|
Security Headlines
Back
May 31, 2007
Mozilla Updates for Multiple Vulnerabilities (US-CERT)
The Mozilla web browser and derived products contain several
vulnerabilities, the most severe of which could allow a remote attacker to
execute arbitrary code on an affected system.
The Breach Blog: Hacker steals $450,000 from city of Carson, Nev. (SC
Magazine)
A hacker used keylogger technology to steal the passwords of Carson, Nev.
Treasurer Karen Avila, then wired nearly $450,000 to North Carolina and
Michigan in the next two days.
Mozilla discloses six security flaws (SC Magazine)
Mozilla released six security advisories on Wednesday for flaws in
its Firefox, SeaMonkey and Thunderbird programs.
_____________________________________________________________________________________
May 30, 2007
Firms urged to tighten up access policies (The Register)
Survey reveals worrying lack of security Half of us keep our passwords on
Post-It notes and over a third of IT professionals say they could still
access their company's network if they left their job.
Google buys US Internet security firm GreenBorder (Middle East Times)
US Internet security start-up firm GreenBorder, which specializes in using
"virtualization" to create safe zones for online activities, revealed
Tuesday that it has been bought by Google.
_____________________________________________________________________________________
May 29, 2007
Small businesses must guard against new breed of technological criminals
(The Gainesville Times)
I readily admit it. The older I become, the less some things make sense. The
next story I hear or read about trumps the last unbelievable story. This
past week, I was talking with a longtime friend who was telling me about
having her purse stolen.
SecureInfo Study Finds Information Security Awareness Training for
Government Workers Falls Short (Yahoo)
SecureInfoŽ Corporation, a market-proven provider of Information Assurance
solutions, today released the company's first Information Security Awareness
Report, providing an independent, cross-agency, quantitative analysis on the
effectiveness of the Federal government's Information Security awareness
training programs.
_____________________________________________________________________________________
May 28, 2007
China Crafts Cyberweapons (PC World)
The Defense Department reports China is building cyberwarfare units and
developing viruses. May 24, 2007
Virus update 'paralyses PCs' (News 24)
Millions of computers may have been paralysed by a faulty anti-virus
update from security software provider Symantec.
_____________________________________________________________________________________
May 23, 2007
Microsoft releases a non-security security update (SC Magazine)
Information security oxymoron alert: Microsoft on Tuesday released a
non-security-related security bulletin to fix Windows Update issues.
Hacker exposes info on CU students (Denver Post)
AMA hacked computer server at the University of Colorado has exposed about
45,000 students' names and Social Security numbers, school officials said
Tuesday.
_____________________________________________________________________________________
May 22, 2007
Survey: Half Of Windows Vista Adoption Driven By Security (Information Week)
A new study shows that IT managers are intrigued about Vista's new
on-board security, along with user account control and an overall sense of
better safeguards.
Spyware Bill Passes House (PC World)
The U.S. House of Representatives passed an antispyware bill Tuesday on a
voice vote.
Microsoft bolsters Office security (SC Magazine)
Microsoft released updates to its productivity suite this week,
adding security features for Office 2003 that were developed for Office
2007.
_____________________________________________________________________________________
May 21, 2007
Unpatched QuickTime is security risk (Macworld)
Although browsers are notoriously juicy targets for hackers, Apple's
QuickTime is actually three times more likely to pose a threat than Internet
Explorer 6 – and six times more likely to be a threat than Firefox, Danish
vulnerability tracker Secunia said this week.
Will Estonia spur govt spending to mitigate DDoS attacks? (Banking Business
Review)
Last week saw what, in some circles, was billed as the first example
of cyberwar waged by one state on another, as Estonian government agencies,
its parliament, big banks and two large newspapers all saw their websites
bombarded by distributed denial of service (DDoS) attacks.
Stolen laptop contained personal data on Northwestern alumni (AP)
School officials say a laptop computer belonging to Northwestern
University's financial aid office in Chicago was stolen recently, and the
Social Security numbers of some alumni may have been compromised.
