|
Security Headlines
Back
November 30, 2005
IE Exploit At Large, Microsoft Urges Scan (Security Pipeline)
Microsoft acknowledged Tuesday that malicious software targeting
an unpatched bug in Internet Explorer is on the loose, and urged users
to run a complete system scan on its new Windows Live Safety Center.
Fake IRS E-Mail Scam Goes Phishing (TechWeb)
A new phishing attack posing as a bogus tax-refund email from the
Internal Revenue Service is fooling unsuspecting users into offering up
their Social Security and credit card numbers.
Trojan horse rides on unpatched IE flaw (CNET)
Windows users could lose control of their systems by simply
visiting a Web site hosting malicious code, Microsoft warns.
Security Patch Watch: Sun Java, Symantec, Cisco (eWeek)
Sun patches JRE and the Java SDK, Symantec patches its PCAnywhere
telecommute software and Cisco patches a vulnerability in Cisco Security
Agent.
Microsoft Goes Live with OneCare (NewsFactor)
Microsoft has opened the beta of OneCare to the general public,
inviting users everywhere to test the new security suite that provides
antivirus, antispyware, and firewall capabilities.
Panda Prepares To Battle Corporate Espionage (TechWeb)
Panda rolled out a precursor Wednesday to service that it says
will battle the coming scourge of enterprise security: corporate
espionage.
Taxpayers hit by new phishing scam (SC Magazine)
American taxpayers have been receiving a new phishing email that claims
to be notification of a refund from the Internal Revenue Service (IRS).
Scammers are taking advantage of an apparent security configuration
error on the real federal government website, which allows them to
redirect visitors to a bogus website.
ISP email filtering helping win the battle vs. spam (SC Magazine)
Internet service providers’ anti-spam technologies are now capable of
blocking the vast majority of spam sent to their email servers,
according to a new study released today by the Federal Trade Commission.
U.K. National High Tech Crime unit warns over Sober email scam (SC
Magazine)
The U.K.'s National Hi-Tech Crime Unit (NHTCU) has warned the public to
be on their guard against "an ongoing mass virus attack" of unsolicited
emails containing the Sober virus that purport to have been sent by the
agency.
_____________________________________________________________________________________
November 29, 2005
Hackers Circulate Exploit Code For Two Windows Flaws (TechWeb)
Exploits and proof-of-concept samples for two recently disclosed
critical Microsoft vulnerabilities are circulating among hackers,
security experts warned Tuesday; Microsoft says it's not aware of any
active attacks.
IO Data Ships Drives with Trojan (NewsFactor)
Japanese peripheral vendor IO Data has accidentally added a Windows worm
on some of its external hard drives, the company has warned.
Majority of world worried about internet fraud (SC Magazine)
Forty-five percent of consumers worldwide are willing to switch
to financial institutions that offer more security protection, according
to newly conducted research.
U.K. servers caught hosting new generation phising scam (SC Magazine)
Security experts warned of a new generation of phishing attack
that does not target any particular financial or ecommerce brand.
FTC Study Concludes Masking, Filtering Stop Spammers (Information Week)
Unmasked E-mail addresses received over 6,400 spam messages,
while only one spam message reached masked E-mail addresses. Masking is
the practice of altering an E-mail address so that it's readable by
people but not by machines.
British MP calls for cybercrime tzar (SC Magazine)
A member of Parliament has called on the British government to take a
lead from the U.S. and form a new national cybersecurity agency - with
its own czar - to combat the threat of online crime.
Online Shoppers Fear Identity Theft (PC World)
Surveys show e-shoppers like the convenience, but are wary of online
fraud.
_____________________________________________________________________________________
November 28, 2005
Attack code out for 'critical' Windows flaw (CNET)
Code crashes vulnerable computers by taking advantage of a flaw
for which Microsoft provided a fix in October.
Cybercrime yields more cash than drugs (Reuters)
Global cybercrime generated a higher turnover than drug
trafficking in 2004 and is set to grow even further with the wider use
of technology in developing countries, a top expert said on Monday.
Sober Worm Hidden In Fake CIA E-mails Remains Threat (TechWeb)
Sober.x, the worm attached to emails--purportedly from the FBI
and CIA--warning of illicit Web surfing, has become the year's worst
outbreak and shows little signs of slowing.
Opera Patches Browser Security Holes (PC World)
Incremental update fixes flaws involving Flash Player, Linux and
Unix.
Poll Cites IP Security Concern (NewsFactor)
As viruses and malicious software bloom, senior executives across
a range of industries see security as their top concern in implementing
converged IP networks.
Malicious Keyloggers Run Rampant on Net (eWeek)
The online crime epidemic fuels a rise in the stealthy tools,
which often evade detection by anti-virus tools and can be difficult to
detect once installed.
Plugged In: Phishers' Latest Evil E-Mail Trick (PC World)
Plus: Will telcos block VoIP, and will your next PC have a PPU?
Kazaa Owners Work to Install Filters (AP)
The owners of file-sharing network Kazaa were working Monday to
install filters aimed at preventing users of the software from swapping
copyrighted material.
Unpatched IE Flaw Is Worse Than Expected (eWeek)
Secunia issues a rare "Extremely Critical" advisory regarding a
browser hole that allows execution of arbitrary code.
