FTC Shuts Down Malicious ISP
The Federal Trade Commission won a court order to shut off Internet and data center services to San Jose, Calif.-based Triple Fiber Network (3FN.net), alleging the ISP was rogue network hosting and facilitating botnets, phishing sites, and child porn.
Time For Craigslist To Terminate Job Scammers
Most security news covers security risks of the same kind-spam, viruses, email phishing-but not much is said of security risks taking other forms. Perhaps this is because most security companies, who provide much of the security information available, promote software and hardware to battle very specific types of threats.
Twitter Trends Targeted By Scareware Crooks
Over the weekend, Twitter was hit with what was thought to be the first scareware distribution attack. It didn't stop at the weekend, though. Scareware attacks continue through today as cybercrooks target trending topics.
Government Web Pages Baited With Sex Scandal
Two government websites, one county level and one state, were found to be infected with malware, according TrendMicro. Both infected sites lured victims to other malicious webpages with the promise of a nude celebrity.
Phishers Prompt Emailers To Dial-A-Thief
Likely, scores of spoof sites appearing to be official bank sites pepper the Internet at any given time, but less often do phishers direct targets to make a phone call.
McAfee Reveals Most Dangerous Search Terms
In a study of search terms and results leading to malware sites, McAfee found almost six out of ten (59%*)search results for keyword variations of "screensavers" lead to sites containing malware. Half of "lyrics" searches produce the same.
Spam Spikes Big In May
Over 90 percent of corporate email is spam, according to MessageLabs, reflecting a five percent increase over April. Security researchers peg the popularity of webmail and social networks, as well as CAPTCHA-breaking bots, as the chief catalysts for the recent spike.
Survey: IT Managers Unprepared For 'Social Security' Risks
Make that social media security risks. A survey of 1,300 IT professionals worldwide conducted by Websense reveals a majority of IT managers are still unsure what constitutes Web 2.0, and are ill-equipped to combat security concerns associated with social media.
Gumblar Backdoors The Internet
If you were trying to think of a name for an ogre, Gumblar might be a good choice. In this case, though, we're talking about one nasty "botnet of compromised" websites that's gaining steam quickly and screwing with people's Google search results.
McAfee Taps H-wood, the Woz, for Cybercrime Film Series
McAfee launched an interesting campaign today by posting the first episode in a film series, entitled "H*Commerce: The Business of Hacking You." The security company tapped Seth Gordon, known for the film "Four Christmases," to create the series, which is designed to expose the techniques of international cybercriminals and how they affect people closer to home.
Half Of US Schools Have Battled IT Breaches
In the past year, 55 percent of US K-12 school districts experienced some sort of IT breach, including unauthorized user access, hacking, or viruses, making cyber breaches nearly as prevalent as physical breaches; 67 percent reported break-ins, unauthorized building access or vandalism.
Acai Spam Inspires Tightened Filters More Than Tightened Belts
If there's one thing that's a guaranteed moneymaker, it's the promise of weight loss-it's almost as popular as cheeseburgers. Marketers and scammers of all stripes know this, including spammers. As bikini season rapidly approaches (yay!), the security conscious might want to tighten their filters.
PowerPoint Patched, Except On Macs
Microsoft issued a patch for critical vulnerabilities in PowerPoint this week after a bit of a wait. Mac users will continue to wait, however.
200,000 Social Network Spoofs Spreading Malware
At least 200,000 websites designed to spoof social networks like Facebook, MySpace, and Twitter exist on the Web and are growing, according to research by Websense Security Labs. Most of them, about 150,000 target Facebook users.
Most Malware Hosted On Trusted Sites
As the folklore of the Web goes, one contracts a computer virus in places analogous to where one might contract certain types of real viruses: in "bad" neighborhoods one shouldn't be in the first place. But times are changing, and though New York City cleaned up Times Square, cybercrooks are setting up shop in some of the Web's busiest places.
Berkeley Hack Unnoticed For Six Months
It's embarrassing enough for an institution when its databases are hacked and trusting clientele have their information accessed by an anonymous third party. It's doubly embarrassing when it's discovered an institution's databases were wide open for six months.
Image Spam Surged 300% In April
Though the Conficker worm threat turned out to be more hype than reality in April, spammers and cybercrooks were still very active in exploiting public interests. Latching on to traditions as well as big news stories provided venue for peddling a morass of trash.
Korean, American Hackers Have Busy Week
There are two disturbing hacking-related stories circulating, one involving allegations North Korea has recruited hackers with the purpose of infiltrating US and South Korean networks, and another involving a prescription database breach in Virginia.
Botnet Armies Regrouping: 12 Million Hijacked IPs In Q1
The numbers are alarming just because of the sheer size of them. In the first quarter of 2009, 12 million new IP addresses were hijacked by botnets, according to one report. In another, security researchers who temporarily took control of one botnet grabbed 56,000 passwords in a single hour.
Qualys: IT Admins Neglecting Adobe Patches
IT workers are not being vigilant enough about patching critical vulnerabilities in Adobe, according to Qualys CTO Wolfgang Kandek, which could be a reason why attackers continue to target Adobe programs.
MessageLabs: Over 3,500 Malicious Sites Created Daily
Spam levels have spiked in 2009, rising above the 85 percent mark for the first time since 2007, according to MessageLabs' monthly Intelligence Report. The chief reason for the sudden up-tick appears to be image spam originating in China.
McAfee Reveals Cybercrime Response Unit
McAfee has released a free, new service to help people determine if they have been the victim of cybercrime and what to do about it.
Spammers Piggyback On Swine Flu Outbreak
Spammers never miss an opportunity to capitalize on a buzzy topic. Already the concern over a recent outbreak of the swine flu has produced a wave of swine flu related spam.
Time To Put The Brakes On The Cybersecurity Act
What is essentially a federal government power grab combined with a giant money grab for industry is a real and perhaps unnecessary threat to your privacy and personal security. On top of that hole in your privacy, the Cybersecurity Act of 2009 plants a big, potentially exploitable hole on the network.
Company Hires Hacker Kid, Kid Keeps Hacking
The seventeen-year-old hacker who gave Twitter a busy weekend earlier in the month was subsequently hired by hosting company exqSoft Solutions, a reward that may have inspired further bad behavior.
Russian Ransomware Requires SMS Unlock Code
Malicious software designed to lock up a victim's computer until a ransom is paid, called ransomware, is making the rounds again. This latest variant, tabbed by security companies as Trojan.Ransomlock, prompts the victim to send an SMS message to begin the unlocking process.
AVG Releases Free Real-Time Search Virus Scanner
AVG has pretty good timing considering the recent success cybercrooks have had with manipulating search results to direct searchers to malicious websites. The security company released a free tool today that scans links before users click on them.
Google Search Becomes Malware Trap
My original intent was to relay a heartwarming/heartbreaking story if you hadn't heard it already. It's a narrative you hear periodically in different forms with different details: A man found his long lost daughter via Google. However, in trying to find content referenced but not linked in the news articles about the subject I found nothing but malware traps right at the top of the results.
Verizon: Breaches in ’08 Outnumber Previous Four Years Combined
Verizon investigated 90 confirmed data breaches in 2008 and discovered that an astonishing 285 million records were compromised, more than in the previous four years combined. In addition, the vast majority of breaches could have been avoided.
Conficker Becomes Downdac, A Waledac Zombie
Security researchers are honing in on the mysterious Conficker worm, also known as Downad, and their analysis is showing a definite connection with Waledac, a spam botnet reincarnation of Storm, with the end goal of infecting computers with a fake anti-virus Trojan, also known as "scareware" or "rogueware."
Scareware Blackhatters Target Ford, Nissan, Google
PandaLabs has identified over a million spam links used to target Google searchers looking for information about automotive parts from Ford and Nissan especially. Panda calls it "a major Blackhat SEO attack" designed to dupe searchers into downloading spyware or purchasing phony security software.
Mikeyy Cracks Twitter, Gets Too Much Attention
Luckily for Twitter, a pair of hack-attacks over the weekend were more embarrassing than damaging. Cracked by a bored teenager in the waning days of his prosecutorial immunity (he's 17), Twitter had tweeting back to normal relatively quickly.
The Resurrection of Conficker
Just a week after the April Fools Day hysteria surrounding Conficker.C, most have forgotten and gone on. Security researchers, however, have not, and have noted more activity and a possible connection to the spambot Waledac.
