InfoSec News 2012-02-22

Posted by on Feb 22, 2012 in ISN | 0 comments

InfoSec News for Wednesday February 22, 2012.

  1. How Not to Buy Tax Software
    Scott Henry scoured the Web for a good deal on buying TurboTax. His search ended at Blvdsoftware.com, which advertised a great price and an instant download. But when it came time to install the software, Henry began to have misgivings about the purchase, and reached out KrebsOnSecurity for a gut-check on whether trusting the software with his tax information was a wise move.

    Five days after Henry purchased the product, blvdsoftware.com vanished from the Internet.

  2. Spam crashes to historic low as malware explodes on mobiles
    Android Trojans soar, Mac viruses fall off a cliff: The volume of malware samples detected by McAfee passed the 75 million milestone late last year, the Intel-owned security firm reported this week.
  3. Crap PINs give wallet thieves 1-in-11 jackpot shot
    What are the odds? Cambridge boffins work it out: Four-digit banking PINs are almost as insecure as website passwords, according to a study by Cambridge University computer scientists.
  4. Councils spunk 515m in 4 years on CCTV
    Hey big spender, Birmingham: UK local authorities spent a total of 515m installing, operating and maintaining CCTV between 2007-11, according to the privacy campaign group Big Brother Watch.
  5. ICO ‘enquiring’ about Google’s system for serving 3rd-party cookies
    Questions after Microsoft slams Chocolate Factory on privacy: Microsoft has claimed that Google has been serving third-party cookies capable of tracking users’ online behaviour even when those users have adjusted settings in the Internet Explorer browser to prevent it happening.
  6. IBM arms robo-sysadmin QRadar with virus know-how
    X-Force gear combs through 13 billion threats a day: IBM is beefing up its enterprise security offerings by creating a security platform that is aware of real-time virus information, meaning that the system will be much quicker at recognising new threats.
  7. News of the World hacker named after court block lifted
    Murdoch editor Andy Coulson fingered as key contact: A man accused of hacking into the computers of a former British Army intelligence officer on behalf of a News of the World editor has been named as Philip Campbell Smith, also a former British Army intelligence officer.
  8. Experts: RSA weak keys flaw restricted to network devices
    Primal fear: Analysis Flaws in the way some of EMC’s RSA security division encryption keys are generated are down to a weakness in generating random numbers that’s restricted to network devices rather than digital certificates on websites, according to both RSA and cryptographic researchers.
  9. Burlington, Ont. named riskiest Canadian city to go online
  10. Symantec’s PCAnywhere Vulnerable to Source Code Attack
  11. Megaupload CEO Kim Dotcom Granted Bail in New Zealand, But Banned From Net
  12. Anonymous says power grid concerns are U.S. gov’t spin
  13. How the European Internet Rose Up Against ACTA
  14. Akamai Kona Site Defender Security Service Blocks DDoS Attacks
  15. Anonymous, Hacktivists Try to Break the Internet: A Recap
  16. CounterTack Launches Event Horizon 3.1 Platform and Three Intelligence Solutions Aimed At In-Progress Advanced Cyber Attacks
  17. Webroot Rolls Out Cloud-Based Endpoint Security
  18. Researchers defeat video CAPTCHA antispam tests
  19. Megaupload founder Kim Dotcom faces new charges over file-sharing website
  20. Fake RIAA copyright violation notification serves malware
  21. Google now facing class-action suit over Safari cookie circumvention
  22. When is a cybercrime an act of cyberwar?
  23. Can crowd sourcing shake up education?
  24. Malware surpassed 75 million samples in 2011

InfoSec News 2012-02-21

Posted by on Feb 21, 2012 in ISN | 0 comments

InfoSec News for Tuesday February 21, 2012.

  1. Home Sec splits Border Agency after passport checks fiasco
    May: Secure ID suspension lacked ‘ministerial consent’: Blighty’s Border Force is to be divorced from the UKBA following a series of embarrassing passport check gaffes last summer, the Home Secretary Theresa May told MPs yesterday.
  2. Microsoft claims Google bypassed its browser privacy too
    P3P policy flaw gave automatic access: Microsoft has released data showing that Google has been bypassing the user-defined privacy settings in Internet Explorer by using incorrect P3P identification terms.
  3. Security biz scoffs at Apple’s anti-Trojan Gatekeeper
    Apple dev ghetto fears – plus it only probes executables: Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.
  4. Unions: MoD ‘mad to fire staff while increasing consultant spending’
    Calculator says no but watch the colonels: Analysis UK public-sector unions say that revelations of what the Ministry of Defence (MoD) spends on specialist consultants show that current plans to fire tens of thousands of staff will lead to increased expenditure. Could they be right?
  5. Google plots Chrome web password generator
    How the secrets are stored and recovered is another matter: Google is developing a password-generating tool that will bolt into its Chrome browser.
  6. Unique malware samples broke the 75 million mark in 2011
  7. Online privacy debate falls victim to rhetoric
  8. Anonymous targets Vic Toews over Internet surveillance bill, revives Vikileaks
  9. Syrian dissidents claim government uses malware to spy on them
  10. DDoS attackers target Russian election webcams
  11. McAfee, Xerox Partner on Printer Security
  12. When Is a Cybercrime an Act of Cyberwar?