New Path Of Attack (Information Week)
Just when patching showed progress against the worst security threats,
cybercriminals shift their focus.
Sober Worm's Still With Us (Security Pipeline)
The greatest I.T. security threats to businesses may be targeted attacks
aimed at a single company. But old-fashioned worms can still have their
day, as last week shows.
Global Mitglieder.GB Trojan epidemic poisons internet (SC Magazine)
The number of infections caused by the Mitglieder.GB Trojan continues to
increase rapidly, with security experts warning that the malware is now
affecting computers around the globe.
November 25, 2005
Verizon Wireless clamps down on wireless spam (SC Magazine)
U.S. mobile operator Verizon Wireless has filed a lawsuit in New Jersey,
seeking an injunction against Passport Holidays of Ormond Beach, FL for
allegedly violating federal and state laws by sending “tens of
thousands” of unsolicited text messages to its customers.
CA’s New Security Product Is Suite (Security Pipeline)
As a result of Internet connectivity growing in leaps and bounds in the
SMB market, solution providers are discovering more opportunities to
sell security solutions to those businesses. Unfortunately, since many
security products on the market are lacking in certain key areas, these
integrators are forced to combine security tools from various vendors to
build a blanket of protection for their customers.
ET could hack internet (SC Magazine)
Aliens could hack the internet and spread viruses if proper precautions
are not put in place, warned a top scientist.
Sober mutant spreading like wildfire (SC Magazine)
The new Sober-Z worm is spreading at such a rate that it now accounts
for over 81 percent of all viruses, making it currently the most
widespread computer virus in the world, security experts warned today.
_____________________________________________________________________________________
November 24, 2005
Browser developers gang up on hackers (SC Magazine)
Developers from four rival firms have got together to work on combating
security threats with proposals for safer next generation browsers.
One third of Brits send fake emails (SC Magazine)
Nearly a third of people in the U.K. have admitted to impersonating
someone else when sending an email, according to new research.
IT security fears holding back US e-commerce (SC Magazine)
One in four U.S. consumers will not shop online this holiday season due
to internet security concerns, according to a new survey from the
Business Software Alliance (BSA).
Backup encryption failures leave data in peril (SC Magazine)
Potentially sensitive corporate data is being placed unnecessarily at
because less than a quarter of companies currently encrypt their backup
tapes, newly published research is claimed.
_____________________________________________________________________________________
November 23, 2005
Security Bill Brings New Data Security Requirements (Security Pipeline)
The Senate approved the Personal Data Privacy and Security Act
this week, which requires businesses holding the personal data of more
than 10,000 U.S. residents to conduct risk assessments and implement
data-protection policies. The bill would create big opportunity for VARs
able to help corporations assess their own infrastructures and implement
compliant solutions.
Terrorism threat to Net overblown (CNET)
Security expert Bruce Schneier says the danger from
cyberterrorism is "overblown."
Opera Patches Flash Flaw (TechWeb)
Opera Software updates its Windows browser to plug a critical
security hole involving Macromedia's Flash media player.
Browser Makers Agree to Standards (PC World)
Security improvements include green address bars to identify
trusted sites and restrictions on pop-ups.
Sober worm clogging inboxes (CNET)
Amount of virus-infected e-mail has surged in the past day,
threatening problems for corporate networks.
SonicWALL targets SMB security with two corporate acquisitions (SC
Magazine)
Security firm SonicWALL today announced that it has acquired data
backup company Lasso Logic, together with the assets of enKoo, a
developer of remote access technology.
Verizon Sues Alleged Wireless Spammers (Mobile Pipeline)
The lawsuit in federal court claims that a company violated
federal law by using automated methods to send spam text messages.
Bogus E-Mails Contain New 'Sober' Worm (AP)
Austria's equivalent of the FBI said Tuesday that it is investigating a
flurry of bogus e-mails sent in its name to people in Austria, Germany
and Switzerland.
Corporate email systems under pressure from spam and staff abuse (SC
Magazine)
More than half of corporate email messages are not work related,
but rather either spam or personal communications, new research has
claimed.
_____________________________________________________________________________________
November 22, 2005
Virus uses fake Paris Hilton video, FBI threats (CNET)
Variant of old worm flares up, playing on recipient fear, but is
under control within days.
EU Legal Expert Calls For Scrapping Passenger Data Agreement With U.S.
(Information Week)
The agreement to share airline-passenger data took effect in May
2004, but the European Union's legislature had objections, claiming the
deal failed to sufficiently protect the privacy of passengers.
FBI Warns of Sober Worm E-Mail (NewsFactor)
The Federal Bureau of Investigation has issued a warning about
e-mail that appears to be sent from the FBI but instead comes from
hackers attempting to spread the Sober worm.
SANS Warns of Attack Shift to Apps, Network Devices (eWeek)
Critical holes in computer backup and antivirus applications, as
well as switch and router platforms, are enabling a new wave of attacks
that is shifting attention away from operating systems.
Spammers aim to score with Liverpool phishing scam (SC Magazine)
Security experts have warned internet users of a spam campaign
which pretends that the recipient has won a lottery sponsored by
Liverpool Football Club in an attempt to steal bank account information.
Attackers switching to applications, media players (CNET)
Online criminals are shifting their attacks from operating systems to
media players and software programs.
