|
June 30,
2006
EMC announces $2.1 billion RSA acquisition (SC Magazine)
EMC Corporation announced late yesterday afternoon that it will
acquire the security juggernaut RSA Security for slightly less than $2.1
billion.
China Cracks Down on Blogs, Search Engines (AP)
China's Internet regulators are stepping up controls on blogs and search
engines to block material it considers unlawful or immoral, the
government said Friday.
_____________________________________________________________________________________
June 29,
2006
Co-Founder of ID Theft Web Site Sentenced (AP)
The co-founder of a Web site that investigators claimed was one
of the largest online centers for trafficking in stolen identity
information and credit cards was sentenced Thursday to two years and
eight months in prison.
FBI Recovers Stolen Veterans Affairs Laptop (TechWeb)
A missing laptop and hard drive packed with identity info on 26.5
million military personnel has been recovered.
Windows Flaw, Word Trojan Found (darkREADING)
Microsoft is looking into another possible Windows hole, and a new
Trojan rides in on Word docs
Hackers Hit Israel Internet Sites (NewsFactor)
Hackers have attacked 750 Israeli Internet sites, among them that
of the country's largest bank, to protest Israel's military operations
in the Gaza Strip.
Net Watchdog: PC Protection Made Easy (PC World)
AOL Active Security Monitor helps manage the security of multiple
PCs. How well does it work?
Insurance Policies For File Sharing? (techdirt)
There isn't much detail on this (speaking Swedish might help),
but in a Slashdot collection of posts, if you scroll down a bit, there's
a short blurb about an insurance company in Sweden that is supposedly
selling insurance policies to protect people from RIAA lawsuits.
_____________________________________________________________________________________
June 28,
2006
International Virus-Writing Gang Busted (NewsFactor)
Police have rounded up three men allegedly involved in an
international conspiracy to spread viruses by e-mail and steal personal
information from unsuspecting computer users.
Symantec Makes Enterprise Security Services Play (CRN)
Symantec Wednesday launched a program that marries threat and
vulnerability management data with the vendor's consulting expertise to
help large enterprises develop security policies and safeguard their
networks.
Spammers Turn to Images to Fool Filters (AP)
Spammers are increasingly sneaking their messages past e-mail
filters by sending their pitches as images rather than text, spam
experts say.
Finnish and UK police arrrest worm gang (SC Magazine)
Police in in the UK and Finland have arrested three men in
connection with computer worm attacks.
Lawmakers to Tackle Online Child Porn (AP)
Internet providers told Congress on Tuesday they're doing all
they can to combat online child pornography, but they were told to
expect legislation.
Comcast says to keep Internet records for 180 days (Reuters)
An executive with U.S. cable operator Comcast Corp. told lawmakers on
Tuesday the company will hold on to Web address records for a longer
period of time under a new policy to help law enforcement.
_____________________________________________________________________________________
June 27,
2006
Apple Fixes Vulnerabilities In OS X Update (CRN)
Apple Tuesday released Mac OS X version 10.4.7, which fixes
several security vulnerabilities that at least one security vendor rated
as serious.
70 percent of IT professional still rely on passwords alone (SC
Magazine)
Over seven in ten security professionals are still relying on
passwords alone to secure their networks, according to a new survey.
Unlucky 13 sacked from Merrill Lynch over porn (SC Magazine)
U.S. financial giant Merrill Lynch dismissed 13 staff at its
Dublin office after they had sent pornographic material through its
email system. This followed the suspension of 20 staff the previous
Monday following an internal investigation.
Internet companies to battle child pornography (Reuters)
Microsoft Corp., Yahoo Inc., AOL and two other U.S. Internet companies
late on Monday said they are joining forces to fight the distribution of
child pornography on the Web.
_____________________________________________________________________________________
June 26,
2006
Flaw Found In Cisco Secure Access Control Server (CRN)
A vulnerability has been discovered in Cisco's Secure Access
Control Server (ACS), a key part of Cisco's trust and identity
management framework and one of the cornerstones of the vendor's Network
Admission Control (NAC) initiative.
Symantec Unveils Anti-Phishing Suite (TechWeb)
Symantec announces an online transaction safety suite scheduled
to release for Windows and the Mac OS X operating system this fall.