InfoSec News 2012-02-20

Posted by on Feb 20, 2012 in ISN | 0 comments

InfoSec News for Monday February 20, 2012.

  1. Zeus Trojan Author Ran With Spam Kingpins
    The cybercrime underground is expanding each day, yet the longer I research this subject the more convinced I am that much of it is run by a fairly small and loose-knit group of hackers. That suspicion was reinforced this week when I discovered that the author of the infamous ZeuS Trojan was a core member of Spamdot, until recently the most exclusive online forum for spammers and the shady businessmen who maintain the biggest spam botnets.

    Thanks to a deep-seated enmity between the owners of two of the largest spam affiliate programs, the database for Spamdot was leaked to a handful of investigators and researchers, including KrebsOnSecurity. The forum includes all members’ public posts and private messages — even those that members thought had been deleted. I’ve been poring over those private messages in an effort to map alliances and to learn more about the individuals behind the top spam botnets.

  2. FTC urged to probe Google’s Safari-tracking gaffe
    Choc Factory blames Apple’s browser ‘functionality’ for ad slurp: Google is once again under fire after a Stanford researcher discovered that the search giant and other advertising outfits have circumnavigated the privacy settings of millions of Apple Safari users.
  3. Brit student locked up for Facebook source code hack
    Unfriended, unliked, unfree: A British computer science student was jailed for eight months on Friday for hacking into the internal network at Facebook.
  4. How Google and Apple exposed their Achilles heels this week
    Mobile payments and advertising are rocky ground for the big boys: Analysis In the massive tussle between Apple and Google, it is easy to forget that neither giant (for all their successes) is infallible. They are almost unbeatable in their core markets Apple in device design and user experience, Google in search, advertising and online software.
  5. Anonymous threatens to DDOS root Internet servers
  6. Anonymous threatens root Internet servers
  7. Forensic toolkit with malware analysis technology
  8. How enterprises can help stamp out spambots
  9. Russian polling cameras face DDoS attacks
  10. Admin logins with plain-text passwords plus names, addresses, e-mail addresses, telephone numbers
  11. Iran stops oil sales to U.K., French companies, will sell our oil to new customers
  12. Mac OS X Mountain Lion’s Gatekeeper Not Enough to Fight Malware
  13. iOS, Android Apps Draw Concerns About Children’s Privacy Protection
  14. Google, Mozilla Fix Serious Graphics Library Flaw in Chrome, Firefox
  15. Goldman Sachs Code-Theft Conviction Reversed
  16. Bits Blog: Preparing for DDoS Attacks or Just Groundhog Day
  17. Anonymous Promises Regularly Scheduled Friday Attacks
  18. Secret Service Shuts Down Then Reinstates JotForm
  19. Feds Seize $50 Million in Megaupload Assets, Lodge New Charges
  20. Malicious backdoor in open-source messaging apps not spotted for 3 months
  21. Anonymous hacks FTC over Google privacy, ACTA
  22. Feds Urge Court to Reject Laptop Decryption Appeal
  23. Google Busted With Hand in Safari Browser Cookie Jar
  24. Apple’s new OS X tightens screws on some malware
  25. Lieberman: Cybersecurity Act of 2012 will help us protect critical infrastructure
  26. Trend Micro Releases HijackThis Source Code To sourceforge.net
  27. 8 Lessons From Nortel’s 10-Year Security Breach
  28. Anonymous Antisec hackers break into and bring down FTC website
  29. Kaspersky TDSSKiller review
  30. Cutwail botnet intensifies spam spewing
  31. The 15 worst data security breaches of the 21st century

InfoSec News 2012-02-17

Posted by on Feb 17, 2012 in ISN | 0 comments

InfoSec News for Friday February 17, 2012.