EarthLink brings down 'Timeshare Spammer' (SC Magazine)
U.S. ISP EarthLink's announced that its investigation of Peter Moshou,
aka the "Timeshare Spammer," has led to Moshou being sentenced to serve
one year in federal prison. He will also have to pay $120,000 in
restitution stemming from his conviction in June on a federal charge of
violating the CAN-SPAM Act.
_____________________________________________________________________________________
November 21, 2005
Vulnerability in the way Internet Explorer Handles onLoad Events Could
Allow Remote Code Execution (Microsoft)
Microsoft is investigating new public reports of vulnerability in
Microsoft Internet Explorer on Microsoft Windows 98, on Windows 98
Second Edition, on Windows Millennium Edition, on Windows 2000 Service
Pack 4, and on Windows XP Service Pack 2. Customers who are running
Windows Server 2003 and Windows Server 2003 Service Pack 1 in their
default configurations, with the Enhanced Security Configuration turned
on, are not affected.
Attack code released for IE hole (CNET)
Recently published code exploits new "extremely critical" flaw in
the latest versions of Internet Explorer.
Spyware Foes Push New Law (PC World)
Senate committee approves antispyware bill, but measures have
stalled in the past.
Unpatched IE Bug Now "Extremely Critical" (TechWeb)
A unpatched flaw in Microsoft's Internet Explorer browser that
first surfaced in late May has been upgraded.
Windows Flaw Exposes iTunes Users (NewsFactor)
Security firm iDefense has warned of an unpatched security
vulnerability in Windows that exposes a series of third-party
applications.
Few trust websites with personal information, report finds (SC Magazine)
Less than one in five people are confident that websites will
treat personal information properly, according to a new survey by the UK
information commissioner.
Scotch Tape Stymies Sony Copy Protection (TechWeb)
Sony BMG Music's controversial copy-protection scheme can be
defeated with a small piece of tape, a research firm says.
Meet Average-Joe Spammer (PC World)
The spammer next door says business just ain't what it used to
be.
The Window Of Exposure Narrows (Security Pipeline)
Companies are patching their systems faster than ever. The
"half-life" of vulnerabilities--the amount of time it takes businesses
to patch half of their systems against a newly disclosed bug--continues
to drop, says Gerhard Eschelbeck, chief technology officer Qualys Inc.,
a provider of on-demand vulnerability-management services.
Sony's rootkit fiasco (CNET)
The storm over the record label's antipiracy software raises questions
about who owns the desktop and what exactly is a rootkit.
November 18, 2005
Microsoft Issues Windows Bug Warning (PC World)
Off-schedule bug fix addresses denial-of-service vulnerability in
Windows 2000, XP.
Web Site Operators Admit Role In Phishing Ring (Security Pipeline)
Six more people pleaded guilty Thursday to operating a Web site
that investigators claimed was one of the largest online centers for
trafficking in stolen identity information and credit cards.
Apple iTunes, QuickTime Face Flaws (TechWeb)
Just days after Apple Computer updated the Windows version of its
popular iTunes software, a security firm warns of a new critical
vulnerability in the program.
shadow-utils bug fix update (Red Hat Network Alert)
The shadow-utils package includes programs for converting UNIX
password files to the shadow password format as well as programs for
managing user and group accounts. Updated shadow-utils packages that
address an issue in Useradd which can hang systems when run on old
kernels are now available.
Spammers Pay Fines Imposed by FTC (PC World)
Convictions under CAN-SPAM Act stem adult-oriented e-mail.
U.S. Senate Goes After Spyware (Information Week)
Earlier anti-spyware bills have stalled in Congress.
UK Spammer Gets Six-Year Sentence (NewsFactor)
A British man was sentenced Wednesday to six years in prison for
selling phony .eu domain names and threatening to kill anyone who
attempted to report his illegal activities.
Microsoft Picks Partners to Fight Phishing (PC World)
Security firms boost malware protections in IE, MSN, and Vista.
Plague of mutant worms targets IM systems (SC Magazine)
Instant Messaging (IM) systems are coming under sustained attack
from a record number of mutant worms, security watchers have warned.
Did Sony 'rootkit' pluck from open source? (CNET)
Copy-protection code appears to have tapped an open-source project,
raising questions about copyright, software experts say.
Security firm claims fundamental flaws mar UTM integrated appliances (SC
Magazine)
An IT security firm today claimed that it has identified potential
sources of risk for government and enterprises using integrated security
appliances which “sacrifice security for convenience”.
_____________________________________________________________________________________
November 17, 2005
6 Plead Guilty for Role in Identity Theft (AP)
Six more people pleaded guilty Thursday to operating a Web site
that investigators claimed was one of the largest online centers for
trafficking in stolen identity information and credit cards.
Microsoft Expands Its Anti-Phishing Database (eWeek)
Microsoft partners with independent data providers to better
monitor phishing Web sites.
Microsoft Goes Outside For Phishing Help (TechWeb)
Microsoft will pull data on phishing sites from three new
partners in an attempt to boost the effectiveness of its anti-fraud
technology.
Microsoft Confirms Windows Flaw, Exploit (eWeek)
The software maker confirms a denial-of-service flaw in its
implementation of the Remote Procedure Call protocol. Hackers already
have access to exploit.
Microsoft Warns Of New Windows 2000 Exploit (TechWeb)
Microsoft warns Windows users that proof-of-concept code was in
circulation that could be remotely and anonymously exploited on Windows
2000 machines.
