|
Security Headlines
Back
January 31, 2006
Mobile devices a security headache to IT managers (SC Magazine)
Two-third of IT managers are still experiencing security breaches
because of poor practices on mobile devices, according to new findings.
IT security industry giants team up for spyware blitz (SC Magazine)
In a bid to combat the growing menace of spyware IT security
giants McAfee, Symantec, Trend Micro, ICSA Labs, and Thompson Cyber
Security Labs Unite have teamed up to define agreed identification and
testing methodologies for spyware mitigation technologies.
Trojan spammers try to catch the UK napping (SC Magazine)
More than 2,400,000 emails containing the Trojan-downloader
Win32.small.cfg were sent to UK businesses late on Sunday night before
the anti-virus community could react, an IT security firm warned today.
Win32/Mywife.E@mm Security Advisory (Microsoft)
Microsoft wants to make customers aware of the Mywife mass mailing
malware variant named Win32/Mywife.E@mm. The mass mailing malware tries
to entice users through social engineering efforts into opening an
attached file in an e-mail message. If the recipient opens the file, the
malware sends itself to all the contacts that are contained in the
system’s address book. The malware may also spread over writeable
network shares on systems that have blank administrator passwords.
_____________________________________________________________________________________
January 30, 2006
ISP sends alert to Kama Sutra victims (CNET)
British-based Easynet follows worm trail, notifies people whose
systems may be infected with the virus.
Improved Cyber-Threat Solution From CA (TechWeb)
CA announced a threat management solution for comprehensive,
scalable protection against malicious code.
Programs in Peril (PC World)
Popular apps have more security flaws than Windows does.
Windows source code hacker gets two years (SC Magazine)
A 29-year-old Connecticut hacker was jailed for two years for
selling the source code of Microsoft's Windows operating system.
Programs in Peril (PC World)
Popular apps have more security flaws than Windows does.
IBM's Message: Speed Is Good, But Security's Better (Security Pipeline)
IBM last week revealed a slew of tools designed to let its E-mail and
collaboration applications connect with popular instant-messaging
products and allow users of its software to make Internet phone calls.
Dial ‘D’ for DoS; VoIP’s hidden security threat (SC Magazine)
Communications technology experts released a report highlighting
inherent security issues with VoIP applications such as Skype and Vonage
that could give online criminals an opportunity to operate undetected.
NIST updates cryptography guidelines for U.S. Federal Agencies (SC
Magazine)
In a bid to help U.S. federal agencies protect sensitive, but
unclassified information, the National Institute of Standards and
Technology (NIST) has updated a set of guidelines for selecting and
implementing cryptographic methods.
January 27, 2005
After Lawsuits, Company Pulls Spyware Cleaner (PC World)
Secure Computer says the product will not be available until its
problems are resolved.
Botnet Herders Hide Behind VoIP (TechWeb)
Internet telephone applications like Skype and Vonage could
become hacker hideouts, technologists and academics funded by MIT and
Cambridge University say.
Report: Hackers Can Hide Behind VoIP (NewsFactor)
A security vulnerability in VoIP that could enable hackers to
cover their tracks while launching denial-of-service attacks has been
uncovered by a group of communications authorities.
Enterprises ignorant of outsourcing security risks (SC Magazine)
Organizations that outsource their IT systems are increasing
their vulnerability to security breaches, causing possible long-term
damage to their businesses, insurers have warned.
Man Arrested On AOL Phishing Charges (TechWeb)
A California man has been arrested on federal charges of wire fraud. He
allegedly duped AOL users into surrendering personal information by
misidentifying himself as An AOL employee.
ABN AMRO banks on authentication application to fight identity theft (SC
Magazine)
ABN AMRO, one of the world's largest international banks, has
rolled out an automated document authentication system in a bid to
achieve compliance with pending regulations designed to fight identity
theft. The project to deploy Viisage’s iA-thenticate offering, was
undertaken in conjunction with Viisage's Netherlands business partner,
Securitech B.V.
_____________________________________________________________________________________
January 26, 2005
AOL Wins $5M Judgment Against Spammer (AP)
A man who sent billions of junk e-mails hawking online college
degrees, sexually explicit Web sites and "generic Viagra" must pay more
than $5 million in penalties to America Online Inc., a federal judge
ruled.