Symantec Bundles Security Services (darkREADING)
Threat and Vulnerability Management Program blends security
alerts with consulting
Microsoft Warns of Dial-Up Bug (PC World)
If you haven't updated Windows recently, your PC could be
vulnerable.
Warnings over new 'pump and dump' scam (SC Magazine)
Experts have warned about a new scam encouraging users to buy
stock in a cosmetics company in order to inflate its stock market price.
VA Barred From Publicizing Offer to Vets (AP)
A federal judge temporarily has barred the government from
publicizing its free credit monitoring offer to veterans whose personal
data was stolen and wants to see if they might get a better federal
offer.
Data Brokers, Their Customers Spark Congress' Ire (InformationWeek)
Last week's Congressional hearings bring to light the fact that just
about all personal information is for sale, and the issue lawmakers are
wrangling with now is what to do about it.
June 23, 2006
Get a degree in hacking (SC Magazine)
Security professionals will soon be able to get a degree in
hacking when a Scottish university launches the U.K's first ethical
hacking degree this September.
Government Hit by Rash of Data Breaches (AP)
The government agency charged with fighting identity theft said
Thursday it had lost two government laptops containing sensitive
personal data, the latest in a series of breaches encompassing millions
of people.
USDA says hacker may have stolen employees' data (Reuters)
A computer hacker may have stolen "personal identity information" for
26,000 current and former Agriculture Department headquarters employees,
agency officials said.
_____________________________________________________________________________________
June 22, 2006
Data Losses Hit Four More (darkREADING)
The list of big-name organizations reporting security breaches
just keeps growing.
Researchers Use Wi-Fi Driver to Hack Laptop (PC World)
Hack will be demonstrated at the upcoming Black Hat conference.
Agriculture Department Systems Hacked (NewsFactor)
A hacker broke into the Agriculture Department's computers and may have
obtained names and Social Security numbers of 26,000 employees and
contractors, the department said.
Forensics Expert Attempts To Link UBS Attack And Defendant
(InformationWeek)
In the ongoing UBS computer sabotage trial, the government's
forensics expert testified that he connected defendant Roger Duronio's
user name and home computer directly to the logic bomb that took down
the company network.
Hacker Enters Agriculture Dept. Computers (AP)
A hacker broke into the Agriculture Department's computer system and may
have obtained names, Social Security numbers and photos of 26,000
Washington-area employees and contractors, the department said
Wednesday.
Safety Experts: MySpace Changes Not Enough (AP)
New security measures for young users of MySpace.com won't be enough to
stop online child predators, safety experts warned Wednesday.
_____________________________________________________________________________________
June 21, 2006
Expert Urges Individuals To Press For Privacy And Security (TechWeb)
The author of "The Unwanted Gaze: The Destruction of Privacy in
America" urges executives at SIA to think about privacy in broad
New Bagle variant using .zip attachments (SC Magazine)
The ever-present Bagle worm again is making the rounds, this time
spreading as an emailed .zip attachment encrypted with a password.
Symantec's new Web-security service not delayed yet (Reuters)
Symantec Corp. said on Wednesday the release of its new Web-based
security service would depend on response to user trials and would be
held back if required tweaks meant it would miss the key holiday period
in the United States.
MySpace Plans New Restrictions for Youths (AP)
MySpace.com is planning new restrictions on how adults may contact its
younger users in response to growing concerns about the safety of
teenagers who frequent the popular online social networking site.
_____________________________________________________________________________________
June 20, 2006
AT&T Study Finds Companies Aren't Prepared For Disasters (TechWeb)
AT&T Inc.'s fifth-annual Business Continuity Survey says that 28
percent do not have adequate plans in place to cope with natural or
other disasters.
Compliance Announcements Show Breadth of Concerns (VarBusiness)
Making sure an organization is compliant with government
regulations is one of the most perplexing challenges in the IT industry.
Some companies can't begin to guess how close they are to fulfilling all
requirements; others may be fully compliant and not even know it.
Feds Pump Up Intellectual Property Protection Efforts (PC World)
Department of Justice opens up 12 new offices to fight
cybercrimes.
UK consumers not aware of online scams (SC Magazine)
Nearly one-in-three UK consumers are unaware of phishing emails
and other scams, according to a new study.