Cybersecurity Bill Empowers President To Shut Down Internet
Two bills introduced giving the President the power to deem a private network part of the nation's critical infrastructure and shut it down for cybersecurity reasons also gives the Commerce Secretary the power to access network data outside of oversight. The Big Brother vibe coming off both is reminiscent of a demanding report submitted before Obama even took office.
Credit Crunch Drives Industrial Espionage Close To Home
It's a bit of a vicious cycle: Greedy, bad actors taking advantage of the good times until good times end in bad times and a different set of greedy, bad actors start taking advantage of the bad times-and there goes a little more faith in humanity.
Spammers, Hackers Target User-Uploaded Image Sites
The number of websites blocked for hosting malicious content rose by 197 percent in March, according to MessageLabs, the highest number since October 2008. Experts credit the spike to a sharp increase in web-based and email-borne images with injected scripts like JavaScript and VBScript.
Conficker A Dud On April Fools
Well, just like how we watched the clock tick past midnight on January 1, 2000 and subsequently noticed the world was essentially the same as it always was-a few people preaching doom, a lot more stocking up on bottled water, and the rest waiting and watching with bated breath. April 1, 2009 goes down as the day the world was duped by reasonably harmless computer virus.
Security Industry Scares Press, Press Scares Everybody
Security companies are trying to downplay the hype surrounding the Conficker worm and what potentially might happen. While they release tools and "vaccines" for dealing with infection, the new general consensus is that nobody knows what the hubbub is all about.
HP Reveals Free Security Tool For Flash Developers
HP's Web Security Research Group has developed SWFScan, a free tool for Flash developers they can use to discover security vulnerabilities in the applications they create.
Ransom-Ware Is Back, Channeled Through Scareware
Hackers seizing data and holding it for ransom isn't a new idea. Back in 2005, we reported a ransom-ware attack on a company that led promptly to the hacker's arrest. Ransom-ware is back, automated, and targets individuals as much as companies.
Panda Releases Free Conficker Vaccine
Earlier iterations of the Conficker worm were effectively shut down, but researchers have discovered that a new variant is set to launch April 1. Conficker's signature attack is via USB drives, and Panda Security has released a free "vaccine" to immunize computers from infection.
Firefox on Windows, Chrome Tough Nuts to Crack
For the longest time in hacker folklore Internet Explorer and Microsoft Windows were the key targets and most exploitable while Macintosh and Safari were virtually ignored. But times they are a-changin', roles are reversing, and Google's Chrome comes out as a dark horse.
Rogueware Racks Up $11,000 Daily For Affiliates
Obviously, cyber crooks wouldn't do what they do if there wasn't any money in it. Thanks to some black-hat search engine optimization and a little rogueware (a.k.a. scareware), some are making almost $11,000 a day, according to FinJan's first Cybercrime Intelligence Report for 2009.
Be Careful What You Click On
It's a good idea, but not a new idea, that one shouldn't just go around clicking any ole link they see without at least taking a good luck at it. That's still important today, especially as the populace becomes more comfortable with Web surfing.
Worm Set For April Fools Day Launch
Security researchers have sent out notice about a worm set to hit the wild on April 1, making the situation no laughing matter. Conficker.C, the latest variant of Conficker.A and Conficker.B-both of which have been shut down by some crafty reverse engineering-isn't quite as nasty as its predecessors, in the same way Lil Kim isn't quite as nasty as 2 Live Crew.
Insiders Thought To Hack Russian ATMs
CORRECTION: Originally it was stated in this article there were two data breaches at Heartland Payment Systems. There was only one breach where malware was found on the network. We apologize for any confusion this may have caused.
Parents Concerned But Not Too Concerned About Online Safety
Though most parents worry about online strangers, predators, pornography, and violence, only a third of them actually use parental controls to help ensure their children's safety when using the Internet.
Dirty Bomb Email Uses Geolocation
Security news seems suddenly to be a chronicle of cybercrook innovation. The latest low-down dirty trick is the use of geo-location to personally tailor a disaster news story to the recipient's hometown.
Another Day Another Social Network Phishing Spoof
A phishing email is making the rounds. Can you guess which Internet giant the hackers are spoofing this time? If it's not Google or Twitter then it must be Facebook, right? Right.
Thousands Of Minn. Senator Campaign Donors Info Exposed
To say it's been a rough few months for possibly ex-Senator Norm Coleman is an understatement. Come March he's still battling Al Franken for his Minnesota Senate seat. To add to that: nearly 5,000 campaign donors just found out Coleman's campaign published their credit card numbers-and every bit of other information about them-online in January.
Democrats.org Used For Parasite Hosting
Google's trust of Democrats.org, the Democrat National Party's official website, is being abused by cybercrooks to spread spam and malware via search results. Criminals are able to achieve high ranking for their sites in the search results simply by setting up a blog at the DNC website and passing on link juice from there.
Symantec Calms PIFTS Panic
When users of Symantec's Norton Antivirus received a strange message about an odd executable file, the panic became exponential when Symantec started actively deleting posts about it in its own support forums. And then came the real bad news.
Spam Expected To Rise 20% In March
Spam is expected to increase by 20 percent in March, according to McAfee, and exposure to each one percent is expected to cost companies about $41,000.
Twitter A Target For Parasite Hosting
Google's seemingly automatic trust of popular social media sites like Twitter, Facebook, and Wikipedia make all of them-and by default, you, the end game-a target of spammers, scammers, and hackers. Combine that trust with Twittter's foray into realtime search, and you've got yourself some spammer's delight.
DHL Spoofed, NYPD Goofed, And Cybercrook Runs For Office
Forget the Sopranos. In the 21st Century, the mafia is digital. But just like the old days, they focus on the shipping industry, corruption inside law enforcement, and political implantations.
Facebook Gets Restraining Order Against Spam King
Facebook won a restraining order against notorious spam king Samford "Spamford" Wallace in US District Court, a victory that, if history is any indication, is mostly symbolic.
Koobface Returns For Social Network Sitting Ducks
Social networkers, you've been reclassified. You're now sitting ducks, neatly corralled by the millions with six degrees of separation or less, and the infamous Koobface new and improved is using your friend as both decoy and digital bird flu carrier.
YouTube, Digg Drive 400% Rise In Adware Infection
There's been a disturbing trend over the past few weeks showing that cyber-criminals are getting more adept at using popular social sites to ambush unsuspecting users. We've seen attacks targeted at Twitter, Facebook, Google's Gmail, Gtalk, and even search. Today's spotlight is on YouTube, a big part of the reason PandaLabs has seen a 400 percent spike in the infection rate of a specific kind of adware.
US Working On Security Cyborg
You know those guys in Oak Ridge, TN that made the world's first atomic bomb? Well now they're making cyborgs.
Google Trends Abuse Highlights Malware Perfect Storm
It used to be one was at most risk of getting a computer virus via spam or frequenting bad Internet neighborhoods (places one probably shouldn't be hanging out in the first place, picking up just any old download they come across). These days malware pushers have come out in the open where the masses collect, and places like Google, Facebook, and Twitter are starting to resemble the Time Square of old-with peril and vice all around.
Google Talk Phishing Attack Sounds Alarms
The old X Files adage aptly applies to the Internet these days: Trust no one. Some Gmail users, already miffed about previous service outages, were invited through Google Talk to watch a video by clicking a link. Of course, bad news awaited.
Search Spam Back On The Rise
It's not a new tactic, but it is a revisited one. Spammers are using search engine links-redirect links created by searching for a domain or keyword and copied before resolving-to disguised the addresses of their malicious websites. They do this to fool spam filters by piggybacking on the credibility of major search engines like Google.
Facebook Hit With Malicious App
As far as malware tricks go, this one is pretty diabolical. Over the weekend, Facebook users started receiving messages saying friends had tried to view their profile but were unable to do so. The message prompts the user to install a third party app, oddly titled "Error Check System."
Google Offers Best Practices Against Hacking
Security news focuses a lot on spambots and malicious material found out in the wild. But the webmaster's backyard can be an unexpectedly dangerous place with little hacker landmines buried here and there.
Resizing Shortened URLs So You Know What You’re Clicking
Tools for shortening URLs have become very popular in the age of microblogging, but shortening a URL to incomprehensible code makes it impossible to know what you're clicking on.