Weaselboy spammer jailed over £1.6m scam (SC Magazine)
A spammer who built up a £1.6 million ($2.75 million) fortune
from his bedroom in his father's house was jailed for six years for
fraud and other crimes.
Will certification legitimize adware? (CNET)
Group of Net companies promises new program will promote
nonivasive software downloads, but skeptics remain.
Oracle beefs up security offerings with two acquisitions (SC Magazine)
Oracle today moved to shore up its IT security portfolio with two
corporate acquisitions. The database giant said the purchase of Thor
Technologies, a provider of cross-platform provisioning solutions and
OctetString, a developers of virtual directory software, aimed to
significantly strengthen its portfolio of identity and access management
products.
Memory Allocation Denial of Service via RPC (Microsoft)
Microsoft is aware of public reports of proof-of-concept code that seeks
to exploit a possible vulnerability in Microsoft Windows 2000 Service
Pack 4 and in Microsoft Windows XP Service Pack 1. This vulnerability
could allow an attacker to levy a denial of service attack of limited
duration.
_____________________________________________________________________________________
November 16, 2005
gdk-pixbuf and gtk2 security updates (Red Hat Network Alert)
The gdk-pixbuf package contains an image loading library used
with the GNOME GUI desktop environment. The gtk2 package contains the
GIMP ToolKit (GTK+), a library for creating graphical user interfaces
for the X Window System. Updates that fix security issues for these are
now available.
Flash: Macromedia Plugs More Holes (Security Pipeline)
For the second time in two weeks, Macromedia has had to patch
bugs in its Flash product line, the company acknowledged Tuesday.
Keyloggers Foster New Crime Wave (NewsFactor)
Keylogging malware is on the way to setting a record in 2005,
with 6,191 new keyloggers unleashed, according to a study released this
week by VeriSign iDefense.
Rootkits DOA In 64-bit Software, Says Microsoft (TechWeb)
Microsoft's move to 64-bit operating systems for its servers
should put a stop to rootkits, at least the current crop like the one
that's plagued buyers of some Sony music CDs, company executives claim.
Security Vendors Clueless Over Rootkit Invasion (eWeek)
Can the average end user detect and delete a malicious rootkit
from a Windows system? As anti-virus vendors struggle to keep pace with
malware writers, security experts worry that the answer to that question
means the battle may already be lost.
Sony faces 'consumer backlash' after rootkit anti-piracy blunder (SC
Magazine)
Sony BMG Music Entertainment's use of spyware techniques for
copyright protection is only the latest example of a trend that will
likely promote a “consumer backlash”, industry experts have warned.
Oracle snags two ID management firms (CNET)
Acquisitions are designed to give Oracle a boost in the market for
identity-management security software.
Companies 'actively punished' for losing customer data (SC Magazine)
Customers are "actively punishing" companies that lose their
confidential and private information, research published today has
claimed.
_____________________________________________________________________________________
November 15, 2005
Hole Found in Widely Used VPN Gear (PC World)
Bug makes VPN products vulnerable to a denial of service attack.
Keyloggers Jump 65% As Info Theft Goes Mainstream (TechWeb)
The number of keyloggers unleashed by hackers exploded this year,
soaring by 65 percent in 2005 as e-criminals rush to steal identities
and information.
ID Theft Numbers May Be Misleading (Security Pipeline)
If some of the numbers being cited about identity theft are to be
believed, it's just a matter of time before some unseen cyberhustler
steals your name, empties your bank account and wrecks your financial
reputation. You can almost hear the maniacal laughter.
U.N. Warns Against Refugee Rip-Offs (TechWeb)
The United Nations warns of Internet scams that try to dupe
would-be migrants and refugees who hope to resettle in Europe or the
U.S.
Internet security market to reach $58 billion by 2010 (eeTimes)
The global Internet security market is expected to grow at an
annual 16 percent over the next five years to reach $58.1 billion by
2010, according to a soon to be published report from Business
Communications Co Inc.
Critical Flaw Found in VPN Products (NewsFactor)
Finnish researchers have found a security flaw that could expose
some virtual private network products from Cisco and other large vendors
to denial-of-service attacks.
No end seen to patching race (CNET)
System administrators are dealing with security vulnerabilities
more quickly, but attacks are also appearing sooner.
Organized cyber criminals can 'bring down firms at will' (SC Magazine)
Executives and corporate boards need to be vigilant about the
threats posed by a global organized crime industry that has the capacity
to "bring down firms at will," according to IT security industry
insiders.
Upgrades for
WatchGuard fireboxes (WatchGuard)
New Fireware Pro 8.2 with all-New Anti-Spam Service and spamBlocker
Microsoft to remove Sony BMG malware (Reuters)
Microsoft said it would remove controversial copy-protection software
that CDs from music publisher Sony BMG install on personal computers,
deeming it a security risk to PCs running on Windows.
Criminals will take $2.8B out of ecommerce in 2005 (SC Magazine)
Dollar losses from ecommerce fraud are rising, with newly published
research predicting that cyber fraudsters will steal more than $2.8
billion during 2005, an 8-percent increase over the year before.
_____________________________________________________________________________________
November 14, 2005
Key Exchange Protocol Flaw Haunts Cisco, Juniper (eWeek)
The vulnerability could expose certain products to
denial-of-service conditions, format string attacks and buffer
overflows. In some cases, it may be possible for an attacker to execute
code.
