|
Security Headlines
Back
March 30, 2007
Microsoft Windows ANI header stack buffer overflow (US-CERT)
An unpatched buffer overflow vulnerability in the way Microsoft
Windows handles animated cursor files is actively being exploited.
New Fix for Windows Zero-Day Vulnerability (PC World)
Unofficial fix for unpatched Windows flaw offered by security vendor eEye
Digital Security.
Barracuda Bites Back at Image Spam (Network Computing)
Barracuda's Spam Firewall has officially declared open season on
image spam, the fastest-growing category of bulk e-mail.
eEye releases third-party patch for Microsoft Windows .ani handling flaw;
active exploits tied to Chinese hackers, Super Bowl XLI attack (SC Magazine)
Attacks exploiting a critical unpatched Windows vulnerability were today
linked to Chinese hackers and the February cross-site scripting attack on
the website of Dolphins Stadium, the site of Super Bowl XLI.
Virus Disguised as IE 7 Download (PC World)
Watch out for e-mails with a new virus disguised as a test version of
Microsoft's current Web browser.
_____________________________________________________________________________________
March 29, 2007
Breach of data at TJX is called the biggest ever (Boston Globe)
At least 45.7 million credit and debit card numbers were stolen by
hackers who accessed the computer systems at the TJX Cos. at its
headquarters in Framingham and in the United Kingdom over a period of
several years, making it the biggest breach of personal data ever reported,
according to security specialists.
Army warns of data theft (The Monterey County Herald)
The theft of an Army laptop computer from a civilian employee's car
has prompted warnings to civilians who work for the Army Training and
Doctrine Command that their personal data might have been exposed.
_____________________________________________________________________________________
March 28, 2007
New PC Security Recognizes Your Face (Information Week)
Enrolling users within the Bioscrypt system means first casting a
40,000-point infrared mesh grid over the user's face in order to take
measurements.
Cisco VoIP technology open to DoS attacks (SC Magazine)
Cisco Systems said today that its Unified CallManager and Presence
Server software contain a number of vulnerabilities that could permit DoS
attacks.
Symantec Secures Mobile Devices (Network Computing)
New software includes data-encryption technology to guard
confidential data and ensure corporate compliance.
Multiple flaws reported in IBM Lotus Domino products (SC Magazine)
Researchers from numerous security vendors have reported multiple remotely
exploitable flaws in IBM Lotus Domino products.
_____________________________________________________________________________________
March 27, 2007
DoD Investigates Hacking of Troops' Personal Computers (Kansas City
InfoZine)
Defense Department officials have launched an investigation into
recent computer hackings of servicemembers' home computers that compromised
personal information and led to the redirection of funds from their military
pay accounts.
Wireless networks levae computers vulnerable to identity theft (Miami
Herald)
As communities push to turn themselves into massive wireless
hotspots, unsuspecting Internet users are stumbling directly onto hacker
turf, giving computer thieves nearly effortless access to their laptops and
private information, authorities and high-tech security experts say.
_____________________________________________________________________________________
March 26, 2007
Microsoft Investigating Vulnerability In Vista's Windows Mail (Information
Week)
Reports have begun circulating that the bug in Windows Mail could
give a remote attacker access to the user's computer.
Free Security Tool Attracts 38 Million Downloads (PC World)
An Internet scorecard application which rates potential risks on Web sites
has been downloaded more than 38 million times since it was launched 12
months ago.
Column: Rootkits disguise their dirty deeds (Norwich Bulletin)
Your computer is acting up or, even worse, your Internet service provider
just called to tell you it is disconnecting your Internet access because
your computer has been compromised and is sending large quantities of spam
e-mail.
Trend Micro Sees U.S. Market Share Gains (Information Week)
Trend Micro is taking share from its bigger consumer security software
rivals in the United States and is on target to post double-digit growth in
2007, Chief Executive Eva Chen says.
March 23, 2007
Online Porn Act Dead For Now (Information Week)
A federal judge ruled that the Child Online Protection Act is
unconstutional, partly because it is both too broad and too narrow.
_____________________________________________________________________________________
March 22, 2007
Mozilla Releases Firefox Update To Patch Port-Scanning Flaw (Network
Computing)
The vulnerability, rated a low risk, could let a hacker take a look around
inside a user's computer.
_____________________________________________________________________________________
March 21, 2007
Firefox Hit by Fewer Flaws Than IE in 2006 (PC World)
According to Symantec, Mozilla's Firefox suffered from 26 percent fewer
vulnerabilities in the second half of 2006.