Security Company Asks Obama To Think Twice About Open Source
Proprietary computer security company Fortify hopes the Obama Administration will think carefully about adopting open source software, especially in regard to security concerns.
Google, MSN, Yahoo Sites Hijacked By Crooks
The cleverness and sophistication spammers and malware creators have reached is at times breathtaking. It's one thing to spread via shady, malicious websites, but it's another when they convince your computer it's talking to Google itself.
Twitterers Spooked By Clickjacking
Seems like popular websites go through stages: early buzz and adoption, mainstream media recognition, funding and monetization brainstorming, meteoric growth, the how-easy-is-it-to-hack stage, the marketer gaming stage, the juggernaut stage, and finally, the full corporate-government conspiracy stage. Twitter, it would appear, is in the how-easy-is-it-to-hack stage.
Valentine’s Spam Hearts Your Inbox
Valentine's Day spammers have a serious crush on your inbox this year. Since the beginning of February, the proportion of Valentine's related spam has increased from two percent to nine percent, perhaps the largest volume ever seen, according to MessageLabs.
Digg This: Malware Makers Target Social Media
It seems unlikely a Digg.com user (generally thought of as young and tech savvy) would be fooled by comment spam promising video of "Heath Ledger naked in the shower, playing with herself." They might though, take the bait for a simpler, error-free "Megan Fox naked NEW SEX TAPE."
Database Hack Shows Predictability of Passwords
A hacked forum reveals once again that people-even tech savvy ones-need to work on their password originality. Keying 123456 just isn't going to cut it, neither is "password," which are two of the most common choices among users of phpbb.com.
ID Thieves Getting Less Money Out of 10 Million Americans
While the number of American identity theft fraud victims went up about 22 percent last year, the good news is they were taken for less: about $5000 on average. Security researchers credit better, faster, and cheaper fraud detection as a reason for the decline.
Gov.-Contracted Cybersecurity Firm Breached
News of serious data breach at SRA International was likely drowned out by the US Presidential inauguration. The same day Heartland Systems announced the largest data breach in history, affecting millions of credit card numbers, SRA announced the discovery of a virus on its network.
Brazil Earns Top Spam Honors In January
AppRiver says January saw a 120% increase in total email traffic. Of nine million messages, over 97 percent were spam or carried a virus, according to the company's Threat and Scamscape Report for February.
Lessons Learned From Virgin’s Glaring Vulnerability
A customer-facing vulnerability at Virgin Mobile's website could have allowed anyone with knowledge of another person's mobile number to make account changes. Fortunately, beyond a Virgin coders' giant security hole embarrassment, this can be what they call a teachable moment.
Fannie Mae Learns Luck Isn’t Good IT Oversight
A "logic bomb" set to go off this past weekend by a terminated Fannie Mae employee sent shockwaves through the security industry, bringing up the inevitable "how do I keep this from happening to me?"
Fannie Mae Contractor Indicted For Planting Malicious Code Time Bomb
Wouldn't it have been fun, after all of Fannie Mae's other woes, their entire IT system-consisting of 4,000 servers, just up and crashed? Had it not been for a chance discovery, that would have happened tomorrow morning.
Economic Crisis Thought To Fuel Data Theft
Last year, companies worldwide lost about $1 trillion to intellectual property theft and damage repair, an estimate McAfee calls conservative. The company warns that a weakened worldwide economy will just increase data theft in 2009.
Post McColo, Spam Levels Return to Normal
Spam is nearly back to business as usual, reaching up to 90 percent of pre McColo Corp. takedown levels. After a couple of months, botnets have found new bases of operation and are expanding at alarming rates.
Removing Confounding Conficker
If you're one of an estimated ten million afflicted with the Conficker worm, SecureWorks has proffered a workaround to clean it off your system.
Conficker Worm Called An Epidemic
A week and a half ago, Panda Security warned about the potential spread of the Conficker worm, a virus spread via USB devices. Since then, Panda has found that nearly six percent of scanned computers were infected, spanning 83 countries.
History's Biggest Data Breach Upstaged By Biggest Inauguration
It's a tough line to swallow that Heartland Payment System's announcement about the biggest security breach in history wasn't timed to be effectively drowned out by inauguration buzz-about as hard to swallow as the idea that tens of millions of credit card numbers are essentially useless to those who snagged them.
Malware Trendsetters For 2009
There've been a lot of malware forecasts for 2009, and nearly all of them indicate that the digital scourge will be more sophisticated than in the past. McAfee's latest release of threat predictions is no exception, documenting how malware authors continuously keep up to date with the latest technological trends.
The Botnet Heavyweights Of 2009
SecureNetworks' list of "bots to watch in 2009" reads like an overview of heavyweight boxers, detailing weight, records, and fighting styles. The good news is some heavy hitters retired in 2008.
Securing The Presidential Blackberry
The Presidential Blackberry. Wouldn't you love to get a glimpse of it? That's precisely the problem, former White House Deputy Chief of Staff Joe Hagin told SecurityProNews. While President Bush travels generally incommunicado-that is, unthinkably for most us, sans mobile phone-the President-Elect is in a very public argument for retention of his pre-election smart phone.
Spam News: Michelle Obama Hotter Than Britney?
Well, socially speaking, there being more interest in First Lady-Elect Michelle Obama than in Britney Spears or Paris Hilton is a positive change, one that bodes well for society. On the flip side, as Inauguration Day nears, spammers are rewarding that renewed interest in affairs of state with an onslaught of junk mail
Microsoft Quietly Patches First Tuesday In ‘09
Microsoft followed up last month's dramatic, record-breaking Patch Tuesday with a much quieter one this time, releasing a single security bulletin addressing three vulnerabilities in Windows 2000, Windows XP, and Windows Server 2003.
Conficker Worm Spooks Security Researchers
Security experts are warning that malware authors may be gearing up for a large-scale attack via what's been dubbed the "Conficker worm," a virus exploiting a Microsoft Windows server vulnerability and spread via USB device.
Crooks Target Inboxes With CNN Gaza News
Cybercrooks' latest attempt at your bank account comes in the form of CNN.com look-alike emails leading to CNN look-alike webpages offering graphic videos from Gaza via a fake Adobe Flash player.
Unemployed A Big Spam/Phishing Target In 2009
Expect more sophisticated spamming in 2009. And thanks to the economy, an increase in scams targeting the down and out, the tax-rebate hopeful, and the noble yet digitally naïve pull-yourself-up-by-your-bootstraps market.
Hacker Claims Responsibility For Celeb Hacks
It would be hard to be more embarrassed than the guy caught with his pants down at the ski life-whose photos are at SmokingGun-but if there's a contender, it's "Crystal" at Twitter, whose admin support account was hacked by a standard "dictionary" attack.
Celeb Twitters Hacked
It was an especially nasty Monday morning at Twitter yesterday. Likely the staff didn't have time to fully wallow in post-holiday back-to-work blues for all the fires to be put out. In addition to a widespread phishing scam over the weekend, 33 celebrity accounts were hacked.
Twitter-Based Phishing Scam Raises Alarms
It was only a matter of time before hackers targeted the increasingly popular Twitter microblogging platform. Over the weekend, phishers sent out direct messages appearing to be from Tweeters, but were really password gathering decoys.
Storm Worm Reincarnates As Waledac
Shadowserver has issued a detailed analysis of a malware variant called Waledac, and the crew there suspects it is a form of Storm Worm, spread via fairly sophisticated means.
Oops, Fake Google Invites Users To Go Phishing
If scammers could spell, they'd really be dangerous, especially when Google's asleep at the wheel. The latest scam utilizes an actual Google Calendar invitation in an attempt to dupe recipients into providing their Gmail passwords and birth dates. The email comes from someone with the user name "customer varification."
Security Freebies For The Budget-Busted
After our ritual annual money-purge (some call it Christmas), free more than ever is a good thing. With that in mind, here are some security freebies for developers and network managers.
An SQL Server Zero-Day Exploit In Time For Christmas
‘Tis the season for zero-day exploits. Microsoft issued a new advisory last night about a zero-day exploit affecting SQL servers. Tell your IT guy Merry Christmas once you have him on the phone.
Top Cybercrimes of 2008
It was unfortunately a big year for cybercrooks. 2008 brought one major hit against spammers-the shutdown of McColo Corp. where as much as 75 percent of the world's spam was hosted. That was short-lived though, and spam levels rose again as cretins scattered to new locations, punctuating a year marked by malware breakthroughs.