Juniper acquires access security software (CNET)
Juniper Networks will pay $122 million in cash for an access
security company called Funk Software.
lynx security update (Red Hat Network Alert)
An arbitrary command execute bug was found in the lynx "lynxcgi:"
URI handler. An attacker could create a web page redirecting to a
malicious URL which could execute arbitrary code as the user running
lynx. An updated lynx package that corrects a security flaw is now
available.
Chevron Plans Shift to Smart Cards (NewsFactor)
Chevron early next year plans to eliminate the last of 50,000 network
passwords, finalizing a transition to a smart-card-based system to
increase security while cutting costs.
It Takes A Hacker To Catch One (Security Pipeline)
Information technology professionals have been conditioned to
think defensively, draping their networks with sensor-studded barbed
wire and using firewalls to lock down doors and windows. Another school
of thought advocates a more proactive approach to security.
Sloppy habits lead to mobile security shambles (eeTimes)
A third of professionals using mobile devices such as PDAs and
smartphones do not use passwords or any other security protection,
according to a survey by Pointsec Mobile Technologies. The results are
all the more staggering as three out of ten of these sloppy handheld
happy users were found to store their PIN numbers, passwords and other
corporate information on them.
Malware impact varies radically across UK business sectors (SC Magazine)
The impact of spam and viruses varies radically across different
key vertical sectors of UK business, according to new research.
Data Breach Bills Unlikely to Pass Before 2006 (PC World)
Frequency of notifications one sticking point in legislation.
Most IT acceptable use policies contain 'gaping security holes' (SC
Magazine)
Small and medium-sized enterprises (SMEs) are leaving themselves
vulnerable to security and compliance risks by not having internet
Acceptable Use Policies (AUPs) that address the latest and most
dangerous internet-based threats, a new study has warned.
November 12, 2005
Microsoft Security Advisory Notification (Microsoft)
Macromedia Security Bulletin: MPSB05-07 Flash Player 7 Improper Memory
Access Vulnerability.
_____________________________________________________________________________________
November 11, 2005
Stolen Computer Has Credit Data for 3,600(AP)
A desktop computer stolen last month from one of the nation's
three major credit bureaus contained Social Security numbers and other
credit information for as many as 3,600 people, the company confirmed
Friday.
Security Is Top Issue For Converged IP Deployments: Survey (Networking
Pipeline)
Security is corporate executives' top priority for implementing
converged IP networking, according to a new survey released by AT&T and
the Economist Intelligence Unit (EIU).
lm_sensors and php security updates (Red Hat Network Alert)
Updated lm_sensors packages that fix an insecure file issue are
now available. Also, updated PHP packages that fix multiple security
issues are now available for Red Hat Enterprise Linux 3 and 4.
Analyst Firm: Enterprises Should Ban Skype Due To Security Risks
(Networking Pipeline)
Claiming the VoIP software introduces numerous vulnerabilities,
Info-Tech warns "even a mediocre hacker could take advantage of a Skype
vulnerability."
FTC Shuts Down Major Spyware Ring (NewsFactor)
The FTC has shut down Enternet Media and filed a lawsuit against
that company and its affiliates for running an operation that installed
spyware and adware on consumers' computers.
Almost half of IT directors fear VoIP ‘inherently insecure’ (SC
Magazine)
Almost half of European IT directors believe that VoIP networks
are “inherently insecure”, with the figure rising to 56 percent among
computing professionals working in the financial sector, newly published
research has claimed.
Justice Dept. Proposes Tougher Copyright Laws (eWeek)
Those who attempt to copy music or movies without permission
could face jail time under legislation proposed by the Justice
Department.
Anti-Phishing Working Group clamps down on internet fraudsters (SC
Magazine)
The Anti-Phishing Working Group (APWG) today stepped up its
efforts to promote technology solutions to combat internet fraud.
_____________________________________________________________________________________
November 10, 2005
New Windows Trojan causes confusion (CNET)
Trend Micro initially reported that it spotted a Trojan horse that
exploits the latest Windows flaw, but the antivirus software maker isn't
sure anymore.
Viruses Exploit Sony CD Copy-Protection (AP)
A controversial copy-protection program that automatically
installs when some Sony BMG audio CDs are played on personal computers
is now being exploited by malicious software that takes advantage of the
antipiracy technology's ability to hide files.
Microsoft Trains Spotlight on Macromedia Flash Patch (eWeek)
Redmond issues an unprecedented security advisory for a third
party, giving advice on how to protect against code execution attacks.
AV Firms Say New Trojan Uses Sony DRM Rootkit (eWeek)
Security vendors, including Symantec, warn users about malicious
Trojan horse programs that can become invisible on Windows systems that
have the Sony DRM technology installed.
Microsoft SUS Users Finally Receive Patches (Security Pipeline)
Users of Microsoft's Software Update Services (SUS) can now
download this month's patches after a day-and-a-half delay, the Redmond,
Wash.-based developer said Thursday.
Spam Spreads Zombies, Says Security Vendor (PC World)
Sophos service warns of worms, viruses, and bots borne on waves
of spam.
Shutting out spyware hunters (CNET)
Product download agreements are a legal hot potato in a battle
over anti-spyware software.
