|
Security Headlines
Back
February 28, 2007
'Storm' Trojan Variant Spreads (PC World)
Security researchers warn Trojan is worming its way into blogs, Web-based
message forums and Webmail.
Social Networking Sites Feed Phishers (Information Week)
Blame it on a big uptake in social networking sites such as MySpace,
where people are willingly keying in all this data about themselves,
analysts at MessageLab suggest.
Rollout: Guidance Software EnCase Enterprise 6 (Network Computing)
New features plus great speed for examining machines over the network make
EnCase practically untouchable by current competitors.
_____________________________________________________________________________________
February 27, 2007
Microsoft Office 2003 Apps Hit with New Crash Bugs (PC World)
Microsoft Office apps can be crashed by attackers who feed the
business applications malformed documents, Symantec reports.
How Does The Hacker Economy Work? (Optimize)
It's a murky world of chat rooms, malware factories, and
sophisticated phishing schemes. Here's a look inside.
_____________________________________________________________________________________
February 26, 2007
eEye: Microsoft Office 2007 flaw found in Publisher (SC Magazine)
A vulnerability discovered in Microsoft Office 2007 could be
exploited by a malicious user to execute arbitrary code on a compromised PC,
security experts have warned.
Browser Bugs, Attacks Expected to Mount (PC World)
Mozilla exec foresees increase in attacks--and focus on security--for every
browser maker.
Mozilla releases Firefox security fixes (SC Magazine)
Mozilla released fixes for its Firefox browser on Friday that addressed
several security vulnerabilities.
Phishing Sites Explode on the Web (PC World)
Online criminals are thriving even in the face of new automated defenses.
MasterCard Says TJX Was Not PCI-Compliant (ePaynews)
MasterCard says U.S-based retailer TJX was not compliant with the Payment
Card Industry Data Security Standard (PCI DSS) when its computer system
experienced a data security breach last year. PCI DSS provides safeguards
for the storage, processing and transmission of cardholder data. February 23, 2007
He's Baaack - Vladuz 'Hacker' Taunts eBay (AuctionBytes)
A person eBay called a "known Romanian fraudster going by the handle Vladuz"
appeared again on discussion boards on eBay's German site. This time, he
created or possibly renamed an eBay customer service representative's User
ID and posted under the name "vladuzsgi."
Hacker Pleads Guilty to Spreading IRC Trojan Horse (Kansas City InfoZine)
Washington State man disguised malicious spyware as movie link
Hacker puts judge in prison (the INQUIRER)
A HACKER'S investigation of Superior Court Judge Ronald C. You must be
registered and logged in to add comments!
_____________________________________________________________________________________
February 22, 2007
Passwords stacking up? Tips for protecting yourself and your personal data
(The Courier News)
There was a time in the not-too-distant past when the only digits you
might need to remember to get through the day were your telephone number,
your driver's license number and Social Security number -- and maybe the
combination to your gym locker.
Breach
more widespread (York Daily Record)
A computer security breach by a hacker who stole TJX Cos. customer
data was broader than initially feared, and started 10 months earlier than
first thought, the company said Wednesday.
_____________________________________________________________________________________
February 21, 2007
Microsoft confirms new IE flaw (SearchSecurity.com)
Attackers could exploit a new security hole in Internet Explorer (IE)
to access local files on targeted systems, Microsoft confirmed Tuesday.
Proof-of-concept exploit code is available for the flaw.
Chinese hackers waging cyberwar on U.S. (SC Magazine)
Chinese hackers are waging war against the United States through the
cyber realm, a senior defense official proclaimed last week.
Google Shuts Hole in Desktop Product (AP)
A potentially devastating hole in Google Inc.'s prevalent desktop
search product could have exposed personal files on users' computers to data
thieves. Google fixed the defect within weeks of being informed about it and
says it has no evidence the vulnerability was exploited....
Critical IE Graphics Flaw Resurfaces (PC World)
Plus: More Office holes, and a major Adobe problem that affects all
browsers.