Crime Alerts at Your Fingertips in Boston (AP)
Phil Carver may never see the white Maxima stolen near his neighborhood,
but the description e-mailed to him by the Boston Police Department will
be in the back of his head when he goes for a walk with his kids.
McAfee releases Falcon betas (SC Magazine)
McAfee released on Friday the beta version of its new security platform,
code-named “Falcon.”
_____________________________________________________________________________________
June 19, 2006
Keylogger to blame for Oregon Revenue Department breach (SC Magazine)
A keystroke-capturing trojan was to blame for the possible
compromise of the personal information of some 2,200 Oregon taxpayers
after a state Department of Revenue (DOR) employee downloaded the bug
while surfing pornographic websites.
Exploit Prevention Labs Ships Zero-day Exploit Blocker (TechWeb)
The signature-based monitor detects and blocks vulnerability
exploits, not the worm, spyware, or Trojan payloads that traditional
anti-virus and anti-spyware software seek out.
Altera offering Stratix II IP encryption solution (EE Times)
Programmable logic supplier Altera has made available a
comprehensive intellectual property encryption solution to improve
security of Stratix II FPGA design.
Microsoft to update new patch because of scripting issue (SC Magazine)
Microsoft will update one of the patches it released last Tuesday
due to an error that prevents certain scripts from running.
Google Pages Used to Host Trojan Horse (PC World)
Free Web hosting service was being used by hackers trying to
steal money.
Encryption Can Save Data in Laptop Lapses (AP)
Reports of data theft often conjure up images of malicious hackers
breaking into remote databases to filch Social Security numbers, credit
card records and other personal information.
June 16, 2006
Aladdin: Spyware threats tripled in 2005 (SC Magazine)
A study released this week found that the number of distinct
spyware threats more than tripled last year, while the number of trojan
threats more than doubled last year.
Unpatched Excel Flaw Surfaces, Attacks Made (TechWeb)
Microsoft has disclosed that an attack is in play which exploits
an unpatched bug in the popular Excel software.
Spanish IM worm predicts death for users (SC Magazine)
A new Spanish-language worm that predicts death to the recipient and
disables anti-virus software is making its rounds on Microsoft’s instant
messenger service, security experts warned this week.
Microsoft Antipiracy Tool Still Irks Users (PC World)
Users are reporting flaws with the Windows Genuine Advantage program.
More Data Debacles In VA Future (TechWeb)
A repeat of the May debacle is inevitable unless changes are made.
That's the assessment of the director of information management at the
GAO.
_____________________________________________________________________________________
June 15, 2006
Microsoft Vulnerabilities Hit Critical Levels (darkREADING)
With patches out, Microsoft reveals critical vulnerabilities in
Windows and associated apps
New Microsoft flaw exploits in the wild (SC Magazine)
A number of exploits for disclosed vulnerabilities Microsoft
vulnerabilities were reported to be in the wild just hours after the
company’s Patch Tuesday release.
Execs Express Top Security Concerns (NewsFactor)
When it comes to protecting corporate assets, there seems to be
little that security managers don't worry about, at least according to
executives attending the recent Converge conference.
Mobile VPN Rivals Merge (darkREADING)
Court dates made playmates out of NetMotion and Padcom
_____________________________________________________________________________________
June 14, 2006
VA Ignores Cybersecurity Warnings (PC World)
Government auditors tell House panel that they can't force VA
officials to comply with their recommendations.
Yahoo Says E-Mail Worm Now Contained (AP)
Yahoo Inc. said Tuesday it has contained a malicious program
aimed at the millions of people who use its e-mail service, which ranks
as the world's largest.
Microsoft warns of 8 "critical" security flaws (Reuters)
Microsoft Corp. on Tuesday warned of eight "critical" security flaws in
its Windows operating system and Office software that could allow
attackers to take control of a computer.
_____________________________________________________________________________________
June 13, 2006
Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint,
and Exchange Vulnerabilities (US-CERT)
Microsoft has released updates that address critical vulnerabilitiesin
Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer,
and Exchange Server. Exploitation of these vulnerabilities could allow a
remote, unauthenticated attacker to execute arbitrary code or cause a
denial of service on a vulnerable system.