17 Charged With ID Theft In Arizona, Linked To Foreign Phishers
(Security Pipeline)
A dozen Arizona residents have been arrested and charged with
using stolen credit and debit card numbers obtained from overseas
phishers, Tucson police said as an indictment was unveiled earlier this
week.
Trojan Attacks Microsoft Image Rendering Flaw (eWeek)
An anti-virus vendor spots the first signs of a Trojan attack against a
critical flaw just patched by Microsoft. It causes a disruptive
denial-of-service attack against unpatched Windows systems.
Will Hackers Target Copiers? (PC World)
Any networked office gear can be vulnerable to online attackers, some
warn.
Suit targets Sony BMG anti-piracy technology (CNET)
Lawsuit claims Sony BMG didn't disclose true nature of its digital
rights management system for CDs.
IM attacks rocket 1500 per cent (SC Magazine)
The volume of security threats targeting instant messaging (IM) systems
rocketed during in October 2005 by more than 1500 percent versus October
2004 and more than 30 percent versus September 2005, new research has
warned.
_____________________________________________________________________________________
November 9, 2005
Phishing Scam Lured with Bogus Google (NewsFactor)
An online scam offering the lure of free money through a bogus
copy of the Google Web site has been uncovered by security company
Websense and shut down.
Calls for improved security legislation after TransUnion breach (SC
Magazine)
Enhanced federal legislation and the closer scrutiny of user
behavior were at the top of leading security professionals’ wish lists
this week, as news of last month’s theft of a TransUnion PC containing
the personal credit information of about 3,600 clients spread.
PC Containing Consumer Credit Data Stolen (Information Week)
TransUnion will review its data handling processes after loss of
desktop system with information on more than 3,600 consumers.
Some November Microsoft Security Updates Didn't Reach Users (PC World)
Microsoft's Software Update Services users left in the lurch on recent
patch.
Security Expert Pokes More Holes in Oracle's October Patch (eWeek)
An NGSS researcher posts further warnings that the Oracle October patch
doesn't protect systems as promised.
Liberty Alliance speeds adoption of strong authentication (SC Magazine)
The Liberty Alliance Project has formed a global,
cross-organizational expert group focused on promoting the mainstream
adoption of strong authentication technology.
Spyware Has Become A "Global Pandemic" For Enterprises: Survey
(Networking Pipeline)
Webroot says infections continue growing, and pose significant
threats to confidential information.
Deciphering the World of Crypto (NewsFactor)
In the U.S., the best-known cryptographic algorithms go by names
such as Triple-DES and AES. But other countries, such as South Korea,
Russia, and Japan, are pushing their own cryptography.
30 countries struggling in Mitglieder 'avalanche' (SC Magazine)
An "avalanche" of Mitglieder Trojans is drowning computers
worldwide with security experts warning that over 30 countries are now
affected by the different variants of this threat. Four of the five
variants (FK, FL, FM and FN) are among the six threats most frequently
detected, according to by Panda Software.
Verizon Wireless Again Sues Alleged Information Thieves (Security
Pipeline)
Verizon Wireless said Wednesday has taken legal action against a
private investigation firm that the cellular operator claims has
fraudulently stolen customer information.
Alleged Virus Spreader Held Without Bond (AP)
A man has been ordered held without bond on charges of spreading
electronic viruses so he could gain control over military and other
computers and sell access to hackers and spammers.
_____________________________________________________________________________________
November 8, 2005
Microsoft warns of flaw in newer Windows versions (Reuters)
Microsoft Corp. warned users on Tuesday of a new "critical"-rated
flaw in recent versions of Windows that could allow attackers to take
control of a system by embedding malicious software code into digital
images.
Microsoft Windows Image Processing Vulnerabilities (CERT Advisory)
Microsoft has released updates that address critical
vulnerabilities in Windows graphics rendering services. A remote,
unauthenticated attacker exploiting these vulnerabilities could execute
arbitrary code or cause a denial of service on an affected system.
Lupper Worm Targets Linux (PC World)
So far it's benign, but security vendors urge inoculation.
Web Sites Weigh Problem Of Posted Threats (Information Week)
Experts generally agree there is no legal onus on site owners or
users to notify police. But a recent case has brought up the question of
how far any given Web community should go to help a member who seems to
be in trouble.
U.S. Mandates More Security in Online Banking (NewsFactor)
Federal regulators, alarmed by the threat of online fraud, are
requiring banks by the end of 2006 to provide several layers of ID
verification before customers can access their accounts.
Microsoft Names Antispyware App (PC World)
Windows Defender, out in beta, will ship next year with Vista.
Proof of concept worm targets Oracle databases (SC Magazine)
An anonymous developer has published details of a
proof-of-concept worm engineered to compromise Oracle databases which
have been left with default user accounts and passwords.
Viruses Pushing Windows Users To Mac (Security Pipeline)
Windows users are getting sick of computer viruses and are
increasingly switching to Macs, according to a research note issued on
Monday by New York-based investment firm Needham & Co.
IBM To Ship Midrange NAS Appliances From NetApp (CRN)
IBM on Tuesday unveiled the second fruit of its OEM relationship with
Network Appliance: a new family of midrange NAS appliances.