Security Volunteers Reach Out To Kama Sutra-Infected PCs (Security
Pipeline)
Security experts from a volunteer task force have collaborated
with the Internet Storm Center and others to contact ISPs and companies
whose computers have been infected with the Kama Sutra worm before the
Feb. 3 trigger when the worm begins overwriting files.
Ameriprise breach affects 230,000 (SC Magazine)
Ameriprise Financial, an investment group part of American Express until
last year, said the personal information of nearly a quarter-million
clients was compromised last month.
Kama Sutra worm set to bite next week (CNET)
Virus is primed to erase important files from infected PCs and
may also cause a traffic spike as it propagates itself.
Ameriprise Notifies Clients of Data Theft (AP)
Ameriprise Financial Inc. said Wednesday it has notified about 226,000
people that their names and other personal data were stored on a laptop
computer that was stolen from an employee's vehicle.
_____________________________________________________________________________________
January 25, 2005
Gartner Bashes Oracle Over Security (TechWeb)
Oracle security practices are raising red flags, a Gartner
analyst recently warned, and administrators should hunker down in
protecting their database systems.
Washington state sues spyware maker (CNET)
Microsoft joins state lawmakers in filing suit against a software
maker they say preyed on people's fears to sell a fake security tool.
Tech Giants Take on Badware (PC World)
Google, Lenovo, and Sun are funding a new group designed to help
consumers fight malicious software.
Oracle Advises Users: Patch Critical Hole—Now! (eWeek)
Oracle is advising its customers to quickly apply a database
patch for a flaw security experts are calling "very severe."
Cybercrime Feared 3 Times More Than Physical Crime (TechWeb)
Three times more Americans think they'll be hit by computer crime
in the next year than real-world wrongdoing of the old-fashioned kind, a
survey released Wednesday by IBM said.
IT security becomes 'top priority' for European financial institutions
(SC Magazine)
The growing threat from hackers, new regulations, reputation
issues and the growing importance of direct channel self-service banking
are pushing IT security to the very top of the corporate agenda for
Western European financial institutions, new research has revealed.
Researchers Launch Anti-Spyware Site (AP)
A corporate-backed Web site being launched by researchers from
Harvard and Oxford universities seeks to become a clearinghouse for
Internet users on spyware and other malicious software.
Linux vendors on alert as flaw found in KDE (SC Magazine)
Linux vendors have issued a warning about a potentially serious
security hole in the KDE desktop environment, affecting a number of
Linux distributions that use the software.
Internet brain trust aims to shame spyware makers (Reuters)
Internet researchers at Harvard and Oxford universities said on Tuesday
they are seeking to enlist Web users in a program to name and shame
suppliers of spyware and other malicious software programs.
_____________________________________________________________________________________
January 24, 2005
Spam Slayer: Next-Generation Spam (PC World)
Spammers will innovate, morph, and adapt in 2006. What can you
expect?
FSA warns UK consumer confidence in online banking 'fragile' (SC
Magazine)
Confidence in internet banking among UK consumers is "fragile",
with half of active internet users telling the Financial Service
Authority (FSA) that they were 'extremely' or 'very' concerned about the
fraud risk when making online transactions.
'Botmaster' pleads guilty to computer crimes (Reuters)
A 20-year-old accused of using hundreds of thousands of hijacked
computers, or "bot nets," to damage systems and send massive waves of
spam across the Internet, pleaded guilty to federal charges on Monday.
Credit card firms must do more to fight online fraud (SC Magazine)
MasterCard’s recent move to offer financial incentives for companies
using its SecureCode payer authentication system, is a step in the right
direction to fight online card fraud, but still "not enough" Gartner has
warned.
_____________________________________________________________________________________
January 23, 2006
Calif. hacker pleads guilty to surreptitiously seizing control of
Internet-connected computers (AP)
A 20-year-old hacker admitted Monday to surreptitiously seizing
control of hundreds of thousands of Internet-connected computers, using
the zombie network to serve pop-up ads and renting it to people who
mounted attacks on Web sites and sent out spam.
Nyxem Worm Programmed to Erase Files (PC World)
Rapidly-spreading worm will overwrite data files on infected
computers on February 3.
Group formed to commercialize quantum cryptography (eeTimes)
A consortium of companies and universities led by MagiQ
Technologies has formed a joint venture to commercialize diamond
encrusted single photon (single particles of light) sources that are a
crucial component of quantum cryptography systems.
IronPort Gets Tougher On Spam (CRN)
IronPort enhances its SenderBase network to improve antispam
capabilities in its e-mail security suite.