Bush Worm Dances its Way into Computers (HardwareZone)
A Worm named 'Worm.Win32.VB.au' spreads with the help of messages written in
Spanish, which says 'mira esta animacion de bush', coming from known and
unknown contacts.
May 18, 2007
Alcatel-Lucent Workers' Info Missing (AP)
A computer disk containing personal information on thousands of
Lucent employees and retirees has been missing for at least 10 days,
Alcatel-Lucent said Thursday....
_____________________________________________________________________________________
May 17, 2007
Secunia: Nearly one in three corporate applications missing critical patches
(SC Magazine)
Nearly a third of all applications on corporate networks are missing
critical security patches and are at risk to security breaches, according to
a new report from Secunia.
Interop Preview: Chief Security Officer Boot Camp (Information Week)
Taking a few pages from the CSO Boot Camp at Interop, here are five
things you should know or be able to do to become a CSO in today's market.
Attention Shoppers: Check Stand 4 Now Open to ID Theft (PC World)
Using your debit or credit card to pay for goods could be expensive if a
scammer is bugging your store's keypad.
Interop Preview: Microsoft Vs. Linux, Security To Share Vegas Spotlight
(Information Week)
Microsoft senior vice president Bob Muglia will be among the keynote
speakers at Interop in Las Vegas on May 20-25.
_____________________________________________________________________________________
May 16, 2007
IBM loses tapes with employee personal info (SC Magazine)
IBM, which invented magnetic tape storage more than 50 years ago and
has since emerged as a leading provider of data encryption, has lost an
undisclosed number of backup tapes containing the personal information of
employees.
Police to summon alleged accomplice of suspected hacker for questioning (The
Nation)
Police are set to summon an alleged accomplice of a man suspected of
hacking into the computer system of Advanced Info Services (AIS) and
manipulating airtime allowances granted to its prepaid cellphone users.
_____________________________________________________________________________________
May 15, 2007
Federal cybercrime bill introduced in House (SC Magazine)
Two congressmen on Monday introduced a bipartisan cybersecurity bill
that proponents say will modernize regulations while providing law
enforcement with more resources to investigate and prosecute criminals.
Microsoft Details Patent Breaches (AP)
Microsoft Corp. has given the most detailed description to date of
the number of open-source computer programs it says infringe on its patents,
but the company says it still prefers licensing deals with open-source
developers, software distributors and users instead of legal action against
them.
China Looks To Tackle Software Piracy (Information Week)
Loses from pirated software to surge 40 percent to $5.4 billion in
China last year, but things are getting better, a trade group said on
Tuesday.
_____________________________________________________________________________________
May 14, 2007
Some Windows users get system freeze with May patches (SC Magazine)
An unidentified number of Windows users got more than they bargained for
with Microsoft's latest round of Patch Tuesday security fixes when their PCs
froze for hours while installing the updates.
Verizon Security Services Set To Explode With Cybertrust Acquisition
(Information Week)
The move would add 800 Cybertrust employees to Verizon's security services
team of 300 and give it access to Cybertrust operations in 30 locations in
the Americas, Europe, the Middle East, and Asia-Pacific.
Windows Update used to download malware updates (SC Magazine)
Hackers have used a Windows Update process to inject malicious code onto a
system while avoiding firewalls, according to researchers at Symantec.
May 11, 2007
NAC: More Is More (Network Computing)
The results of our latest reader survey on network access control show that
initatives are moving quickly from planning to full deployment. But while
NAC can tighten security, demonstrating ROI can be a challenge.
_____________________________________________________________________________________
May 10, 2007
Strategic Security: Web Applications Scanners (Network Computing)
As applications evolve, new vulnerabilities emerge. For this Rolling Review
series we'll examine how Web application scanners help address the security
weaknesses found in RIAs in general, and Ajax in
Rollout: Symantec Mobile Security Suite 5.0
Symantec delivers a host of new security features for Windows Mobile
devices. Between a lack of any serious mobile threats and the price tag,
however, IT might be hard-pressed into implementation.