  1. ‘The full harm to Apple cannot be calculated’
    Plus LightSquared’s rage as the FCC ‘changes its mind’: Quotw This was the week when MySpace, which some of you may remember as once being a social network, came back from the dead thanks to its reinvention as a “meaningful social entertainment experience around content” with a million new users signing on since December last year.
  2. DNS flaw reanimates slain evil sites as ghost domains
    Life after death trick could be exploited by cyber-crooks: Analysis Cyber-crooks may be able to keep malicious domains operating for longer – even after they are revoked – by manipulating the web’s Domain Name System (DNS).
  3. Waledac malware returns after two years with password-stealing capabilities
  4. DDoS attackers start targeting IPv6 networks
  5. Shylock financial malware back ‘with a vengeance’
  6. The 15 worst data security breaches of the 21st Century
  7. Cybersecurity bill would create costly regulations, say critics
  8. McCain, GOP Vow Alternative Cybersecurity Bill
  9. How mobile malware is maturing
  10. Birth dates, Social Security numbers and financial data such as income, assets and liabilities to be exposed due to unknown external sources
  11. Analyze mobile apps for malware threats
  12. New powerful bot spreads by email
  13. Fake Facebook notification delivers keylogger
  14. Trusteer warns of Shylock malware resurgence
  15. New US cybersecurity act could be costly for some critical system vendors
  16. Waledac malware branches out into Bitcoin stealing
  17. IPv6 networks targetted by DDoS attackers
  18. Google Chrome update fixes 12 vulnerabilities and patches Flash Player
  19. Birth dates, Social Security numbers and such financial data as income, assets and liabilities to be exposed due to unknown external sources
  20. Foursquare, Twitter Guilty of Slurping User Data: Report
  21. McCain: Cybersecurity Bill Ineffective Without NSA Monitoring the Net
  22. Secret Service Seizes JotForm.com, Nuking Millions of Online Forms
  23. More Patients Support EHRs, But Worry About Privacy
  24. CIA Hunts For Malware In Binary Code
  25. New cyber security bill is bipartisan, but has its critics
  26. Aberdeen Group Sees Classification As Key To Successful Data Loss Prevention
  27. AlgoSec Automates Management Of Next-Generation Network Security Infrastructure
  28. Android Malware Grew 3,000 Percent in 2011: Report
  29. Al-Qaeda has likely infiltrated Syria opposition, behind recent suicide bombings: U.S. intelligence chief
  30. Lawmaker Demands DHS Cease Monitoring Blogs, Social Media
  31. Genetics Inspired Research Prevents Cyber Attacks
  32. Exotic XSS bug in Adobe Flash controlled users’ Web accounts
  33. Acunetix Web Rolls Out Vulnerability Scanner 8
  34. NASDAQ and BATS stock exchange websites hit by hackers
  35. Adobe confirms new zero-day Flash bug
  36. Google Chrome update fixes high-severity vulnerabilities and patches Flash Player
  37. How to Become an Ethical Hacker
  38. Senators Unveil Major Cybersecurity Bill
  39. Adobe patches seven vulnerabilities in new zero-day Flash bug
  40. Vic Toews further embarrassed after Vikileaks cyberfoe gets six times his number of followers on Twitter
  41. Nortel Breach Highlights Security Vulnerabilities of All Enterprises
  42. 45% Of European IT Decision Makers View Security And SLAs As Leading Barriers To Cloud
  43. Customers’ names, e-mail addresses, usernames, and plain-text passwords acquired by hackers
  44. Customers’ credit card numbers acquired by hacker
  45. Customer records with username, password, phone number, address, and bank account info acquired by hacker
  46. 46,000 offenders’ names, Social Security numbers, date of birth, addresses, and criminal offense acquired by hacker; 500 redacted entries dumped on the Internet
  47. 350.000 user records (username, encrypted password, e-mail, full name, country of residence) from porn site obtained via inactive forum and published online
  48. 120 patients’ records were accessed inappropriately by former clerk
  49. The escalating cost of US cybersecurity plans

InfoSec News 2012-02-16

Posted by on Feb 16, 2012 in ISN | 0 comments

InfoSec News for Thursday February 16, 2012.

  1. Flash Player Update Nixes Zero-Day Flaw
    Adobe has issued a critical security update for its ubiquitous Flash Player software. The patch plugs at least seven security holes, including one reported by Google that is already being used to trick users into clicking on malicious links delivered via email.

    In an advisory released Wednesday afternoon, Adobe warned that one of the flaws — a cross-site scripting vulnerability (CVE-2012-0767) reported by Google — was being used in the wild in active, targeted attacks designed to trick users into clicking on a malicious link delivered in an email message. The company said the flaw could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. A spokesperson for the company said this particular attack only works against Internet Explorer on Windows.