SecureWorks researcher discovers flexible Russian trojan, cache of stolen
data from 15,000 users (SC Magazine)
A new trojan with multiple variants and the ability to get around SSL
protection and circumvent multifactor authentication has managed to steal
authentication information for accounts of more than 300 companies and
government organizations, a researcher with SecureWorks told SCMagazine.com
today.
_____________________________________________________________________________________
March 20, 2007
Beware the
"Evil Twin" Wi-Fi Hotspot (Yahoo!)
Hop into Starbucks or an airport terminal and you may find yourself
tempted by the inexpensive Wi-Fi service offered. Fire up your computer,
browse the wireless networks available, and maybe you'll jump on a network
named "tmobile" or "wayport" or some other common name among Wi-Fi service
providers. Sure enough, your browser pulls up a page asking for your credit
card information... or maybe ...
Most cyberattack victims are home users, report says (Contra Costa Times)
Think you're safe from cyberattacks as a casual Web surfer and e-mail
user? Think again. Most victims of computer virus attacks -- indeed, 93
percent -- are home users casually surfing the Web, shopping, opening
e-mails or running a small business on their home computer, according to
Symantec Corp.'s latest Internet Security Threat report, issued Monday.
_____________________________________________________________________________________
March 19, 2007
71,000 people have personal information hacked in Indiana (South Bend
Tribune)
A hacker has accessed the personal information of thousands of people across
the state of Indiana. The state says the hacker got into a state database of
licensed nursing assistants and home health aides.
Hackers threaten month of MySpace vulnerabilities (SC Magazine)
Two hackers are planning to fill April's calendar with a month's
worth of MySpace vulnerabilities - if the project isn't an April Fools' Day
prank.
Cyber-Attacks
Get 'More Aggressive' (NBC)
Cyber-thieves are getting better at what they do. That's the major
conclusion of the latest Internet Security Report released Monday by the
Symantec Corporation, maker of Norton security products.
Most Computer Attacks Originate in U.S. (AP)
The United States generates more malicious computer activity than any other
country, and sophisticated hackers worldwide are banding together in highly
efficient crime rings, according to a new report.
Symantec Reports Rise in Data Theft, Data Leakage, and Targeted Attacks
Leading to Hackers' Financial Gain (RedNova)
The latest Internet Security Threat Report released today by Symantec Corp.
March 15, 2007
OpenBSD flaw exploits IPv6 weakness (SC Magazine)
Researchers released an advisory today disclosing a remote kernel
buffer overflow flaw in the OpenBSD operating system that they claim is the
first exploitable IPv6 vulnerability to be publicly disclosed with a
proof-of-concept exploit.
Public Pitfalls Of Privacy Policies (Network Computing)
What does a privacy policy mean for your organization in legal terms? Think
of it as a legally enforceable promise that you make to your customers--one
you shouldn't break lightly.
_____________________________________________________________________________________
March 14, 2007
Breaches of personal data: blaming the myth and punishing the victim (Ars
Technica)
An analysis of 25 years' worth of the loss of computerized personal
data reveals both clear trends in terms of their cause, and the lack of
legislation that addresses those trends. Read More...
Study: Hackers get bum rap for data loss (EARTHtimes)
A review of sensitive U.S. business records suggests 3-of-5 data
breaches are caused by organizational malfeasance not computer hackers.
_____________________________________________________________________________________
March 13, 2007
Apple Updates for Multiple Vulnerabilities (US-CERT)
Apple has released Security Update 2007-003 to correct multiple
vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most
serious of these vulnerabilities may allow a remote attacker to execute
arbitrary code. Attackers may take advantage of the less serious
vulnerabilities to bypass security restrictions or cause a denial of
service.
Spectrum-Based WiFi Network Attack Threats on the Rise (Yahoo)
Physical Layer Denial-of-Service Attacks Cause Damage to Enterprises Using
Wireless Technologies
_____________________________________________________________________________________
March 12, 2007
It's easy to spy on your Wi-Fi / Experts say home networks are particularly
vulnerable (San Francisco Chronicle)
When many of the computer industry's top security gurus gathered in San
Francisco last month for a conference, a Boston company decided to point its
radar toward the airwaves and see how much of the show's wireless activity
it could see.
More Than 143 Million Americans Are Concerned That Personal and Financial
Information Will Not Be Kept Private (Yahoo! Finance)
More than 143 million Americans -- or two thirds of all adults 18 years or
older -- are concerned that their personal and financial information would
not be kept private and secure if they prepared state and federal tax
returns on the Internet, according to a new national poll. March 9, 2007
Microsoft: No security fixes this Patch Tuesday (SC Magazine)
Microsoft announced on Thursday that it will not release any security
updates next week as a part of its monthly patch cycle.