New Trojan Horses Threaten Cell Phones (PC World)
Malware spreads via Bluetooth or multimedia messages and could leave a
device unusable.
Identity market consolidates as Viisage merges with Identix (SC
Magazine)
Identity specialist Viisage Technology and biometric technology
firm Identix Incorporated today announced they have entered into a
definitive agreement to merge in an all stock transaction valued at
approximately $770m.
kdelibs security update (Red Hat Network Alert)
A heap overflow flaw was discovered affecting kjs, the JavaScript
interpreter engine used by Konqueror and other parts of KDE. An attacker
could create a malicious web site containing carefully crafted
JavaScript code that would trigger this flaw and possibly lead to
arbitrary code execution. The Common Vulnerabilities and Exposures
project assigned the name CVE-2006-0019 to this issue.
East European cyber-police take down MSN phishing ring (SC Magazine)
The Bulgarian law-enforcement National Services to Combat Organized
Crime (NSCOC) agency has arrested an organized ring of eight individuals
who allegedly operated an international "phishing" operation.
January 20, 2006
Phishing Attacks Reach Record High (TechWeb)
They're back. Phishing attacks rebounded in November 2005 to
reach an all-time high.
9 Of 10 Companies Hit By Computer Crime, Says FBI (Security Pipeline)
Nearly nine out of every ten companies experienced a computer
security incident in 2005, the Federal Bureau of Investigation says.
New Kama Sutra Worms Corrupts Microsoft Documents (TechWeb)
A new worm that already accounts for 1 in every 15 pieces of
malicious code carries a "nuclear option" payload that corrupts data.
Novell urged to build open source community around AppArmor Linux (SC
Magazine)
Industry experts have predicted that Novell’s recent decision to
open up the source code of its AppArmor Linux application security
offering will only have a “meaningful result” if the firm succeeds in
developing a true open-source community around the technology.
Protecting cell users' privacy (CNET)
Phone records are for sale, and some people want mobile operators to
do more to protect sensitive customer information.
New AIM IM worm hides adware sting in its tail (SC Magazine)
Researchers have discovered a previously undocumented Instant
Messaging (IM) worm that targets AOL’s AIM applications. The recently
discovered worm is coded to exploit PC hosts infected with lockx.exe or
palsp.exe. It uses IRC enabled malware to connect the host to a server
for further infection through a series of commands.
_____________________________________________________________________________________
January 19, 2006
Porn worm disables security tools (SC Magazine)
Security experts have warned users to be wary of unsolicited
emails claiming to contain obscene pictures and sex movies. The Nyxem-D
worm (also known as Email-Worm.Win32.VB.bi or W32.Blackmal.E@mm) can
spread via email using a variety of pornographic disguises, in an
attempt to disable security software.
Less waiting, fingerprint check coming to your bank (Reuters)
Imagine a personalised welcome, few queues and fingerprint
checks. This could be your bank branch in the future, thanks to
cutting-edge technology such as radio frequency identification and
biometric scanning.
India Sets Up IT and Call Center Database to Fight Fraud (eWeek)
India's booming information technology and call center industry launches
a database for its workforce that it hopes will boost data security
after reports of theft surfaced last year.
Network Access Control market will soar to $3.9bn by 2008 (SC Magazine)
Global manufacturer revenue for Network Access Control (NAC) enforcement
will grow 1,101 per cent, from $323m to $3.9bn between 2005 and 2008,
new research has predicted.
_____________________________________________________________________________________
January 18, 2006
Oracle Products Contain Multiple Vulnerabilities (CERT Advisory)
Various Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include remote
execution of arbitrary code, information disclosure, and denial of
service.
Zombies attack million dollar website (SC Magazine)
The student that made a million dollars in four months by selling
pixels on a web page has had his site come under a DoS attack by
extortionists.
You've Got Problems: AOL Patches Photo Flaw (PC World)
Users are urged to upgrade their software after a critical vulnerability
is found.
Simple Worms Makes Great Strides (TechWeb)
A worm has quickly climbed the malware chart to the number three spot, a
Finnish security company says.
When's a Rootkit Not a Rootkit? In Search of Definitions (eWeek)
An industry initiative to find a conclusive way to describe rootkits is
under way, but experts are worried that strict definitions will only
legitimize the use of a dangerous piece of technology.