All Browsers Vulnerable As Holiday Season Continues
It's been a rough week for browser security. If you've heard of a particular internet browser, chances are patches were issued for it. Spikes in exploits are likely associated with increased holiday shopping.
Report: Laid-Off IT Workers Will Go Rogue In 2009
Security company Finjan is predicting a rise in cybercrime in 2009, stemming especially from poor economic conditions. Though cybercriminals have already started exploiting the public's fears, Finjan's prediction adds a new dynamic: the rise in cybercrime will be facilitated by laid-off IT workers.
Survey: Parents Not Proactive Enough About Security
Though most parents have spoken to their kids about risky online behavior, less than half are monitoring that behavior to ensure their kids aren't put at risk, according to a nationwide survey by CA, Inc.
Zero-Day IE7 Exploits Missed On Patch Tuesday
Despite a record-breaking Patch Tuesday this week-28 patches across 8 reported vulnerabilities in one swipe-Microsoft managed to miss a couple. This has resulted in a zero-day exploit, originating from China, of Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.
McAfee: Cybercrooks Could Worsen Economy Further
The flagging economy only encourages cybercriminals, says McAfee, and with governments distracted and cybercops in short supply, the new fear is that Internet-based fraud will perpetuate poor consumer confidence and delay economic recovery.
It’s Office and Web Bugs Month, Everybody
Microsoft released eight security patches today, the highest number of patches released in a single day since the company started Patch Tuesday. Presumably, changing the name to Patches Tuesday makes the event sound too cutesy.
Obama Gets Cybersecurity Bailout Proposal
Every bank in the world, the Big Three Automakers, and soon the cybersecurity industry. A bipartisan commission beseeches President-Elect Obama to set aside $30 billion for securing cyberspace and tougher regulations after both the government and the market failed to protect critical industry sectors like finance and infrastructure.
Beware The Scareware
"Scareware" sounds like a marketing term for a Halloween costume. It's not, it's a trendy new term for malware posing as security warnings in order to dupe the user into downloading a virus.
Web 2.0 the Malware Target of the Future
Thanks to aggressive community action and law enforcement spam levels and phishing attacks were fewer in 2008, but Symantec's MessageLabs warns in its Intelligence 2008 Security Report that Web-based attacks and targeted Trojans show no sign of slowing down.
Merry Christmas, You're Infected
It's no surprise spammers and hackers have already launched Christmas-themed attacks; just as certain as testy crowds at the mall, they capitalize on whatever the current cultural meme may be. McAfee warns the latest attempts at infection come cloaked in familiar, legitimate labels.
Having Some Backup Is Important
Data loss can be inconvenient and embarrassing, or it can be devastating. Only about eight percent of small and medium-sized businesses haven't backed up their data in any way, but half of the respondents to a Symantec survey have lost data.
Live Search Updates Webmaster Center With Malware Sniffer
Worried about the possibility part of your website has been hijacked by malicious hackers without you knowing it? It happens sometimes, and sometimes a webmaster can link out to a site with undiscovered malicious code.
Post McColo, Spam On The Rise Again
It seemed from the beginning something that would only be temporary as spammers regrouped. Though spam levels dropped by as much 75 percent in the hours following McColo Corp.'s now infamous booting, spam's already making a comeback.
Underground Economy Booming
There's good news and bad news regarding Symantic's underground Internet economy report, released today. The good news is that the bad guys have steely eyes upon them at all times. The bad news is that the bad guys' business is booming.
75 Percent Of World’s Spam Knocked Offline
Score one for the security industry-a big one, a massively ginormous and temporary strike against spam. A slew of security companies and the Washington Post tracked massive amounts of spam back to one San Jose-based hosting company, now offline, and 75 percent of the world's spam went offline with it-for about 12 hours.
Zombies, How to Fight Them
Just so you're warned: If the zombies come back it could be your fault. "It is only a matter of time until the next W32/ZMist heads our way," premonishes McAfee's Vinoo Thomas. And it could all be because of something stupid.
AVG Update Labeled Windows File As Trojan
File this one under super embarrassing: Some users of the latest two versions of AVG's free virus scanner ended up with a computer in eternal boot mode. The antivirus software had falsely identified a critical Windows XP file as a Trojan virus.
Spam Alert: Obama In Sex Tape Scandal (Again)
Malicious spammers/hackers are continuing their efforts via shocking Obama-related subject lines. And why not? With a success rate of 1 in 12.5 million, that's at least 30 dopes in the US who might fall for it.
Express Scripts Reports Massive Data Breach
Pharmacy benefit management company Express Scripts sent out warning that millions of patient records could be exposed by extortionists following a data breach.
Beware of Presidential Malware
As the United States celebrates, or for about 46% of the population-mourns, the election of Barack Obama and the world continues its keen interest in this particular race, malware developers are in full attack mode trying to capitalize on a patriotic meme.
Campaigns Hacked, Obama Spam Commences
In case it's possible you're not sick of political news yet, here's the tidbit to set you over: Both Obama's and McCain's computer systems were hacked during the presidential campaign by foreign agents.
Clickjacking Is Scary, Real, And Kinda Hypothetical
The new boogieman of the security world is the practice of "clickjacking," or slipping an invisible link over a legitimate link to trick surfers into clicking it. Prevalence: unknown. Alert level: high, because only Firefox and Adobe can stop it.
Microsoft Blames Apps For Security Vulnerabilities
Microsoft, typically the darling of security vulnerability coverage, says targeting the operating system is old school. These days, the bad guys are targeting third-party applications.
ICANN Scrubs Net Of Malware Haven
Too little too late for EstDomains, and if you're too late to do anything before ICANN gets you then you're pretty darn slow. The quasi-private overseer of the Internet sent a shattering blow to the registrar via contractual technicality, shutting the company down and sending malware agents scattering.
Spammers Break CAPTCHAs, Exploit Social Networks
Spammers have evolved to perpetrate some pretty complicated schemes to get their wares (and warez) to large audiences. Recently they've shown sophistication beyond simple mailings by breaking CAPTCHA codes, enlisting decoy social networking sites and blogs, and even some search engine optimization.
Malicious Spam Up Eight Fold In 3Q
The number of malicious attachments increased eight-fold in the third quarter of 2008 over the previous quarter, according to Sophos. Between July and September, one in every 416 email messages contained a malicious attachment, up from one in every 3,333.
Your Keyboard Is Telling On You
Here's some news likely to make you a little queasy: Researchers have discovered a way to intercept keystrokes on a wired keyboard by intercepting electromagnetic waves emanating from the keyboard's connector wire.
Google And Yahoo Tout Secure Searching
Google's blog post about its "This site may harm your computer" warning in the search results and how webmasters can have Google check their sites for infections comes at an interesting time considering these aren't new features. Could it have something to do with Yahoo's multimedia campaign about its deal with McAfee?
Cyber Security As Worrisome As Drunk Driving To Moms
Since over half of moms surveyed by McAfee and Harris Interactive feel the government isn't doing enough to keep their kids safe online, they're taking matters into their own hands. Kids, of course, are offended.
Phishers Step Up Ops During Banking Crisis
Spammers and phishers are going about it all wrong. If they want a really big payoff they should have gotten into mortgage lending-even if you suck at it the government gives you money! Maybe online scammers are reconsidering, because there's been a huge spike in banking crisis-related attacks lately.
Sarkozy Gets Pwned
Google Translate says the French word for pwned is pwned, which is no fun at all. Let's say instead French President Nicolas Sarkozy's cybersecurity gets a big red l'échec épique (epic fail). Le président's bank account was hacked.
Spam Down As Scammers Save Up For Christmas
In general, malware and spam declined a bit in September. Don't get your hopes up. With the holiday season approaching, digital ne'er-do-wells will be ramping up production.
Careful, YouTube Can Be a Puper
A Trojan horse Puper isn't what it sounds like-if you're like me, you thought Of course that's how they got out! When security researchers start using phrases like "porn-spewing malware," they don't make it sound much better.
Security Expert Warns Of Rigged Election
Security vulnerabilities in electronic voting machines threaten to skew results in the upcoming national election, says a Republican security expert. Stephen Spoonamore has come forward as a whistleblower willing to testify in an Ohio court case stemming from the 2004 Presidential elections.
P2P Sites Spreading Obama/McCain Malware
Beware of downloading campaign videos via peer-to-peer networks like LimeWire and FrostWire. A large percentage of them may be carrying something worse than mudslinging.