'Live phishing' experiment nets consumers hook, line, and sinker (SC
Magazine)
Despite the spiraling threat from identity theft, most consumers who
were recently approached by complete strangers on the streets of New
York freely gave up personal and sensitive data, which could be used by
cyber criminals to crack account passwords or to steal identities
outright.
_____________________________________________________________________________________
November 7, 2005
Pizza chain caught without fully baked security (CNET)
Papa John's beefs up security for its Web-based e-mail system
after internal e-mail and customer data are exposed.
Check Point Targets Enterprise Spyware (CRN)
Check Point Software Technologies has ratcheted up end point
security for the enterprise.
Taking On Malware with Open Source (NewsFactor)
A team of I.T. staffers at the University of Indianapolis
recently showed off a bundle of open-source tools and scripts it uses to
trap and isolate PCs infected by viruses or spyware.
Critical Flash Flaw Found, Fixed (TechWeb)
Macromedia's Flash has a critical bug that leaves all browser
users armed with the popular media player open to attack, a security
firm says, but a patch is available.
New Tool Wirelessly Manages PDAs (PC World)
Good Technology devises security administration set to track,
manage corporate handhelds.
Homeland Security's vague cyber plan (CNET)
Even though the term appears 148 times in a new report, it's not
clear what the Bush administration is planning.
Microsoft AntiSpyware Renamed (NewsFactor)
In anticipation of the new security features that will ship with
the Windows Vista operating system, Microsoft has updated and renamed a
key component of its security arsenal.
Sony Copy Protection Patch Can Crash Windows (TechWeb)
A patch posted by Sony BMG Music Entertainment that reveals its
copy-protection scheme's files may make some computers crash, says one
of the researchers who first uncovered Sony's use of a hacker rootkit on
its music CDs.
Locking Data Down with Atempo's Time Navigator (eWeek)
Atempo has updated its Time Navigator backup software with Time
Navigator SCM, which offers key management in addition to standard
encryption.
Aussies start purge of antipodean zombies (SC Magazine)
A new campaign to drive zombie computers off the internet has been
launched by the Australian government.
Navy Goes On Email Defensive (Security Pipeline)
The Navy is no longer allowing sailors access to commercial E-mail
services because they pose a security risk to its networks.
Microsoft Improves Security in Web Services Enhancements 3.0 (eWeek)
WSE 3.0 boasts simplified development of secure Web services,
integration with Visual Studio 2005 and consistency with Windows
Communication Foundation.
Prepare for critical Microsoft patch next week (SC Magazine)
Microsoft has revealed that next week's so-called "Patch Tuesday"
monthly software security bulletin release cycle will consist of just
one update.
Cisco To Lockdown Enforcement Network (Security Pipeline)
Network LockdownCisco Systems has signed a deal to supply
technology to upgrade the National Law Enforcement Telecommunications
System, the primary interstate law-enforcement network.
Kids more likely to take online risks at home rather than at school (SC
Magazine)
While home computer use for fun, games and emailing friends is common
among children, it also offers kids more opportunity to engage in risky
internet activities, recent research has warned.
November 5, 2005
Cisco IOS Hacker Lynn Finds Work at Juniper (eWeek)
Updated: Security researcher Michael Lynn, made famous for exposing a
major hole in Cisco's software, is now employed at Cisco rival Juniper.
_____________________________________________________________________________________
November 4, 2005
California Man Charged with Botnet Offenses (eWeek)
Federal authorities have announced the first U.S. case against an
alleged computer hacker, who is thought to have used an army of zombie
computers to net tens of thousands of dollars while on the payroll of
several spyware companies.
Sony Uncloaks Hidden DRM Code (PC World)
Criticism prompts release of a patch that identifies copy
controls to security software.
New York County Proposes Law to Enforce Wi-Fi Security (eWeek)
Businesses that collect customer information and provide wireless access
would be required to provide basic security such as firewalls.
Apple sounds alarm over QuickTime flaws (CNET)
"Highly critical" bug in media player could open door for a
denial-of-service attack, security company says.
Apple Plugs QuickTime Code Execution Holes (eWeek)
A new version of the QuickTime media player protects against "highly
critical" system access and denial-of-service vulnerabilities.
IT security acquisition specialist snaps up St. Bernard Software (SC
Magazine)
Sand Hill IT Security Acquisition Corp, a public targeted acquisition
corporation, has entered into a definitive merger agreement with
privately held IT security company St. Bernard Software.
Microsoft Patches Break Some Sites (PC World)
Change in ActiveX controls may conflict with some Web page
functions.
Microsoft Pushes For Federal Privacy Legislation (Information Week)
Brad Smith, the firm's general counsel, did not endorse a specific bill
but said a single national standard is better than the sometimes
contradictory patchwork of existing laws around the country.
Microsoft urges US government to revamp data privacy laws (SC Magazine)
Microsoft has called on the US government to implement a
"comprehensive legislative approach" to the issue of data privacy.
Man Is Charged With Infecting Computers (AP)
A 20-year-old man was arrested Thursday on charges of infecting almost
400,000 computers operated by the U.S. military and others with viruses
that helped launched electronic attacks and send spam e-mails.
DoS teen walks free from court (SC Magazine)
A British teenager who crashed his former employee's email server with
five million emails walked free from court after a judge ruled the boy
had not broken the law. _____________________________________________________________________________________
November 3, 2005
Cisco Fixes Critical Router Security Hole (Networking Pipeline)
Cisco has fixed a critical security hole in its Internetwork
Operating System that could have allowed hackers to take control of its
routers.