Scammers send out Iraq war booty email (SC Magazine)
Scammers are using the war in Iraq to con unsuspecting email users out
of money.
One-third of U.S. consumers fear shopping online (SC Magazine)
One in three U.S. online adults said security fears compelled them to
shop less online or not at all over the last holiday season, new
research has claimed.
_____________________________________________________________________________________
January 17, 2006
Microsoft Refutes Windows "Back Door" Claim (TechWeb)
Microsoft is rejecting allegations that the Windows Metafile (WMF)
bug is actually a "back door" planted by the company's developers so
they could secretly access users' PCs.
Microsoft Defends WMF Decision (PC World)
Security vulnerability was not created as an intentional back door
into Windows, exec says.
Symantec's DeepSight Warns Of Targeted Attacks (TechWeb)
Symantec updates its DeepSight Threat Management System to
provide customers with warnings of attacks specifically targeting their
Internet domains.
Fraud Spam Baits with Russian Billions (NewsFactor)
Imprisoned Russian billionaire Mikhail Khodorovsky has joined the likes
of a fictitious African astronaut stranded on the Mir space station as
the latest bait in a new round of fraud spam.
Spanish police arrest U.S. navy hacker (SC Magazine)
The Spanish Civil Guard has arrested an 18-year-old man suspected
of hacking into the computer systems of the U.S. Naval base.
SPI Tool Measures Web App Security Risk (eWeek)
As enterprises increasingly move to Web-based applications, SPI's
AMP 2.0 helps them stay on top of vulnerabilities.
Firms unprepared for new blended security threats, IDC warns (SC
Magazine)
Industry analysts warned today that IT security threats are becoming
more sophisticated and organized, making it imperative for businesses of
all sizes to put controls into place that secure operations and
infrastructures.
Anti-Spyware Coalition finalises detection guidelines (SC Magazine)
The Anti-Spyware Coalition (ASC), which counts AOL, McAfee, Microsoft,
Symantec and Yahoo! among its members, this week released the final
working report of a risk model description that helps provide
transparency in how anti-spyware companies evaluate software
applications.
_____________________________________________________________________________________
January 16, 2006
Security Pros Get Their Due (Security Pipeline)
There's a growing market for information security expertise, and
salaries are reflecting heightened demand. But beware--when it comes to
pay, there's essentially no difference between IS workers with high
school diplomas and bachelor's degrees, according to the SANS
Institute's 2005 Information Security Salary and Career Advancement
survey of more than 4,250 IS pros. People with grad degrees can expect
to earn significantly more, however.
Five Essential Steps To PC Security (InformationWeek)
In the latest Lange Letter, Fred says keep these items in mind to
help prevent data theft, identity theft, and private information falling
into the wrong hands.
Apple iTunes sounds bum note with critical security flaws (SC Magazine)
IT security experts have warned enterprises to take immediate action
against four “critical” security vulnerabilities related to an old, but
widely distributed, versions of Apple’s QuickTime media player and
iTunes music store software.
FBI issues warning over sick West Virginia mining disaster email scam
(SC Magazine)
Security experts have uncovered a sick email scam that attempts to
fool computer users into thinking they are giving money to the sole
survivor of the Sago mine disaster in West Virginia. Worries that sick
scammers may attempt to defraud internet users who were touched by news
of the tragedy led the FBI to issue a warning on its website.
January 13, 2006
U.S. Companies Fined for Using Illegal Software (PC World)
Business Software Alliance found illegal Adobe, Apple, and
Microsoft software in use.
Ad Gimmick Site Blasted Offline By DOS Attack (TechWeb)
The Million Dollar Homepage, an ad gimmick that brought more than
$1 million to its 21-year-old creator, was under a massive
denial-of-service attack.
ethereal security update (Red Hat Network Alert)
Updated Ethereal packages that fix various security
vulnerabilities are now available.
Gov't Struggles with Data Breaches (NewsFactor)
As lawmakers attempt to strengthen information security provisions for
companies that collect consumer information, the government is
struggling with data protection itself.
Firm: Demand IM integration plans (SC Magazine)
Symantec's recent agreement to acquire IMlogic begins the predicted
convergence in the instant messaging (IM) security market, Gartner has
reported. Companies have been advised by the analyst firm to expect
similar acquisitions in the sector to continue and, as a result, make
only tactical investments in stand-alone IM security and management
tools.