_____________________________________________________________________________________
February 20, 2007
Home wireless networks wide open (Infomatics)
Research by the Indiana University School of Informatics (IUSI) has
uncovered a security threat that could affect half of all home servers. The
attack uses a JavaScript application to change the domain name system
settings on an unsecured router, or one that uses the default password.
Mac users 'still lax on security' (BBC News)
Apple Mac users are still not taking security issues seriously enough,
according to a researcher.
_____________________________________________________________________________________
February 19, 2007
Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow (US-CERT)
A stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC
preprocessor could allow an unauthenticated, remote attacker to execute
arbitrary code with the privileges of the Snort process.
Driven by security (CPILive)
Not so long ago, threat was much a simpler phenomenon and not long
into the future, it should become even more complex. The era of a defined
perimeter-invasion is long over.
Network Computing Editor Wins RSA Hacking Contest (Slashdot)
richkarpi writes "Network Computing's security editor won the recent
RSA Interactive Testing Challenge. He has up a blow-by-blow description of
the events at their site: 'The most important factor in the contest besides
basic web exploitation skills (cross site scripting (XSS), SQL injection,
cross site request forgeries (CSRF), etc.) was speed ... I squeaked out a
win in the tie-breaking.
Apple Updates for Multiple Vulnerabilities (US-CERT)
Apple has released Security Update 2007-002 to correct multiple
vulnerabilities affecting Apple Mac OS X, Mac OS X Server, and iChat. The
most serious of these vulnerabilities may allow a remote attacker to execute
arbitrary code. Attackers may take advantage of the less serious
vulnerabilities to bypass security restrictions or cause denial of service. February 16, 2007
Apple fixes five Mac OS X flaws exposed during Month of Apple Bugs project
(SC Magazine)
Apple has offered fixes for five critical vulnerabilities unveiled during
January's Month of Apple Bugs (MoAB) project.
Palm Treo vulnerabilities allow data access (SC Magazine)
Several versions of the Palm Treo smartphone contain security flaws that
could allow attackers to access data even when the device is locked,
according to Symantec.
Novell Issues Daylight-Saving Time Warning And Update Utility (Information
Week)
ZenWorks patch management tool will automatically flag computers on a
network that are vulnerable to the March 11 clock change.
Spyware-aided hackers arrested in Turkey for online bank robbery (SC
Magazine)
Turkish police have arrested 17 people who allegedly hacked into internet
banking accounts and stole $300,000.
$400 million corporate espionage incident at DuPont (SC Magazine)
The U.S. Department of Justice (DOJ) pulled the covers off a
previously-sealed case of corporate espionage by a former DuPont scientist
who stole $400-million in intellectual property from his employer.
_____________________________________________________________________________________
February 15, 2007
First Vista security fix released to the public (Contra Costa Times)
"Patch Tuesday," when Microsoft Corp. releases repairs for problems
in its software, came and went this week with six critical fixes --
including the first one that touches Vista, the new operating system billed
as the most secure Windows version yet.
Another 1.8 million people affected by VA equipment loss (SC Magazine)
The public relations nightmare for the Department of Veterans Affairs
(VA) continued this week with the announcement that what was considered a
relatively low impact hard drive loss last month actually affected 1.8
million people.
Hacker's program snarls county offices (Lexington Herald-Leader)
For several days, more than 100 government offices in counties
throughout Kentucky were unable to issue driver's licenses, renew vehicle
registrations or perform other functions because of a malicious computer
program.
_____________________________________________________________________________________
February 14, 2007
Penn State researchers develop new anti-worm technology (SC Magazine)
Researchers with Penn State University announced this week that they have
developed a new anti-worm technology that shaves a significant amount of
time off from the detection and containment processors.
Identity theft a daily occurrence for High Desert bank (Desert Dispatch)
A crafty computer hacker in Russia or Nigeria shoots off thousands of
e-mails, pretending to a be a reputable bank and soliciting account
information. The hacker trolls the Internet for an unsuspecting people,
ready to snatch personal financial information and exploit it for gain.
FTC Enforcement in Guidance Case (Network Computing)
After the loss of thousands of customer records, Guidance Software has
become the FTC's 14th data-security case. How does the FTC choose who to
file suit against, and what do the case results mean?