Barracuda Gets Bitten (darkREADING)
Email was held up for a few hours today after spam firewall
vendor inadvertently sent a bad virus definition
Microsoft Pumps Out A Dozen Patches For 21 Flaws (TechWeb)
Microsoft picks up the pace of security updates, releasing a huge
set that aims to fix 21 separate vulnerabilities.
Hackers break into Energy Department's nuclear weapons wing (SC
Magazine)
A hacker obtained data belonging to the federal Department of Energy’s
nuclear weapons agency last year, stealing the names and Social Security
numbers of 1,500 department employees.
Microsoft: Trojans a Significant Threat (NewsFactor)
According to Microsoft, while rootkits have not yet risen to the
level of being a hacker weapon of choice, Trojan horse programs have
become a "significant and tangible threat."
Novell launches identity management framework (SC Magazine)
Novell has entered the identity management space by sponsoring an
open-source initiative that company officials say will take the
confusion out of running distinct point solutions.
Microsoft moves enterprise security to Forefront (SC Magazine)
Forefront is Microsoft’s new solution designed to manage and control
enterprise IT security, the company announced this week as part of the
annual Microsoft Tech Ed conference in Boston.
Four in ten security staffers write down passwords (SC Magazine)
Nearly 40 percent of IT professionals store important passwords on
paper, according to a new report.
Yahoo, world's most popular e-mail, hit by worm (Reuters)
Yahoo Inc., the world's largest provider of e-mail services, said on
Monday that a software virus aimed at Yahoo Mail users had infected "a
very small fraction" of its base of more than 200 million accounts.
_____________________________________________________________________________________
June 12, 2006
Microsoft Recasts Its Security Products For Business (Information Week)
The company's PC, server, and network security products get
rebranded under the Forefront name.
U.S. Court Backs Government Broadband Wiretap Access (varBusiness)
A U.S. appeals court Friday
upheld the government's authority to force high-speed ISPs to give law
enforcement access for surveillance purposes.
Spyware threats triple (SC Magazine)
The amount of spyware detected on the internet has tripled over the last
year, according to new research.
DOE Computers Hacked; Info on 1,500 Taken (AP)
A hacker stole a file containing the names and Social Security numbers
of 1,500 people working for the Energy Department's nuclear weapons
agency.
Patch Tuesday Will Bring 12 Updates (NewsFactor)
This coming Tuesday, June 13, is Microsoft's monthly security-patch
update day, and the software giant has a big set of fixes for its users
to download, several of them rated critical.
June 9, 2006
Two-thirds fail to guard against mobile threat (SC Magazine)
Two-thirds of IT professionals fail to include mobile devices in
their security policies, according to a new study.
Two Charged in VOIP Hacking Scandal (darkREADING)
Authorities say two men ran a wholesale VOIP business using
allegedly fake codes to load call traffic onto unsuspecting VOIP
networks.
_____________________________________________________________________________________
June 8, 2006
AOL Offers Security Tool (PC World)
Free diagnostic tool checks security settings of PCs and home
networks.
Miami Man Arrested for Theft of VoIP Calls (AP)
A Miami businessman helped by a professional hacker penetrated
the networks of Internet phone providers to connect hundreds of
thousands of free calls, federal prosecutors alleged Wednesday.
IM attacks on the rise in May (SC Magazine)
The number of Instant Messaging (IM) attacks increased by 500 percent in
May, Postini reported this week.
Tech.gov: Your Privacy Under Siege (PC World)
The government wants Internet firms to store records about you so
that it can have them if necessary for an investigation. Should you
worry?
_____________________________________________________________________________________
June 7, 2006
VA Data Theft Affects Active-duty Military; Vets Sue (TechWeb)
The data loss has been characterized by a Pentagon spokesman as
the largest ever.
Zero-day bug affects Internet Explorer, Firefox (SC Magazine)
Security experts are warning of a unique, yet low-risk,
JavaScript vulnerability that affects two of the world’s most popular
web browsers.
Symantec Ports Storage Apps To IBM's Power On Linux Platform (CRN)
IBM said Symantec is working on a port of Veritas products for
its Power servers running Linux.
New Service Seeks Out Security Gaps (darkREADING)
SekCheck has launched a new service that audits security
infrastructures and compares them against those of other enterprises.
_____________________________________________________________________________________
June 6, 2006
Microsoft to release new Antigen email security software next month
(TechWeb)
Microsoft announced today that the first products developed as a
result of the 2005 acquisition of Sybari Software will be released July
1.