Hacker Steals French Presidential Candidate Data (DailyTech)
French presidential candidate hit by hacker, list of campaign backers
stolen.
_____________________________________________________________________________________
March 8, 2007
Core Security: GNU Privacy Guard flaw allows phishing-like attacks (SC
Magazine)
A critical flaw in the popular encryption software GNU Privacy Guard
(GPG) allows attackers to launch a phishing-style attack that inserts text
appearing to part of a trusted email, Core Security Technologies announced
today.
No Microsoft Security Updates Coming Next Week (PC World)
In one of only a handful of times since 2003, Microsoft won't have
security patches available next week.
Trojan Bayrob targets eBay users (SC Magazine)
Symantec warned eBay users that a sophisticated trojan is seeking to
scam them with a man-in-the-middle attack.
_____________________________________________________________________________________
March 7, 2007
Gartner: ID theft up 50 percent in three years (SC Magazine)
Organized cybercrime rings have spearheaded a sharp increase in
identity theft, which has skyrocketed nearly 50 percent in three years,
according to a just-released Gartner survey.
Mozilla Fixes 'Critical' Bug In Earlier Patch (Information Week)
The problematic fix, issued last December, affected the Firefox browser and
the SeaMonkey application suite.
A Breach a Month – Or More (darkREADING)
New study shows most companies suffer between three and 22 violations of
sensitive data each year
IRC bot a growing threat to enterprise networks (SC Magazine)
A new internet relay chat (IRC) bot is building an even larger zombie
family that could pose a significant threat to enterprise networks, security
researchers said today.
Apple Releases Security Updates for QuickTime (US-CERT)
Apple QuickTime 7.1.5 resolves multiple vulnerabilities in the way different
types of image and media files are handled. An attacker could exploit these
vulnerabilities by convincing a user to access a specially crafted image or
media file with a vulnerable version of QuickTime. Since QuickTime
configures most web browsers to handle QuickTime media files, an attacker
could exploit these vulnerabilities using a web page.
_____________________________________________________________________________________
March 6, 2007
Survey: Most organizations believe insiders are biggest threat to
intellectual property (SC Magazine)
A new survey released today found that more than half of enterprises believe
that the biggest threat to their sensitive information is through the action
of malicious or negligent insiders—be they employees, outsourced workers or
others working with trusted partners.
U.S. Federal Trade Commission Battles Spyware: Cindy Skrzycki (Bloomberg)
During the past few months, the U.S. Federal Trade Commission has
filed deceptive-advertising cases against two distributors of what is called
adware or spyware. The insidious form of software subjects consumers and
their computers to unwanted advertising and surveillance.
Apple fixes QuickTime flaws (EARTHtimes)
Apple Computer has released new updates for iTunes and QuickTime that
fix about 8 security vulnerabilities in the media player software.
McAfee names new president and CEO (SC Magazine)
McAfee's board of directors named Dave DeWalt as McAfee's new chief
executive officer and president, the company said today in a late-afternoon
announcement.
_____________________________________________________________________________________
March 5, 2007
Data Doctor: 'Pharming' can sow major security woes (East Valley Tribune)
Q. I heard there is a new way for hackers to get into my home network
called "farming" or something like that. Is this true?
Sunbelt Software Announces Top Ten Spyware Threats for February (Sunbelt
Software)
The results are based on monthly scans performed by Sunbelt's
award-winning antispyware product, CounterSpy(TM).
Security Tip: Think Like Hacker (PC World)
Black Hat security conference speaker advises developers to consider
motives, tools to anticipate attacks.
March 2, 2007
Survey: Most organizations believe insiders are biggest threat to
intellectual property (SC Magazine)
A new survey released today found that more than half of enterprises believe
that the biggest threat to their sensitive information is through the action
of malicious or negligent insiders—be they employees, outsourced workers or
others working with trusted partners.
McAfee names new president and CEO (SC Magazine)
McAfee's board of directors named Dave DeWalt as McAfee's new chief
executive officer and president, the company said today in a late-afternoon
announcement.
_____________________________________________________________________________________
March 1, 2007
Security Vendors Lagging on Vista (PC World)
Support Windows Vista's revamped security features are posing
difficulties for some IT security vendors.
The NWC Interview: Impervia's Shlomo Kramer (Network Computing)
The co-founder, president and CEO of Imperva, and co-founder of Check
Point, discusses database and Web application security.
Sun Solaris Telnet Worm (US-CERT)
A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on
unpatched Sun Solaris systems. The vulnerability allows the worm (or any
attacker) to log in via telnet (23/tcp) with elevated privileges. |