Cisco warns of more router vulnerabilities (ZDNet)
Intrusion-prevention capabilities in IOS can be circumvented by hackers,
putting companies at risk of attack
_____________________________________________________________________________________
February 13, 2007
China Detains Six Over 'Panda' Computer Virus (InformationWeek)
China has detained six men in their 20s for writing or profiting from
a computer virus dubbed the "joss-stick burning panda" which has infected
over a million PCs in the country.
Zhelatin mutants storm virus charts (Infomatics)
The Zhelatin virus is challenging Bagle and Warezov for the dubious honour
of number one virus after eight new variants were detected in the past four
days, security experts have warned.
DOJ Report: FBI unable to properly track 51 lost laptops (Sc Magazine)
Auditors from the Department of Justice (DOJ) reported this week that during
a 44-month timeframe ending in September 2005 the Federal Bureau of
Investigation (FBI) lost 61 laptops containing either sensitive information
or unknown information the FBI was unable to confirm as sensitive or not.
_____________________________________________________________________________________
February 12, 2007
The New Front Line in Defending Against Online Threats (TechNewsWorld)
The Internet has presented previously unimaginable opportunities for
enterprises of all types, including financial services institutions. Online
transactions are at an all-time high as enterprises enthusiastically
cultivate the Internet as a vital sales channel. Careful examination of
consumer behavior, however, may reveal the first signs of trouble ahead.
Recycling could compromise security (Computing)
Not enough thought is being given to the protection of confidential
information Compliance with international recycling standards, such as ISO
14000, could leave businesses wide open to hackers and fraud attempts. February 9, 2007
New U.S. cybersecurity chief lays out guidance (InfoWorld)
U.S. companies and the federal government need to step up and fix the
problems in their computer networks, the nation's new cybersecurity czar
told attendees during his first-ever address at RSA Conference here on
Thursday. Within the next 10 years, the majority of the world's
communication needs will probably be handled by the Internet, said Gregory
...
Corporate crimeware threat 'moving to Adobe' (ZDNet)
The launch of Microsoft Office 2007 is likely to force malicious
hackers to focus more attention on looking for vulnerabilities in other
desktop applications, such as Abobe's Acrobat Reader, experts told delegates
at the RSA Conference 2007 in San Francisco on Wednesday.
Debate growing over data security (Baltimore Sun)
Privacy advocates urge encryption When Johns Hopkins officials announced
this week that a courier had lost nine backup computer tapes containing
personal data on 135,000 employees and patients, security specialists were
critical, even though the information probably was destroyed without being
compromised.
_____________________________________________________________________________________
February 8, 2007
Keeping Up with Worms and Botnets (NewsFactor)
If you are a cracker who has written an exploit, you have a choice
between fame and fortune. In the good old days, crackers chose fame. But now
fortune appears to be far more appealing.
RSA Conference 2007: Core Security says third-party software is Vista's
fatal flaw (SC Magazine)
Researchers attending RSA Conference 2007 yesterday announced a new
vulnerability - with a working exploit - that they said demonstrates
Microsoft's Windows Vista's weakest link: its third-party software.
RSA 2007 | Hackers love those careless PC users (Seattle Times)
To go along with hardware and software, the information security guys
have a term for you, the computer user: "wet ware. "
_____________________________________________________________________________________
February 7, 2007
Computer hackers attack root servers of internet (Guardian Unlimited)
Most significant attack since 2002 on computers that direct internet
traffic.
Teacher Faces Prison for Pop-Up Infested PC (PC World)
Crazy, but true: Woman convicted of exposing minors to porn, could serve 40
years.
2007 SC Magazine Awards winners announced (SC Magazine)
Who won CSO of the Year? What firm took home Best Security Company
Accolades? Click here to read about all the big winners at the 2007 SC
Awards, which took place Tuesday night at the Hilton San Francisco.
_____________________________________________________________________________________
February 6, 2007
IT security industry gathers at RSA Conference 2007 (SC Magazine)
Security professionals from around the globe gathered in San
Francisco today to kick off RSA Conference 2007.