EvilFingers Srike Again At Google’s Chrome
Security researchers at EvilFingers.com, who identified the first security vulnerabilities in Google's beta web browser, Chrome, have delivered a proof of concept demonstrating malicious agents could exploit a memory exhaustion denial-of-service attack.
Brad Pitt Most Dangerous Man On Internet
Brad Pitt may be pretty, but he's also the guy most likely to give you something…on your computer. He and Justin Timberlake are considered the most dangerous men on the Internet, according to a recent McAfee report.
Study Shows People Too Hasty With Popup Warnings
Student behavior in a study on popup warnings at North Carolina State University bodes ill for the rest of the population: most were so eager to remove popup obstacles to their tasks, they didn't care how they got rid of it. If in the wild, such impulsive behavior could have earned them some malware.
Update: Palin’s Hacker Identified
Well, that didn't take long. The Anonymous hacker who broke into Sarah Palin's Yahoo email address has been identified as the son of a Tennessee state representative. And as postulated earlier, he gained access via the "forgot my password" security function.
What Palin’s Email Hack Means To You
Regardless of how you feel about Alaska Governor and John McCain's running mate Sarah Palin using a Yahoo email account to conduct official state business, you likely joined many in gasping at the audacity of a team of anonymous hacker vigilantes.
Spies Caught Spying On Spies Via Spyware
There's been a bit of an uproar in Hungary over some spyware installed on computers at the country's national security office.
Back To School Malware Botnets
Back to school season carries its own traditions: shopping, homework, decreased social networking, and now botnet malware attacks on US schools and government organizations.
Greek Hackers Aim To Teach CERN a Lesson
At the rate they're going they could end the world next week. So mark your calendars. But please-please oh please-stop trying to hack their systems. Only they know how to prevent a black hole from sucking us into oblivion, and messing with their junk is just a bad idea, right?
Google’s Having Fun With Numbers
Nobody's going to challenge Google's skill with math-its algorithm is currently on the path toward world domination-and the company's banking on those mad skills dizzy privacy and security experts and, more importantly, regulators to push their new anonymizing standards proffered to the EU. In addition to better ads and search results, Google justifies its need for such data by efforts to fight search worms.
London Is Too In Canada, Obama’s Not In Ukrainian Blue
Sophos is reporting two sensationalist, malware-carrying emails circulating cyberspace, one involving an explosion at a London nuclear facility and the other purporting to have a dirty Barack Obama video. As you might guess, both are bogus and carrying nasty surprises.
McAfee Takes Security To The Clouds
McAfee unveiled its new Artemis Technology, which utilizes cloud computing technology to address security threats in real time. The company claims Artemis "dramatically increases the level of computer security."
Germany Shrieks At Google Datenkrake!
There's nothing more entertaining than a bunch of ticked off Germans. The melodrama, the propaganda, the beer-fueled outrage spilling into their lederhosen; the last time Germany sounded this upset they…oh, never mind. Maybe the chants of "Datenkrake!" spawning from Google's beta release of Chrome should be taken seriously after all.
Microsoft Gives Advance Notice Of Critical Updates
Microsoft plans to issue a security bulletin next Tuesday, September 9, about critical vulnerabilities affecting various Windows-based systems.
Botnets Increase Four Fold Over Summer
Both the number of botnets and the size of individual botnets have quadrupled in the past 90 days, according to security researchers. Despite the sudden influx, spam and malware has not increased correspondingly, making the case more mysterious.
Word To The Wise: Don’t Fire Your IT Guy
In case you didn't know, it's kind of important to be nice to your IT staff. You know why? Yeah, you know why; they have access to everything and can sink or expose your entire system. And guess what? A recent survey pegs 88 percent or 300 IT security pros as willing to take you down with them in a blaze of data.
Next Malware Breeding Ground: Online Games?
You know the bad guys are after your money and identity via traditional methods already. Did you know security experts are warning against attackers going after your or your kids' virtual currency?
BGP Exploit Is Big Uh-Oh For Internet
As far as possible security exploits this sounds pretty bad. Well, not just "possible" and not just "bad." A demonstrated exploit of the internet routing protocol BGP (Border Gateway Protocol) is potentially catastrophic to the Internet.
No, Hackers Didn't Hijack Your Baby
The somewhat romantic myth about honor among thieves is hereby debunked. The latest attempt at wriggling into your system comes in the form of a ransom note.
Best Western Hack Worst Exaggeration In History?
Best Western says rumors of its pwning are greatly exaggerated. That's likely true, given the heaps of superlatives weighting down a Sunday Herald exclusive claiming an Indian hacker helped the Russian cyber mafia make off with $5 billion of guest money. We're guessing the hacker didn't get nearly a fair enough cut.
Madonna Lust Could Lead To Infection
Not that you would, but don't get all excited about an email from MSN about has-been pop starlet Madonna in a new sex tape. The link leads to (whodathunkit?) the wrong kind of Trojan.
Scientists Prove Uncrackable Quantum Concept
Some mind-blowingly smart scientists from the University of Michigan, US Naval Research Lab, and the University of California at San Diego, have figured out how to use lasers to trap an electron in a dark state. That means lots of things, but from a security standpoint, it also means computers based on quantum technology would be uncrackable by conventional machines.
Judge Overturns Injunction Against MIT Researchers
IT pros shouldn't rely on discoverers of security flaws to keep quiet about it; sometimes glory (or competition) outweighs etiquette. They shouldn't rely on the courts to keep researchers quiet about it either-a Massachusetts judge just overruled a gag order against some crafty MIT researchers.
Competitor Tells Paper, Not Rival, About Security Flaw
Used to be you just had to worry about hackers, journalists, and security firms exploiting and making public any security flaws in your system. Now you have to worry about competitors.
Mac Spyware Hijacks Clipboard
The recent increase in Mac popularity has made it more of a target. The most recent attack comes in the form of spyware and operates by hijacking users' clipboards to spread links to malicious sites.
Holidays Are Good For Phishing
All the online holiday shopping is fertile ground for online scammers looking to fence a few ill-gotten dollars from unsuspecting consumers.
Half of Chinese Malware Seeks Gamer/IM Passwords
If the malware originated in China, then chances are it was designed to swipe your username and password. And most of those are targeting gamers.
Wikipedia Page Hijacked By Worm Creators
The German version of Wikipedia became a target for malicious hackers who created an article about how to vaccinate against bogus new worm. The link to the supposed fix within the article was actually a link to malicious code.
Malware Gets t.A.T.u'd
Security company Sophos is reporting that an email Trojan is circulating via an attachment promising photos of the Russian school girl lesbian pop duo t.AT.u.
The Happy Hacker Goes To Google
Google's newly launched Code Search is proving useful for finding website vulnerabilities, but also for locating potty-mouth coder insertions.
Would You Like McSpyware With That?
We'll give McDonald's the benefit of the doubt and call this a colossal blunder rather than a sinister plot. Not very good options are they? Details are sketchy so far, but apparently 10,000 lucky Japanese winners got a Trojan virus along with their new McMP3 Players.
McAfee Acquires Citadel
McAfee, Inc. announced it will acquire all of the assets of Citadel Security Software Inc. for approximately $56 million in cash, plus an estimated $4 million in working capital reimbursement.
Everybody Failed The Spam Quiz
McAfee says that though consumers may be more Internet-savvy than ever, they're still highly susceptible to spam. The security company unveiled the results of its first-ever "spam quiz," showing that consumers misjudge whether a Website will keep email addresses private.
New Strain of Stration Worm Targets VML Flaw
Sophos reports that a new version of the Stration worm, called the W32/Stratio-AN worm, is "aggressively" spreading via email systems.
Let Us Spam You, Please
One of the e-commerce buzz phrases is "permission based marketing," and spammers are latching on to the concept in a sneaky way. In a ploy to collect email addresses, this band of spammers offers a Steve Irwin video tribute. Price of admission: your email address and an agreement to let them spam you.
ID Theft Task Force Nearer To Resolution
President Bush's Identity Theft Task Force, formed by Executive Order in May of this year, announced the unit's interim recommendations for cracking down on the problem. The final plan will be presented to the President in November.
EMC Secures Storage Through RSA, Network Intel
EMC Corp. finalized a pair of acquisitions last week, a shopping spree that adds RSA Security and Network Intelligence to its subsidiary list, as well as both companies' information security capabilities.