Detroit spammer faces years behind bars (SC Magazine)
A man accused of sending millions of illegal spam emails from
compromised computers belonging to, is expected to plead guilty in a
U.S. court session on Tuesday.
_____________________________________________________________________________________
January 12, 2006
Biometric ID Vendors Viisage, Identrix Merge (eWeek)
The combined companies will offer biometric security technologies
including facial, fingerprint and skin identification.
Symantec, Kaspersky Criticized for Cloaking Software (PC World)
Companies are accused of using rootkit-like techniques to hide
information from users.
Symantec Denies It Uses Rootkit In Software (TechWeb)
Symantec disputes the claim by researchers who said it was using
a rootkit to hide files from users.
Important: cups security update (Red Hat Network Alert)
Updated CUPS packages that fix multiple security issues are now
available for Red Hat Enterprise Linux.
RSS malware plague predicted for 2006 (SC Magazine)
The fast growing popularity of RSS (Really Simple Syndication)
means that the technology will pose increasingly significant problems
for IT security professionals this year, new research has warned.
MasterCard Advances Consumer Data Protection (eWeek)
MasterCard puts incentives, tools and education into merchants' hands to
help them protect consumer data.
Dangerous MSN Trojan blends spyware and keylogger threats (SC Magazine)
IT security watchers today warned of a newly intercepted
malicious Trojan which disguises itself as MSN Messenger in order to
prevent detection.
_____________________________________________________________________________________
January 11, 2006
Apple QuickTime Vulnerabilities (US-CERT)
Apple has released QuickTime 7.0.4 to correct multiple
vulnerabilities. The impacts of these vulnerabilities include execution
of arbitrary code and denial of service.
Microsoft's Newest Bug Could Be Awful, Researcher Says (TechWeb)
A new Outlook and Exchange vulnerability has the potential to
become a much more virulent problem than the long-hyped Windows Metafile
bug patched last week, says one of the e-mail flaw's discoverers.
Apple Patches QuickTime Vulnerabilities (PC World)
Flaws could allow attackers to run malicious code on Mac OS X and
Windows PCs.
FTC Launches Site To Fight Net Crime (NewsFactor)
Responding to the rising cybercrime threat, the Federal Trade
Commission on Tuesday unveiled an online tool designed to help consumers
avoid becoming victims of Internet scams.
Hackers turn to rootkits for next-generation IM malware (SC Magazine)
The number of security threats targeting Instant Messaging (IM)
networks increased by 826 percent in December 2005, compared with the
December of the previous year, newly published research has revealed.
Windows vs. Linux: Think Patch Quality, Not Quantity (eWeek)
Tests at Microsoft's Linux lab show that counting the raw number
of security updates required by the various operating system flavors is
not as meaningful as examining the efficiency of the update process.
The ins and outs of the new 'annoy' law (CNET)
A new federal law aims to outlaw certain types of annoying Web sites and
e-mail. What does it mean in practice?
Warning issued over 419 spam promising Volkswagen lottery win (SC
Magazine)
Security experts today warned internet users of a spam campaign
which pretends that the recipient has won a lottery sponsored by the
Volkswagen motor company.
_____________________________________________________________________________________
January 10, 2006
Microsoft Releases Two Security Patches (AP)
Microsoft Corp. released two patches Tuesday that carry its
maximum rating of critical, to fix software problems that could allow an
attacker to take control of another person's computer.
Microsoft Windows, Outlook, and Exchange Vulnerabilities (US-CERT)
Microsoft has released updates that address critical
vulnerabilities in Windows, Outlook, and Exchange. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable
system.
Microsoft Dubs New WMF Bugs "Performance Issues" (TechWeb)
Microsoft is downplaying the risk of newly reported bugs in
Windows' graphic rendering engine, and disputes the labeling of the
threats as vulnerabilities.
Open-source database issues 'critical' fix (CNET)
Developers urge PostgreSQL users to update their installations
immediately to protect themselves.
Qwest Under Fire for Terms of Service (NewsFactor)
A discussion on a Web site sparked a public relations brushfire
for Qwest on Monday over the contract its high-speed Internet customers
must agree to.
Novell Open-Sources Major Linux Security Program (eWeek)
The AppArmor intrusion-prevention system protects Linux and its
applications from the effects of attacks, viruses and malicious
applications.
Gartner warns WMF flaw could have 'far-reaching enterprise impact' (SC
Magazine)
The recently disclosed Windows Metafile (WMF) exploit could
damage many enterprise systems, not just those that directly use the
affected process, Gartner has warned.