Cleaning Up Data Breach Costs 15x More Than Encryption (TechWeb)
Now there's more evidence that data protection is cheaper than a
data breach.
Wireless Requires Flexibility, Security (darkREADING)
Commercial mortgage exec warns not to overlook users' needs.
Experts theorize on self-span emails (SC Magazine)
Security experts are perplexed over a new spamming technique in
which victims receive emails that appear to be coming from themselves.
Microsoft Live Labs Debuts New Security Services (TechWeb)
Microsoft releases a pair of beta security-related Web services from its
Live Labs group.
Qwest Offers OneCare with Broadband (NewsFactor)
Microsoft said that its security software will be included with
Qwest's high-speed Internet service, marking the first such partnership
for the software company's new online product.
Mobile devices 'inadequately protected', survey finds (SC Magazine)
IT managers are failing to protect data on corporate mobile devices by
not enforcing PIN codes and passwords to protect the data stored on
their laptops, PDAs and mobile phones, according to a new study.
Warnings of new blackmail virus (SC Magazine)
Security experts warned of a new variation of a virus that encrypts
files and then blackmails the user into parting with money in return for
a password.
_____________________________________________________________________________________
June 5, 2006
File Security Gets All Cryptic (darkREADING)
Vendors target file-level encryption and key management in an
attempt to lock down users' data.
One third of firms have fired staff over email misuse (SC magazine)
More than a third of UK companies has fired an employee for
violating email policies, according to new research.
Hotels.com Customer Info May Be at Risk (AP)
Thousands of Hotels.com customers may be at risk for credit card
fraud after a laptop computer containing their personal information was
stolen from an auditor, a company spokesman said Saturday.
Swedish Security Police probe suspected Web attacks (Reuters)
Sweden's domestic intelligence agency said it would probe why the
government's Web site crashed on Sunday amid reports hackers had sought
revenge for a crackdown on alleged online piracy.
June 2, 2006
Mozilla Products Contain Multiple Vulnerabilities (US-CERT)
The Mozilla web browser and derived products contain several
vulnerabilities, the most serious of which could allow a remote attacker
to execute arbitrary code on an affected system.
Mozilla Patches 12 Firefox Flaws (TechWeb)
Firefox 1.5.0.4 is the fourth security update to the 1.5 edition of the
browser since it released last November.
Phishing Scam Takes Aim at MySpace.com (PC World)
Social networking site is increasingly a target for identity thieves.
Security Spending Shifts (darkREADING)
Merrill Lynch survey: Security spending up, overall IT spending down
amid broader economic concerns.
Flaw Found in Windows XP, Server 2003 (PC World)
Security hold could lead to denial-of-service attacks on certain
HP Hit With Funlove Virus Again (PC World)
Company inadvertently distributed a virus with a printer driver,
security vendor says.
Little action from Kama Sutra Worm (SC Magazine)
To the delight of mouse-clickers around the globe, the so-called
Kama Sutra Worm scored high marks on foreplay – but failed to deliver
the knockout blow many security experts feared it would.
Firms Wary About Holding Customer Records (AP)
The head of the FBI says Internet companies should retain customer
records for two years to help the federal government investigate not
only porn but also terrorism.
_____________________________________________________________________________________
June 1, 2006
AOL E-Mail Delayed by Software Glitch (AP)
Millions of AOL users encountered delays sending and receiving
e-mail Thursday as the company worked to identify and fix a software
glitch.
Newest Ransomware Threat: Buy Drugs Or Else (TechWeb)
Trojan horse that tries to extort money from victims encrypts all
the files in Windows' "My Documents" folder after it infects a PC.
Rochdale woman targetted by cybercriminals (SC Magazine)
Police in Manchester are investigating the case of a Rochdale
woman whose computer files had been encrypted by cybercriminals.
VA Shake-up Follows Identity Theft (TechWeb)
Heads are rolling at the VA after the agency's data debacle in
which 26.5 million veterans' identities were stolen in a residential
burglary.
China goes high-tech to stop exam cheats (Reuters)
Some Chinese universities are to block mobile phone signals at exam
halls in a high-tech bid to stop cheating, Xinhua news agency said on
Thursday, warning that the practice may not be good for the students'
health.
|
