causing significant problems for businesses
worldwide, and at times accounts for one in every 13 e-mails sent,
according to security firm Sophos.
Fake FBI/CIA E-Mails Make Sober Virus Enemy #1 (TechWeb)
As many as one in every 13 recent e-mails has been infected with
the Sober worm, making it the biggest virus ever, a security firm said
Thursday.
Scan your PC with Windows Live (Lifehacker)
The Windows Live Safety Center scans your PC for "viruses, wasted
disk space, maintenance issues and common open ports.
Microsoft Mulls Emergency Patch for IE Attacks (eWeek)
Attackers are now exploiting an unpatched flaw in Internet
Explorer to launch drive-by Trojan downloads even as Microsoft scrambles
to get a stable fix ready and out the door. At the same time, Apple
plugs security holes in its Safari browser.
Firms face growing IT security danger from 'enemy within' (SC Magazine)
Global organizations are leaving themselves vulnerable to significant
security risks because of widespread failure to take steps against
internal threats, industry experts warned today.
Private Attorney General lawsuit filed against Sony (SC Magazine)
US lawyers have stepped up the legal pressure against Sony BMG
Entertainment in connection with its controversial use of spyware-based
Digital Rights Management software on music CDs.
|