Parents and enterprises warned of ‘Podporn’ problem (SC Magazine)
Security experts today issued a warning about the fast growing
problem of pornography being accessed via devices such the new
video-enabled Apple iPod or Sony PSP.
Two New Windows Metafile Bugs Found (PC World)
Less serious than one fixed by early Windows patch last week,
experts say.
_____________________________________________________________________________________
January 9, 2006
ISPs asked to help clean up Sober worm (CNET)
Security company says ISPs should warn customers with infected
PCs so they can disinfect the machines.
More Unpatched Bugs Loose In Windows Metafile (TechWeb)
Just days after Microsoft rushed out a patch for a bug in Windows
Metafile (WMF) image processing, a security company warns customers that
multiple memory corruption vulnerabilities in the same rendering engine
could leave users open to attack.
Your IM Buddy, Or A Hacker? It's Getting Harder To Tell (Security
Pipeline)
Just before New Year's, some Europeans received a link from the buddy
list in their MSN Instant Messenger software to a purported funny
Christmas picture. The joke was on them. Clicking on the link let in a
worm that exploited the recent Windows Meta File vulnerability, giving
hackers access to their PCs.
By Law: Catching Up with Malware (NewsFactor)
Companies large and small are still feeling the effects of
spyware. While spyware is not as threatening as viruses, it still is
damaging from a productivity standpoint in an enterprise.
IM and P2P threats reach 'critical levels' (SC Magazine)
During 2005 the number of security threats propagating via
Instant Messenger (IM) and Peer to Peer (P2P) networks increased by more
than twenty-fold - representing a 2,200 percent increase over 2004,
newly published research has claimed.
Widener University Finds Firewall Flexibility (eWeek)
The large IT department, also an ISP, chose Fortinet's solution for a
scalable firewall that would integrate with its existing Nortel network.
Betting on Risk Management (eWeek)
Companies are learning how to quantify value of investing in IT
safeguards.
US court orders $11 billion damages against Florida spammer (SC
Magazine)
A US-based ISP has been awarded damages of $11 billion in a
judgment against a Florida man who sent millions of unsolicited spam
emails.
January 6, 2006
Sober a dud - so far (SC Magazine)
Hours after Sober's planned reactivation date had passed, there
was no activity by the virus, security firms said Friday.
Patched Windows Bug Will Be Danger For Months (TechWeb)
Although Microsoft patched a major bug, the underlying
vulnerability may haunt Windows users for the next six to eight months.
FTC Nails Two Spyware Sellers For Tricking Users (TechWeb)
Two companies accused of deceiving computer users into believing
their systems were infected with spyware have settled with the Federal
Trade Commission.
Microsoft: Early release was customers' call (SC Magazine)
Microsoft released its meta file vulnerabilty patch early
partially because of customer feedback, a company vice president
confirmed this week.
Capitol cookie capers (CNET)
Despite pledges to the contrary, D.C. legislators employ Web
cookies, a CNET News.com investigation finds.
mod_auth_pgsql and httpd Security Updates (Red Hat Network Alert)
Updated mod_auth_pgsql packages that fix format string security issues
are now available for Red Hat Enterprise Linux 3 and 4, and updated
Apache httpd packages that correct three security issues are now
available for Red Hat Enterprise Linux 3 and 4.
_____________________________________________________________________________________
January 5, 2006
Microsoft Patches Windows Flaw (NewsFactor)
Microsoft released a software patch for its Windows operating
system Thursday to fix a flaw that has spawned attempts to take control
of Internet-connected computers.
Sober Worm Outbreak Under Control (VARBusiness)
Concerns over the latest potentially high-profile Internet worm
attack seem to have been allayed this week, as security vendors, their
partners and customers seem better prepared than usual to deal with the
threat.
Update for Microsoft Windows Metafile Vulnerability (US-CERT)
Microsoft Security Bulletin MS06-001 contains an update to fix a
vulnerability in the way Microsoft Windows handles images in the Windows
Metafile (WMF) format.
Zafi.d December's top virus (SC Magazine)
A virus in circulation for more than a year and a half was the most
intercepted malicious program of December, one security firm said this
week.
Government sites following visitors (CNET)
Federal agencies quietly track visits to U.S. government Web sites
despite rules designed to protect online privacy, a CNET News.com has
learned.