Google's YouTube to warn Japanese users on piracy (Reuters)
Google Inc.'s YouTube.com agreed to display warnings on its Web site in
Japanese not to upload copyright materials to the popular Internet service,
a group of Japanese media firms said on Tuesday.
Hackers Attack Computers Every 39 Seconds (UM)
Are hackers trying to get into your computer right now? And what are they up
to? A study by the University of Maryland's A. James Clark School of
Engineering is one of the first to quantify the near-constant rate of hacker
attacks of computers with Internet access -- every 39 seconds on average --
and the non-secure usernames and passwords we use that give attackers more
chance of success.
Penetration tests measure firms' security (Computer Weekly)
Penetration testers make it their business to overcome your defences
and infiltrate the network. And your security measures may not be as robust
as you think
_____________________________________________________________________________________
February 5, 2006
VA Hard Drive With Personal Data Missing (AP)
A portable hard drive that may contain the personal information of up to
48,000 veterans may have been stolen, the Department of Veterans Affairs and
a lawmaker said Friday.
Gorbachev To Gates: Show Mercy On Software Pirate (InformationWeek)
Former Soviet leader Mikhail Gorbachev on Monday Bill Gates to
intercede on behalf of a Russian teacher accused of using pirated software
in his classroom.
JavaScript malware infecting various websites (SC Magazine)
Dozens of unrelated websites contain malicious scripts that attempt
to infect users' machines with malware, security experts said today.
Microsoft Excel target of new zero-day exploit (SC Magazine)
Attackers are exploiting a new zero-day vulnerability in Microsoft Excel,
researchers said. February 2, 2006
Computer Security: Trusted Computing Initiative Sets You As Your Own
Computer Worst Threat - Protection Or Menace? (MasterNewMedia)
Trusted computing is a set of open specifications based on the idea
that computer security can be achieved by implementing a particular
microchip (called Trusted Platform Module ), whose task is to allow users to
install and utilize only “ trusted ” software (which is software that has
been previously recognized and approved by the computer manufacturer).
Vista: A False Sense of Security? (E-Commerce Times)
With the first shipments of the new Microsoft Vista operating system still
lingering on store shelves, many consumers may not yet be sure whether
Vista's much ballyhooed security enhancements will make them less vulnerable
to virus, adware and spyware infections. Microsoft claims its restricted
access to the operating system's kernel will lock out hackers and malware
purveyors.
Enterprises Losing Millions Due to Mismanagement of Privileged Passwords
(CRM Today)
Cyber-ArkŪ today announced the release of new research into Privileged
Passwords – the non-personal, shared and administrative passwords that exist
in virtually every device or software application in an enterprise – which
shows companies are unknowingly losing millions of dollars annually due to
costly outages, labor-intensive work, legal liability and audit deficiencies
related to mismanaged privileged passwords.
Simon says: let me hack your Vista PC (ElectricNews)
Microsoft is playing down the possibility that the speech recognition system
in Windows Vista could be hijacked to delete files or perform other
unauthorised actions.
_____________________________________________________________________________________
February 1, 2006
Apple Revs Up Ad Attacks on PCs, Vista (AP)
For nearly a year, television and Internet audiences have been seeing
a familiar string of ads from Apple attacking rival Windows-based computers.
With this week's release of Windows Vista, the newest jabs aren't any
friendlier....
Demo '07 Conference Showcases Encrypted Messaging, Inkless Printing
(InformationWeek)
A wide range of products shown at Demo '07 -- new encryption technology,
inkless printing, a Web-based shipping system for small businesses, and even
some enterprise applications -- hightlight a new trend in technology.Feb 01,
2007
Will Biometric Authentication Solve Corporate Security Challenges?
(OptimizeMag)
Will Biometric Authentication Solve Corporate Security Challenges? Yes, says
Walter Hamilton, who is chairman of the International Biometric Industry
Association, and also a senior consultant at Identification Technology
Partners. No, argues George Tillmann, who is a former VP and CIO at Booz
Allen Hamilton. He currently advises CIOs.
|