Elite Torrents Pirate Convicted
A Pennsylvania man pleaded guilty in federal court to copyright infringement charges for his involvement with the peer-to-peer site Elite Torrent, a service that made Star Wars Episode III: Revenge of the Sith available for download six hours before its theatrical release.
Spammers Invoke "Research Project" For Email Addies
Sophos reports a new tactic being used by spammers to harvest email addresses. The scam begins with an email asking for recipients to forward email chain letters to the sender as part of an email chain letter study.
Phishers Target Barclays Clients
Panda Software has issued an "orange alert" warning against a large scale phishing attack targeting clients of Barclays Bank's online services, with at least 61 variants of a spoof email. The company estimates that the number of emails in circulation is several million.
Software Pirate Downloads Seven Years
The owner of a "massive" software piracy site was sentenced in federal court on Friday to 87 months in prison, following prosecution by the U.S. Department of Justice.
Spammers Promise Nude Gambling
It's not that it's not interesting, it's just illegal. Australian security firm Sophos is sending out the warning of online casinos spamming inboxes with promises of live nude dealers.
Dozens of Vulnerabilities in Firefox?
Security software company Klocwork's Adam Harrison claims to have uncovered 655 defects and 71 potential security vulnerabilities in Mozilla's Firefox web browser. A Mozilla developer fired back, calling the analysis bogus.
Symantec Opens Vault Of Compliance Services
Symantec unveiled its Enterprise Vault Discovery Accelerator 6.0 (EVDA), an extension of the company's Vault e-mail and file archiving software. The company says the product was updated for compliance with e-discovery requirements as dictated by the Federal Rules of Civil Procedure (FRCP). The new rules are scheduled to take effect in December.
Spammers Enlist Subliminal Messaging
The spam includes an embedded multi-framed GIF graphic, which is new technique used to bypass spam filters, recommending recipients buy stock in a company called Trimax. Every 15 seconds, the word BUY!!! flashes briefly (but not really briefly enough to be intended for the subconscious level).
Pump-And-Dump Spam Invites Companies to Join Up
A new spamscam is making the rounds inviting recipients into organized crime. Sophos calls it a "pump-and-dump" stock spam campaign offering the chance, for a percentage fee, to manipulate stock prices.
You Don't Know Where That Girl's Been
Vicky Willington, a newly arrived college student, is looking to hook up while in Australia, and is marketing herself via email. A word to the gullible, Internet romance doesn't work that way, and Vicky has a much different Trojan in mind.
New Zombie King Gets 3 Years
The latest "zombie king," or botnet hacker succeeding the jailed zombie king before him, was sentenced to three years in prison by a US District judge in California.
AOL 9.0 Labeled As Badware
You'd think AOL'd be doing everything in its power to ensure its reputation doesn't take any more damage. If you had thought that, you were wrong. An investigation into the company's latest free software offering, AOL 9.0, has it labeled as "badware" for a laundry list of anti-user behavior.
iPod Email Is Trojan Horse
Security company Sophos sent out the warning this morning of a Trojan virus accompanying email spam claiming to have charged recipients' accounts for an iPod.
Students Expose Themselves On Education Site
During what it called a routine software upgrade, the U.S. Department of Education said a glitch may have exposed the personal information of some 21,000 students looking to make payments on their student loans.
College Students ID Theft Targets
The National Crime Prevention Council (NCPC) is warning college students that credit card companies aren't the only ones looking to take advantage of post-adolescent ignorance and irresponsibility. They should also be on the look out for identity thieves on campus.
Pirate Gets Six Years; DOJ Gets His Stuff
A software pirate received one of the longest sentences ever imposed for piracy in the United States, and got community service to boot. Of course, the only thing the Department of Justice hates more than theft, is flaunting your score.
Phishers Want To Be Your iFriend
SophosLabs is warning Web surfers that email phishers have added adult web cam users to their usual target of online bankers.
UK Teen Gets Grounded For Spamming
A 19-year-old revenge spammer was sent to his room for two whole months by a British court this week. David Lennon will be monitored via an electronic monitoring device while under curfew, or risk a stiffer sentence - like taking his Xbox and TV away.
Sophos Releases Free Anti-Rootkit Tool
Sophos announced this week the availability of free downloadable rootkit detection and removal software. The program also warns if removal of certain rootkits will negatively impact the infected PC. The offering is intended for use on Windows NT/2000/XP/2003 operating systems.
DOJ To Launch Online Predator PSA Campaign
The US Department of Justice, headed by Attorney General Alberto Gonzales, announced this week it will launch a campaign aimed at educating teen girls about the dangers of online predators.
Judge Rules Wiretapping Prog. Unconstitutional
A federal judge ruled the Bush Administration's wiretapping policy unconstitutional on Thursday, as a violation of free speech, privacy, and provisions for separation of powers as listed in the Constitution.
Parents Take Responsibility For Kid Safety Online
The vast majority of parents polled believe responsibility for ensuring kids' Internet safety rests with themselves and schools, but not the government. The poll, commissioned by Cable in the Classroom and conducted by Harris Interactive, was released at the Back-to-School Media Briefing held at the New York City Public Library.
BlackBerry Hack Attack Scheduled For Next Week
Secure Computing Corporation issued a warning that organizations that have installed their BlackBerry server behind their gateway security devices could be subject to a hacking attack when security researcher Jesse D'Aguanno is scheduled to release the code for his BlackBerry hack next week.
AOL Offers Free Anti-Virus Download
Amid the drama associated with AOL's accidentally-intentional release of hundreds of thousands of users' search histories, the nearly simultaneous release of the company's free anti-virus offering may have been overlooked.
Netscape Responds To Hacker's Claims
The hacker that cracked Netscape's cross-site scripting (XSS) vulnerability and used it to deface the company's answer to Digg.com maintains that he tried incessantly to contact Netscape about the problem to warn them before hand. Netscape thinks he didn't try hard enough.
Did Netscape Ignore XSS Flaw?
Hackers claim to live by codes. No matter what people think of "D," who hacked the new Digg-style Netscape, he insists it was done for good, not evil. Besides, says D, they had it coming. He gave them ample warning about their security problem.
Microsoft Finishes Swallowing Whale
Microsoft announced that its acquisition of Whale Communications Ltd. is complete and will offer a discount immediately on incorporated Whale products. This includes Whale Intelligent Application Gateway, Connectivity Modules and Application Optimizers.
Netscape Hacked, Professor Denies Sexiness Claims
Some apparent Digg.com fans hacked into Netscape.com using a Cross Site Scripting vulnerability (XSS), creating snarky popup messages directing Netscapers to go elsewhere.
Symantec Warns VARs About Limiting Prospects
The sales team at Symantec, taking a hard look at opportunities within the value added reseller (VAR) market, indicated that its security partners need to be more aggressive in looking for opportunities to expand their offerings.
FBI Wants To Tap Your Internet
Were you aware that American citizens had elected the FBI to Congress? Did you know the FBI could draft legislation? Apparently the law enforcement agency can and has produced a bill that will expand wiretapping initiatives to Internet service providers and network builders in order to make it easier to eaves drop.
Watchdogs Join Up To Fight ID Theft
Identity theft prevention company LifeLock has joined forces with the National Crime Prevention Center (NCPC) to raise awareness of and promote the prevention of ID theft through the United States.
Data Security Replacing Malware as Top Concern
Guarding sensitive data has become top priority among IT professionals, replacing concerns about malware, according to a recent study sponsored by Apani Networks.
AOL Releases PC Security Babysitter
AOL has released a free downloadable program that checks the status of a computer's security programs, like anti-virus, firewall, and spyware protection, to see if they are up to date. Called Active Security Monitor, the program assigns a "security score" to PCs scanned and suggests a course of action.
Google Pharmacy Email A Fake
Imagine a Google logo, the O's replaced with little blue pills. If you received an email promoting the new Google Pharmacy, delete it right away. It's an attempt to phish through your pockets in a few different ways.
VoIP Hacker Raises Security Concerns
A man who operated an intricate scam to hack Internet VoIP services and resell the connections made at least one major mistake; he flaunted his riches in the state/country in which he orchestrated it.
Kaz/Symantec Team Up For Australian SMB Security
Symantec and Australia-based Kaz, the ICT and IP services subsidiary of Telstra, have teamed up to offer Symantec Operational Services to Australian small and medium businesses (SMBs) through Symantec Global Consulting Services.