  2. ‘Predictably random’ public keys can be cracked – crypto boffins
    Battling researchers argue over whether you should panic: Analysis Cryptography researchers have discovered flaws in the key generation that underpins the security of important cryptography protocols, including SSL.
  3. Sensitive council data sent to hundreds via PERSONAL EMAIL
    ICO fines Cheshire East 80k for data breach: Cheshire East council has been fined 80,000 by the Information Commissioner’s Office (ICO) for failing to have adequate security measures in place when emailing personal information.
  4. Euro data protection: Great for punters, not for biz – MoJ wonk
    Whitehall man seeks views on ‘disproportionate’ draft law: Comment A colleague of mine went to a lecture on the European Commission’s proposed Data Protection Regulation last week*. One of the speakers was John Bowman, Head of International Data Protection and Policy at the UK’s Ministry of Justice. His opening question to the floor was: “How many of you here represent consumer groups?”
  5. Twitter mobile apps storing address books for 18 months
    Company promises fix in next refresh: Twitter has become the latest in a growing list of companies caught storing users data without making it explicit.
  6. Critical IE update dominates Valentines Patch Tuesday
    Explorer patch the only one giving sysadmins the fear: The Valentines Day edition of Patch Tuesday brought nine security bulletins that collectively address 21 software vulnerabilities.
  7. Google tightens its Wallet after PIN reset goof
    Now only proper hackers can steal punters’ dosh: Google has started provisioning electronic wallets again having fixed the more trivial security flaw in its product – though determined hackers will still get in.
  8. Two U.S. drone strikes kill at least 13 militants in Pakistans tribal badlands
  9. Malicious sites increase 240%
  10. Nortel collapse linked to Chinese hackers
  11. Apple Changing App Privacy Policy After Path Snafu
  12. Romanian police arrest alleged hacker in Pentagon, NASA breaches
  13. Hacker TinKode arrested for NASA and Pentagon attacks
  14. Mozilla Warning Certificate Authorities About Issuing MITM SSL Certs
  15. Transcript: Ontario business subsidies are costly, with few results
  16. TSA Denies it Targets Attractive Female Passengers for Body Scans
  17. Pre-Owned MP3 Seller Accuses Capitol Records of Sabotage
  18. Adobe Patches Zero-Day XSS Flaw, Six Other Bugs in Flash Player
  19. Adobe patches Flash because of ongoing attacks
  20. Waledac Botnet Reappears as New Password Stealing Variant
  21. Nortel collapse linked to hacking attack
  22. Lighthouse Security Group Announces Next-Generation Lighthouse Gateway Cloud Identity And Access Management Platform
  23. Application Security Inc.’s New DbProtect Active Discovery Finds Forgotten And Previously Unknown Databases
  24. Twitter feed ‘leaks’ Vic Toews’ alleged divorce details
  25. Websense Adds Modular Chassis That Scales For Large Enterprises And Prevents Data Loss
  26. Commtouch Launches Outbound Spam Protection Module For Parallels Plesk Panel
  27. Catbird, VMware Team On Cloud Sec App
  28. Laptop stolen from nurse’s car contained 500 patients’ names, social security numbers, date of birth, home addresses, medicare ID numbers and diagnosis
  29. Two incidents involving loss of service users’ files during office relocation.
  30. Laptop reported missing by an employee when boarding a plane contained personal data of 16 employees, including details of appraisals and supervision notes.
  31. Unencrypted laptop left on bus contained personal data relating to approximately 325 employees including name, address, date of birth and salary.
  32. Stolen laptop contained child swimming lesson details on 2,300 children
  33. Nortel hackers helped kill company, academic says
  34. Philips reports security breach
  35. Senators Unveil Cybersecurity Bill to Empower Homeland Security
  36. Download InfoWorld’s Malware Deep Dive report
  37. Malware Network Threats Rising, How to Defend Yourself
  38. Yahoo must deal with Asian assets soon, analyst urges
  39. Code from slain spam botnet recycled to steal passwords
  40. Cheshire East Council fined PS80,000 for email data breach
  41. The rise of information stealers and pay-per-install malware
  42. The new and improved Kelihos botnet
  43. Biometric Authentication Business Launches
  44. Porticor Unveils Encryption And Key Management Solution Protecting Cloud Data
  45. Trend Micro Develops Advanced Cloud-Based Mobile Application Scanning Technology
  46. A sessional (contract) worker had his unencrypted personal laptop stolen during a burglary; the laptop contained some sensitive personal data relating to up to seven families.
  47. Council signed undertaking after four separate breaches in a two-month period involving accidental disclosure of personal information
  48. Personal info of 6,845 customers and 686 employees was on three unencrypted laptops stolen in two incidents
  49. Name, address, date of birth, NHS number, school and registered GP of 47 children lost in internal post
  50. City employees’ Social Security numbers accidentally disclosed in response to a Freedom of Information request
Page 1 of 1812345...10...Last »