 |
 |
| Top
Security News |
IPSwitch IMail Server Has A Glitch
Multiple ActiveX control buffer overflow issues could lead to an IPSwitch-equipped machine being compromised if someone uses it to visit a malicious website. Those who have already upgraded their IPSwitch...
What's Important In Your Web Application...
As with many other business analysis issues, there are three sides to the story when looking at Web application security testing: yours, the findings of your vulnerability assessment, and the truth. Whether you're using a commercial or open source...
McAfee Goes Podcasting
McAfee has launched a twice-monthly podcast series about topics related to computer and Internet security, starting with a discussion of the Nordea Bank phishing incident, and information disclosure. The new podcast goes by the name AudioParasitics. Anyone who...
Symantec Breaks Down Vista Security
The security company has been looking into Windows Vista since 2005, and published an assessment of its security implications. As a caveat, one of Symantec's Vista articles regarding User Account Control (UAC) has been disputed as to its potential impact.
New Storm Variant Hits Blogs, Emails
A polymorphic version of the Storm worm will deliver a rootkit to an unsuspecting victim's machine, and from there will post a link to itself in the blog entries, forum posts, and emails coming from the now-infected...
TJX Data Breach Grows Wider
The hole in the security for the clothing chain was wider than initially reported, and it could spur legislation holding companies responsible for these breaches. TJX initially disclosed that the intrusion into its systems happened in the May 2006 through January...
CastleCops Draws DDoS Attack
The security site had been facing a distributed denial of service attack for several hours; the attack hit 1 Gb/second at its peak.
Someone out there isn't a fan of Paul Laudanski or CastleCops. The site hosts several security resources, including one of...
|
|
|
 |
|
Symantec said in its latest Internet Security Threat Report, for the period of July through December 2006, that the access to essential details about a person's identity could be had for a low price of $14.
The myriad threats posed by online criminals became worse as they have started to organize in ways that
would make the old Mafia proud. Bugsy Siegel had nothing on the crooks working in concert to steal financial information.
Symantec's newest report paints a picture of cybercrime that is so scary, it might make people long for the days where the Olivetti manual typewriter represented the pinnacle of communicating with others. To be very blunt, there are a lot of computer users out there who should be restricted to the MS25 Premier Olivetti model until they learn not to click on links in email.
The report found that 93 percent of all targeted attacks focused on home computer users. That has reaped
rewards for criminals, whose command and control bots on infected PCs in the US account for 40 percent of the global total.
With Symantec now tracking 'Underground Economy Servers,' they found 51 percent of these operating in the US, which also accounted for thirty-one percent of all malicious activity that took place for the six-month period measured.
Those Underground Servers facilitate a thriving black market of personal information. Life is very cheap on the Internet there. Credit cards with card verification numbers go for between $1 and $6, while full-fledged identities trade for $14 to $18 each.
Computer breaches that resulted in data theft caused many of the problems seen by Symantec. Government operated computers suffered so many breaches that they accounted for a quarter of all identity-theft related ones. That's more than any other sector for the period.
The trend of attacking applications rather than operating systems to force those breaches throughout various sectors of computing continues to appeal to criminals. Symantec explained:
Instead of exploiting high-severity vulnerabilities in
direct attacks, attackers are now discovering and exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and Web
browsers.
Those vulnerabilities are often used in 'gateway'
attacks, in which an initial exploitation takes place not to breach data immediately, but to establish a foothold from which subsequent, more malicious attacks can be launched.
Continue reading this article.
About
the Author:
David Utter is a technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