Mozilla Says IE 7 Won't Beat Firefox Security
One of the chief selling points (if a free browser can have a selling point) of Mozilla Corporation's Firefox browser has been its reputation of being more secure than Internet Explorer. Preaching to a choir of open-sourcers at the Red Hat Summit, the company said it expects to maintain that advantage.
Ernst & Young Loses Hotels.com Laptop
A theft of an Ernst & Young laptop has exposed the personal information of about 243,000 Hotels.com customers. An E&Y Texas employee, who was in charge of auditing Hotels.com accounts, left the laptop in a car.
Vista Security Software Free Trials Available
Two security software makers have made available free anti-virus software for those testing the beta version of Windows Vista, through an arrangement with Microsoft.
Symantec To Launch Public Beta of Norton 360
Symantec's upcoming consumer PC security service, codenamed Genesis, will be renamed Norton 360 and will be available for public beta this summer. The company says the service is part of a broader next generation security vision they've dubbed Security 2.0.
Next Firefox Release To Include Anti-Phishing Tool
One of the more exciting features being touted in Mozilla's upcoming Firefox 2.0 "Bon Echo" browser is the anti-phishing tool that will be implemented, courtesy of Google.
Skype Issues Patch For URI Flaw
A flaw in the Windows-based Skype client was identified by Australian security firm Security Assessment last week that allows a hacker to transfer files from a Skype-user's computer. The flaw was not announced, however, until Skype could issue a patch.
Veterans Get Advice About ID Theft
If you are a US veteran or know one affected by the recent theft of information on some 26.5 million people, it is important to be proactive to prevent identity theft. The information stolen is very valuable to shadier types looking to get a hold of your nest egg.
Retailers Not Trusted To Protect Identity
About half those polled said they trusted retailers very little or not at all to protect their personal information from identity thieves. Banks, on the other hand, have almost the complete faith of the public, according to a recent survey looking into how active U.S. adults are at preventing identity theft.
OU Servers Open To Hackers For A Year
Administrators at Ohio University were surprised to find out from the FBI that not only were three servers containing very sensitive personal information hacked, but that they'd been wide open for over a year. School officials called it a failure of polices and procedures.
Watch Out For MySpace Scammers
Users of MySpace.com, who are usually warned of sexual predation, are being warned of a new threat: phishing scams and spoofs aimed at getting personal information from users. As membership increases to upwards of 75 million members, it may be an increasingly attractive target.
What To Do If You've Been Phished
Last week the University of South Carolina announced it had accidentally made public the Social Security numbers of 1,400 students. In response, the National Crime Prevention Council released a list of tips intended students and faculty to prevent identity theft, but will serve us well in situations like this in the future.
IE Cumulative Security Update Issued
Microsoft issued a cumulative security update for Internet Explorer, replacing several earlier security updates. The Redmond, Wash.-based company rated the update "critical."
Oracle Slips How To Attack Own Databases
Oracle is trying to figure out two things: who published information about a security flaw in their databases on their Metalink knowledgebase before they had a patch for it; and how to get out a patch for the flaw as quickly as possible.
IE Can’t Handle Content-Disposition HTML
A flaw in Internet Explorer was made public yesterday by security architect Darren Bounds. The flaw is in how IE handles downloading files with Content-Disposition.
Dept. Of Homeland Insecurity: Website Outs Air Force One Details
A document containing sensitive information about Air Force One's anti-missile capabilities, interior maps, location of Secret Service agents onboard, and how to detonate medical facility oxygen tanks came from an unlikely source - a United States Air Force website.
VeriSign Launches Mobile Data Backup Service
VeriSign, Inc. announced VeriSign Backup Plus, which automatically backs up and restores personal data on mobile phones. Cincinnati Bell will be the first carrier to offer the hosted, self-care service.
Identity Theft 20X Bigger Problem Than Reported
A new report issued by the US Dept. of Justice's Bureau of Justice Statistics (BJS) reveals that the Federal Trade Commissions (FTC) initial 2004 identity theft report missed severely missed the mark, according to the National Crime Prevention Center (NCPC).
Biggest UK DVD Pirate Ring Busted
British authorities have broken up what they say is the largest film pirating operation ever uncovered in the UK. On Wednesday, a coalition of police, trading authorities, and film industry, raided a factory containing over 500 DVD burners and arrested five people.
Akonix Launches New IM Security For SMBs
Instant messaging security company Akonix Systems unveiled a new line of IM security appliances aimed at the small to medium sized business (SMB) sector, along with a couple of other appliances for IM management and file sharing protection.
Mobile Security Lags In N. American Business
Only a third of North American businesses have deployed security software to protect their mobile data, according to a survey conducted by the Economist Intelligence Unit. That puts the continent well behind Western European and Asia-Pacific markets in terms of mobile security.
US Govt. Reports eBay Vulnerable To Phishing Attacks
EBay users should take action to update their Web browsers to help protect themselves against phishing attacks, according to a report published yesterday by the U.S. Computer Emergency Readiness Team (CERT), a division of the US Dept. of Homeland Security.
Cube Said To Be Spam Zapper
The latest buzz in spam protection is around Spam Cube - an apparent cyberbug zapper. Plugged into your computer, the big square box requires no software or installation
Symantec Launches IM Security Product
Symantec announced Monday the release of its enterprise instant messaging protection service, called the Symantec IM Manager 8.0. It enables organizations to control the use of public IM services and enterprise RTC platforms and manage compliance with legal and corporate governance policies.
New ConsoleWorks Thinks ‘Out Of The Box’
TECSys Development Inc (TDi), a provider of security event management (SEM) and regulatory compliance products, unveiled a preconfigured version of their ConsoleWorks software designed to work "out of the box".
Some Would Rather Fix Than Prevent
A recent report reveals that more companies would rather spend money cleaning up the aftermath of an attack on their network security than deal with it proactively. The report, from CSO Magazine Security Sensor, states that security education is now only the third most important priority for security chiefs this year, due to the costs associated.
This USB Will Self-Destruct
Authenex, provider of authentication e-security applications, announced the release of the v4 A-Key token, a driverless USB storage device can be taken anywhere and used on any PC without installation. The device is designed to "self-erase" if an unauthorized person tries to access it.
RFA Touts Avinti For “First Instance” Protection
Avinti Inc. and Richard Fleischman & Associates (RFA) announced a new partnership that looks to go beyond day-zero and provide "first-instance" e-mail outbreak protection for hedge-fund companies.
Temporary Patch Released For IE Flaw
A highly critical exploit is circulating via a flaw in Microsoft's Internet Explorer (IE) Web browser. Until Microsoft releases its own patch, eEye Digital Security has released it's own downloadable one.
Winny The Rue: Japanese Virus Exposes File Sharers
It's no secret the Japanese take their work home with them. Many live in company apartments that further blur the boundaries between their professional and personal life. But for the past two years, a computer worm has exposed the sensitive information of every field - and the man with the skills to stop it is facing jail time.
P2P Worm Identified
A new worm is catching the attention of computer security agencies. W32/Inject-H spreads via peer-to-peer networks, acting as a backdoor Internet Relay Chat (IRC) to exploit Windows-based computers.
Russian Site Busted Selling Pirated eBay User Info
The old iron curtain closed on a Russian website last week after it was found to be offering pirated eBay seller PayPal account information. Noticed and reported by security software company Sunbelt, eBay took measures to have the site taken down.
How To Fight a Pirate
The Russian boxer looks severely, coldly, machine-like into his opponent's eyes and says, not unlike a combine would, "I must break you." This is not Ivan Drago, though, it's a software manager with a hard lesson for a pirate.
‘Sophisticated’ Trojans Found In the Wild
Several security companies have issued warnings about two recent exploits that take advantage of weaknesses in Windows and Internet Explorer to steal user information, including passwords for access to bank accounts, email, and insurance information.
Kazaa and Others Flunk Badware Test
StopBadware.org, a consumer protection initiative developed to combat spyware, released its first Badware Watch List report since the organization's launch in January of this year. Kazaa, MediaPipe, SpyAxe, and Waterfalls 3 all flunked.
Watch Out For IRS Phishing Net
The National Crime Prevention Council (NCPC) is warning taxpayers to watch out for cyber crooks posing as the IRS to steal personal information. The IRS and Treasury Department have reported an increase in "phishing" scams this year.