Online Banking Still Easily Hackable (NewsFactor)
Many consumers naively believe online transactions are safe if
they keep antivirus software updated and follow security tips posted on
banking Web sites. Not so, say security experts.
Frequent Fliers Speed Screening Via Biometrics (Information Week)
Federal officials are evaluating the results--some 10,000
frequent fliers have signed up so far--before deciding how to proceed.
AOL Instant Messenger worm harbinger of worse malware to come (SC
Magazine)
Security experts have warned that a new generation of hybrid
malware is being developed that targets Instant Messenger (IM) networks
to propagate.
Cisco Patches 'Black Hat' IOS Flaw (eWeek)
Three months after Michael Lynn's controversial presentation of exploit
shellcode in Cisco IOS, the company finally posts a comprehensive fix
for the code execution flaw.
Anti-Spyware Coalition agrees spyware definition (SC Magazine)
The Anti-Spyware Coalition (ASC) has unveiled its final, consensus
definition of spyware, which was developed by coalition members
including major anti-spyware companies, software developers and public
interest groups.
curl, wget, and openssl096b security updates (Red Hat Network Alert)
Updated curl packages that fix a security issue are now
available, updated wget packages that fix a security issue are now
available, and updated OpenSSL096b compatibility packages that fix a
remote denial of service vulnerability are now available. _____________________________________________________________________________________
November 2, 2005
Microsoft patches may break Web sites (CNET)
Web sites that use certain custom applications won't display as
expected in Internet Explorer after installing two Microsoft security
updates.
Microsoft Adds PC Security Tools to Windows Live (eWeek)
As part of its consumer security push, Microsoft is including a free
Web-based anti-virus scanning utility with the Windows Live service.
Hacker Develops Oracle Worm (PC World)
Sample carries harmless payload, but demonstrates an attack
unique to Oracle databases.
Sony CD Copy Protection Relies On Hacker Rootkit (TechWeb)
Sony is apparently borrowing a tactic from hackers for their DRM'
technology, and some security experts question the practice.
Security Patch Watch: Cisco IPS, Net BSD, OpenVPN (eWeek)
A round-up of security vulnerabilities flagged and fixed in
several widely deployed enterprise products.
VeriSign Endorses Infineon’s PC Security System (Security Pipeline)
German chipmaker Infineon Technologies AG is working with
VeriSign Inc. on extending the security of transactions made with
personal computers.
Password Keeper 2000 (NewsFactor)
Users who need individual file security on a wide scale will find
Password Keeper an easy-to-use program that is, above everything else,
secure.
MessageLabs buys secure IM company (SC Magazine)
Email security company MessageLabs is to buy New York-based enterprise
instant messaging company Omnipod for an undisclosed sum. The completion
of the acquisition remains subject to shareholder approval.
October 2005 worst ever month for new viruses (SC Magazine)
Security experts have reported that this October saw biggest ever
recorded increase in new viruses. According to Sophos, last month's
total of 1,685 newly discovered viruses marked the greatest
month-on-month jump since the firm first began regular malware
monitoring in the late 1980s.
Nortel and Websense talk up mobile phone security (SC Magazine)
Nortel and Websense have signed an agreement to develop web content
filtering technology to protect GSM/UMTS mobile handsets from receiving
and accessing unwanted content. _____________________________________________________________________________________
November 1, 2005
Man Is Sentenced in Phishing Fraud (AP)
A British man was sentenced to four years in jail Tuesday for
masterminding a "phishing" fraud that stole identities and bank details
from users of the eBay auction site.
Cisco Pushes Security for the LAN (NewsFactor)
Cisco announced the second phase of its Network Admission Control
program, which includes the ability to block network access or dangerous
clients at the LAN level.
Trend Micro Ships Antispyware For Enterprises (Security Pipeline)
Trend Micro is beefing up its security product line with the launch
of a stand-alone antispyware product for enterprise customers.
New type of phishing could hit mobile phone users (SC Magazine)
Experts have warned of a new type of phishing that could siphon
bank details from mobile phone users.
'Frankenstein' Attack Hits AIM (PC World)
Instant messaging users warned of worm that installs backdoor on
infected machines.
Hackers use bird flu emails to hijack computers (Reuters)
Computer hackers are exploiting fears over bird flu by releasing a
computer virus attached to an email passing itself off as containing
avian flu information, warned Spainish computer firm Panda Software.
Hackers up pressure on P2P networks (SC Magazine)
A newly published security report has identified 22 previously
undocumented Peer to Peer (P2P) attacks in October which were targeted
at networks including Kazaa and eDonkey. The study from Instant
Messaging (IM) security firm Akonix Systems indicates a 19 percent
increase in malicious P2P exploits compared with the volume recorded in
September 2005.
IBM Places Security on Bootup (PC World)
AXE technology fights viruses, malware at the root of any operating
system.
One third of large enterprises admit being hacked (SC Magazine)
A third of large enterprises admit they have been victims of intrusions
to their office networks and office servers in the last two years,
research has claimed. According to a poll of 360 enterprise IT security
professionals published today, more than 40 percent of companies with
20,000 or more employees indicate that they have fallen victim to
hackers during the same time period.
|