_____________________________________________________________________________________
May 9, 2007
University of Missouri falls to hack attack (Infomatics)
A hacker has broken into the computer system at the University of Missouri
and gained access to a database containing more than 20,000 personal
details.
Strange Wi-Fi Spots May Harbor Hackers: ID Thieves May Lurk Behind a Hot
Spot With a Friendly Name (RedNova)
The Dallas Morning News May 9--Open your laptop computer in any airport,
hotel or coffee shop, and you'll often find unsecured Wi-Fi networks
available for free browsing.
_____________________________________________________________________________________
May 8, 2007
Microsoft Updates for Multiple Vulnerabilities (US-CERT)
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Internet Explorer, Office, Exchange, Cryptographic API
Component Object Model (CAPICOM), and BizTalk. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to execute
arbitrary code or cause a denial of service on a vulnerable system.
Taiwan
claims upper hand in hackers' war with rival China (AP)
Taiwan's advanced computer technology helps the military fend off
hacker attacks in continuing virtual skirmishes with rival China, a military
official said Tuesday.
State may have put personal data on Web (Louisville Courier-Journal)
The state Department of Administration may have inadvertently disclosed the
Social Security numbers of dozens of people involved with businesses owned
by women or minorities, officials said yesterday.
_____________________________________________________________________________________
May 7, 2007
TSA Loses Hard Drive With Personal Info (CBS News)
The Transportation Security Administration has lost a computer hard drive
containing Social Security numbers, bank data and payroll information for
about 100,000 employees.
Cybereye | 2007: Year of the antispyware law? (Government Computer News)
Spring is once again here, and with it hope springs eternal. A pair of
antispyware bills has been introduced in the House, and there is a chance
this year that at least one of them might actually make it into law. May 4, 2007
Critical DNS fix absent from upcoming patch Tuesday (The Register)
Seven fixes and that's your lot Microsoft plans to release seven patches
next Tuesday as part of its regular Patch Tuesday update cycle.
_____________________________________________________________________________________
May 3, 2007
Apple fixes QuickTime security flaw (Computer Weekly)
As Apple releases a fix for the QuickTime flaw at the heart of a Mac
hacking contest, Gartner issues a statement saying such contests are bad for
security.
The link that binds us: Forgot your password? (Chicago Tribune)
It was when I had to click my third "I forgot my password" link in as
many days that I realized I need a Password Strategy.
_____________________________________________________________________________________
May 2, 2007
Apple Fixes 'Highly Critical' QuickTime Bug (Information Week)
Researches say now that a fix is out for the vulnerability, they expect
hackers will use it to reverse engineer the flaw and quickly create an
exploit.
VeriSign to use one-time passwords for bank cards (InfoWorld)
VeriSign Inc. is looking to offer bank cards with an integrated
one-time password generator, a slimmer way than key chains to implement
two-factor authentication. The technology would be an improvement over other
authentication devices, such as key chains or fobs, which generate one-time
passwords but are an extra item that users must carry.
Digg Yields To The Wrath Of The Crowd (Information Week)
Digg users would rather see the site go down fighting than give in to
censorship, so Digg officials say they will no longer delete posts that
contain a code that cracks encryption on high-definitiion disks.
_____________________________________________________________________________________
May 1, 2007
MarkMonitor: More than a quarter-million cybersquatting attacks in first
quarter of 2007 (SC Magazine)
Cybersquatting is an ever-growing threat to brand reputation, with
more than a quarter-million such attacks recorded this year, according to a
report released Monday by MarkMonitor.
Tracking the 'brandjackers' (Reuters)
A new quarterly report that tracks online threats to the world's top 25
brands finds that cybersquatting is the most common form of abuse.
Best Practices: Fraud Prevention Takes Visa (Information Week)
It's clear that credit and debit cards are rapidly replacing cash and
check transactions for many businesses. According to a study sponsored by
the American Bankers Association between 2004 and 2006, 45% of U.S.
consumers reported using less cash. But while the cards offer new levels of
financial flexibility and control, a new breed of criminal is exploiting
this trend—to the dismay of both consumers and merchants. |