VeriSign Admits To Profiling
VeriSign unveiled this week its Security Risk Profiling Service, a security package aimed at helping enterprises identify, visualize and quantify information security risks. The service provides a "holistic" view of threats, vulnerabilities, network access policies and business impacts by generating a risk score based on those factors.
Crimeware Trojan Detected
PandaLabs has detected a new Trojan called Trj/Briz.A, whose main aim is to steal personal user data from affected computers. This code stands out because it specializes in stealing bank details and data from web forms and that its author customizes the code for hackers.
Study Shows IE More Vulnerable To Spyware
A new study found that one of every 67 webpages exploits a vulnerability in Internet Explorer. One in 62 domains contained at least one scripted drive-by download attack.
Help Take A Bite Out Of E-Crime
The pros at WebProWorld have compiled a nice list of reporting agencies and law enforcement websites where concerned Netizens can drop a dime on the punks bringing this town to its knees. Read that sentence again, but imagine I have a voice like McGruff, the Crime Dog.
DeepSight Wins Best of the Tests
Symantec's DeepSight Alert service was chosen the "Best of the Tests" by Network World in the security management category. Symantec's early warning service came out on top in a competitive review in which Network World editors evaluated a broad range of security management technologies and vendors.
Telehouse To Host Security Boot Camp
Telehouse America, with co-hosts ADVA Optical Networking, CIBER, IBM, and OCG, announced BOOT CAMP @ TELEHOUSE Center workshop on March 31st. The event will be held at TELEHOUSE's headquarters at The Teleport in Staten Island, New York.
Cisco Buys IP Surveillance Company
Cisco Systems announced a definitive agreement to acquire privately-held SyPixx Networks, Inc. of Waterbury, Connecticut, for approximately $51 million in cash and options.
Ensuring A Safer Password
How original are your passwords? Surely, you've signed up for an online account somewhere and after searching the darkest corners of your mind for a clever user name have entered it in to learn that an unnerving number of people had matched your creativity.
FTC Adds ID Theft Quiz To Site
The Federal Trade Commission is helping consumers test their knowledge about protecting their personal information and responding if their identity is stolen by adding a new quiz to the FTC's OnGuardOnline website.
Windows One Care Live Released; Concerns Remain
Following other successful models of beta release, Microsoft has rolled out a beta version of Windows One Care Live, a free online security suite. Coupled with a beta version of Windows Live Safety Center, a free scanning and PC health service, the online security measures are intended to combat ongoing malicious software aimed at Microsoft products.
PSP Modifiers Beware; You Might Kill It
Silicon.com reports that hackers have cracked Sony's mega-popular Playstation Portable, inserting code that wrecks the gadget making it unusable.
FTC Wants Online Consumers To Be OnGuard
The Federal Trade Commission has partnered with Microsoft, eBay, the Direct Marketing Association (DMA), and three other government entities to launch a new multimedia, interactive consumer education program to help the public improve their online security practices.
AOL Releases Spyware/Adware Protection
America Online launched a spyware protection packaged today designed to find and block 28,000 known types of spyware and adware.
FixingEmail.org Builds Citizen Army Against Email Scams
In the first half of 2005, there were 237 million separate security attacks via email, translating to 54,000 attacks an hour. In July, FixingEmail.org was launched, an online community devoted to rooting out the troublemakers.
Iconix Launches Email Security Software
Yesterday, Iconix, Inc., released icon-based visual email identification software that tags incoming emails with company logos to confirm the email's authenticity in an effort to combat phishing scams and spam.
Watch Out For IM Malware
IMlogic has issued a warning about two specific instant messaging and peer-to-peer threats circulating by exploiting weaknesses in MSN Messenger.
Mobile Malware Will Be a Social Disease
Dad, I've got a problem. It burns when I text.
As the mobile phone generation graduates and begins classes in Smart Phone University, the risks of contracting certain "social" viruses will be on the rise.
History’s Most Successful Hacker To Be Extradited
The United States has begun extradition proceedings for an alleged British hacker, accused of hacking into almost 100 US military and NASA computer networks.
Busted: Israelis Arrested For Industrial Espionage
It all began with Israeli author, Ammon Jacont, suspecting his ex-son-in-law of spying on his computer and distributing unpublished works on the Internet. The ensuing police investigation unraveled a much larger case of industrial espionage that indicated blue chip Israeli companies.
Feds Set Their Target On BitTorrent
When "Star Wars Episode III: Revenge of the Sith" became available for download hours before the theatrical release, the Force departed from users of the increasingly popular BitTorrent technology. Federal agents have launched a Death Star styled offensive on file sharing website owners and users.
CIA Tests Cyber Warfare Response
The CIA is concluding a three-day Internet war game today that they've kept under wraps until now, according to the Associated Press.
A New Wave of Malware: Ransom-ware
The digital age brings a new type of invisible thief, a cyber cat burglar who is getting trickier by the day. The latest break-in, an isolated but probably telling incident, happened in San Diego.
FTC Cries For Help Against Zombies
Zombies' haute cuisine has changed from brains a la teenager to spam a la maison, and the FTC is asking for ISPs for help.
Is the US Ready For Cyber Warfare?
With the exponentially growing military capability of the United States, it is becoming increasingly difficult for enemies to create and maintain a physical military strike.
Insider Hating: New Study Examines Employee Sabatoge
Driven by the rage that comes with being busted down a few ranks, and then fired for abusive treatment of coworkers, a system administrator of a defense manufacturing firm set off a logic bomb that deleted his former company's sole copy of the critical software from the server.
Bankers Beware: 43% Have Been Phished
According to a survey to be released next week by First Data Corp., up to 43% of have been "phished" for personal information. Five percent of those took the bait.
Japanese Hostage Will Not Deter Mission
Japanese Minister of Defense Yoshinori Ohno said Japan's humanitarian mission would remain on course, unaffected by a militant group's taking hostage of a Japanese citizen.
US and China Disagree On N. Korea
With concerns mounting about an imminent North Korean nuclear test, the United States, China, and South Korea have all called on Kim Jong-Il to resume talks. But the US and China have differing opinions about exactly how to persuade him to do so.
Donation Offered For Iraqi Hostage Release
At the close of a 72 hour deadline for Australian troop withdrawl from Iraq, the brother of hostage Douglas Wood offered a "generous" donation to the people of Iraq for his release.
US Soldiers Arrested In Columbia
Two American soldiers are being detained by Columbia police on allegations of plotting to traffic ammunition to paramilitary forces.
Pakistani Forces Capture Al-Qaida No. 3
With the aid of US intelligence, Pakistani security forces have arrested the successor of Khalid Sheikh Mohammed (KSM), third in command for Al-Qaida.
FBI Plugs Pentagon Leak
The US Dept. of Justice announced today that Pentagon analyst Lawrence Franklin, 58, has been arrested and charged with giving classified information about potential attacks on US Iraqi forces.
Iran Continues to Ignore UN; Claims Rights To Nuclear Energy
Flying in the watchful faces of the UN, EU, and US, Iran announced it would continue its pursuit of nuclear technological development, including uranium enrichment.
Microsoft’s Palladium Features Reduced For Launch
Microsoft announced at the Windows Hardware Engineering Conference that it would offer a scaled down version of its anticipated Next-Generation Secure Computing Base (NGSCB) in time for Longhorn's release in 2006.
State Department Keeps Report Under Wraps
On the same day that the National Counterterrorism Center (NCTC) released a report indicating that the number of terrorist attacks tripled in 2004, the US Dept. of State reported that global terrorism remained a "significant threat." .
Information Super Pirate Ship?
Two hundred years ago, if you offered a pirate on the high seas a chest full of names, addresses and personal information, Black Beard would have made you walk the plank-unless the list was inscribed on pure gold.
Blair Under Scrutiny About Pre-War Dealings
Election years play tough music for incumbents to face. For British Prime Minister Tony Blair, this year is no exception.
Frozen Computers Embarrassing Trend
Oops. Japanese antivirus company, Trend Micro, released a computer freezing update Friday afternoon for Windows XP Service Pack 2 users.
SPAM Hits Record Highs
Perhaps the following scenario will sound familiar. You sit down at your desk in the morning, click on MS Outlook to check the morning's messages. You have 38 unread messages. You ask yourself, "Do I know 38 people?" The short answer is no.
|
|
iEntry 10th Anniversary
RSS
Archive