D-Link Shows New Internet Security Device (PC World)
Slim appliance will work as a firewall and protect PCs from viruses and
spyware.
Microsoft's WMF Patch Leaks Out (eWeek)
A cryptographically signed version of Microsoft's WMF patch leaks
out to a security community site, prompting an updated advisory from the
software giant. At the same time, announcements of third-party patches
keep arriving in mailboxes.
Linux/Unix Vulnerabilities Outnumber Windows' 3 To 1 (Security Pipeline)
Tallies kept by the U.S. government's computer security group show that
Linux and Unix operating systems faced nearly three times the number of
vulnerabilities in 2005 than did Microsoft's often-maligned Windows.
_____________________________________________________________________________________
January 4, 2006
Windows Attacks on the Rise (PC World)
Malicious software targeting the unpatched WMF vulnerability is
now the most widely reported threat on the Internet.
'Vandalism complaint' a new WMF trojan (SC Magazine)
A new trojan, which claims to be from a Yale University professor
disturbed by New Year’s vandalism, is exploiting the recently exposed
Microsoft Windows metafile vulnerability.
United Airlines Computer Snafu Being Investigated (Information Week)
Reservation and passenger-processing system outage left
struggling airline unable to sell tickets for four hours.
Sober time bomb's under control (CNET)
Variant of worm that clogged e-mail servers is expected to
attack this week, but antivirus specialists aren't worried.
Experts Clash Over Third-Party Windows Metafile Patch (TechWeb)
While some security experts urge users to apply an third-party
patch to block attacks against the Windows Metafile (WMF) bug, others
say that is a bad idea.
Microsoft Set To Release Metafile Patch (NewsFactor)
Following the discovery of a particularly alarming flaw in
Windows, Microsoft plans to have a patch ready for the next "Patch
Tuesday," which falls on January 10.
Microsoft hopes to have virus patch next week (Reuters)
Microsoft Corp said it hopes to have a patch ready next week to fix the
most recent flaw found in its Windows program -- a flaw that could leave
computers vulnerable to a virus.
Denial-of-Service Bug Bites BlackBerry (eWeek)
Research in Motion downplays the risk, but there are public
claims that code execution attacks may be possible.
_____________________________________________________________________________________
January 3, 2006
Fakes! (PC World)
Counterfeit hardware is making its way to online merchants and to stores
near you. And poor performance isn't the only risk: Bogus parts can be
hazardous to your health.
Symantec to Acquire IM Security Vendor IMLogic (eWeek)
The security company will integrate IMLogic's IM Manager and
IMLinkage into its growing messaging security line.
WMF flaw to be patched this month (SC Magazine)
This month's “patch Tuesday” update bulletin from Microsoft will
feature a security update for the recently exploited Windows Meta File
vulnerability.
Microsoft Urges Users to Wait for Official Patch (PC World)
Software giant says fix for WMF flaw is coming, advises against
installing unofficial fixes.
December IM Attacks Jump 826 Percent Over '04 (Security Pipeline)
Attacks against public instant messaging networks soared over 800
percent in December 2005, compared to the same month last year, a
security company announced Tuesday.
Sober to strike this week (SC Magazine)
The first worm epidemic of the new year - the latest variant of
the Sober worm - is poised to strike at the end of this workweek,
security experts have warned.
eBay, PayPal Year's Top Phishing Targets (TechWeb)
eBay and its associated PayPal payment service were the two
biggest targets of phishers during 2005, a study says.
Microsoft Prepares Patch for Windows Flaw (AP)
Microsoft Corp. says it will be at least a week before it issues
a fix to a recently discovered vulnerability that could let an attacker
take control of an Internet-connected computer.
Security: Don't Be Camera-Shy (Security Pipeline)
Surveillance is serious business. For the digital integrator, the
equipment needs to be reliable and easy to install and configure.
Digital Connect Lab engineers reviewed Smartvue's Smartvue S2--a
self-configuring, wireless IP, video surveillance camera--and found that
it takes all of the guesswork out of installing security systems.
_____________________________________________________________________________________
January 2, 2006
Windows WMF flaw: How to protect against attacks (ComputerWorld)
With Microsoft promising a security update "upon completion of
[an] investigation" of the WMF security flaw, there's currently no
vendor-sanctioned fix for the Windows Metafile vulnerability (see "Risk
of Windows WMF attacks jumps 'significantly,' security firm warns").
However, there are ways to protect your system and network from
potential attack.
|
