InfoSec News 2012-01-20

Posted by on Jan 20, 2012 in ISN | 0 comments

InfoSec News for Friday January 20, 2012.

  1. Mozilla pushes browser-based alternative to passwords
    Give us your keys to look after, we’re lovely: Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.
  2. Federal Reserve contractor charged with source code theft
    A U.S. Federal Reserve contractor has been charged with copying the source code of software that keeps track of large exchanges of money between U.S. government agencies.
  3. Feds charge 7 in ‘massive’ case against Megaupload online piracy ring
    A day after thousands of websites went on strike protesting controversial anti-piracy legislation in the U.S., federal authorities today announced they have busted a pirate ring that allegedly hauled in $175 million.
  4. Feds cuff coder accused of US bank source code swipe
    Alleged thief ‘nicked $9.5m software to train his students’: A computer programmer has been charged with stealing source code worth $9.5m from the Federal Reserve Bank of New York, according to the FBI and prosecutors.
  5. Spam-squirting hole found in McAfee antivirus kit
    Ironic server-side flaw exploited, patch promised: McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.
  6. U.S. drone strikes kill senior al-Qaeda official Aslam Awan in Abbottabad
  7. Fed websites back online after Anonymous attack
  8. Hackers retaliate over Megaupload
  9. Anonymous retaliates for Megaupload shutdown, attacks DOJ, others
  10. 2012 business worries
  11. Fed sites online after Anonymous attack
  12. Phone-hacking settlements by Rupert Murdochs News Corp. top $1-million
  13. Hackers attack FBI, Justice Department websites after file sharing service shutdown
  14. U.S. shutters Megaupload, hackers retaliate
  15. U.S. Justice Department site taken down by hackers over Megaupload shutdown
  16. Advertising: The Push for Online Privacy – Advertising
  17. SOPA Getting a Face-Lift: How Evil Will It Be?
  18. Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software
  19. Microsoft takes aim at rootkits, misses
  20. NSA Releases SE Android With Better Sandboxing, Access Control Policies
  21. SITA First To Achieve PCI Security Compliance For Passenger Processing
  22. Metasploit Exploit Module Released For PLC SCADA Devices
  23. More source code stolen, says Symantec
  24. Feds Shutter Indicts, Shutters Megaupload
  25. McAfee due to patch spam relay problem in cloud product
  26. IE URI encoding behavior facilitates XSS attacks, researchers say
  27. HBGary And HP Enterprise Security Partner To Deliver Advanced Threat Intelligence On The ArcSight Platform To Combat Targeted Attacks
  28. Koobface botnet goes down, suspects scurry to erase tracks
  29. Barclays: 97 percent of data breaches still due to SQL injection
  30. More source code stolen, Symantec
  31. Iraq okays death penalty for 2009 Baghdad bombings convicts
  32. Facebook Users Hit By Money-Grubbing Malware

InfoSec News 2012-01-19

Posted by on Jan 19, 2012 in ISN | 0 comments

InfoSec News for Thursday January 19, 2012.

  1. Japanese cops cuff six smut-scam ransomware suspects
    Victims forced to pay stiff charges: Japanese police have arrested six suspected cyber-crooks over a one-click billing fraud scam that allegedly targeted sweaty smut surfers.
  2. Facebook, experts spar over Ramnit worm contagion
    Security boss says stalking site is free of bank account-raiding malware: Facebook has downplayed the significance of Ramnit, a recently discovered worm that attempts to steal login credentials for the social networking site.
  3. Careless care charity loses unencrypted patient data stick
    Whoops, won’t happen again: A care provider with offices in the Isle of Man and Northern Ireland has committed to improving its data protection standards after losing a memory stick containing unencrypted patient data.
  4. Alcatel-Lucent, Arbor Networks partner on DDOS mitigation
    Alcatel-Lucent is now offering a router with technology from Arbor Networks that defends against distributed denial-of-service attacks, the two companies said on Wednesday.
  5. Secunia sets six-month deadline for vulnerability disclosures
    Vulnerability research firm Secunia announced that, effective from the beginning of the year, software vendors will have a six-month deadline to fix vulnerabilities reported through its Vulnerability Coordination Reward Programme.
  6. Alleged Muscovite cybercrime daddy hauled in to face US court
    Feds allege pre et fils duo scooped $100ks using malware: A suspected Russian cyber-crook has arrived in the US to face charges of security fraud, computer hacking and ID theft following his deportation from Switzerland.
  7. Lock your online doors
  8. Senate to Consider Cybersecurity Overhaul
  9. RSA, unapologetic, looks to move beyond The Breach
  10. Anti-malware code’s spambot flaw
  11. Twitter users targets of social spear phishing
  12. McAfee bug could turn PCs into spam servers
  13. Facebook, Security Investigators Unmask Five Men Behind Koobface Crime Ring
  14. William Watson: A teachers lesson
  15. Internet SOPA/PIPA Revolt: Dont Declare Victory Yet
  16. Zappos, Amazon hit by lawsuit after a hacker attack on the online shoe retailer
  17. LOLing Our Way to Internet Freedom
  18. SOPA, PIPA Still Threaten Internet Operations Even Without DNS Filtering
  19. Symantec Confirms Source Code Stolen in 2006 Breach It Didn’t Know About
  20. SOPA, Internet Regulation, and the Economics of Piracy
  21. Senators change sides on SOPA/PIPA issue
  22. USB Drive Security: 10 Tips for Guarding Enterprise Data
  23. Costa Concordia captain claims he tripped and fell from sinking ship into lifeboat
  24. Supreme Court Says Congress May Re-Copyright Public Domain Works
  25. New Facebook attack targets e-cash users
  26. SOPA Web Protests Sure to Inspire Malware Distribution Scams
  27. Google, Wikipedia Lead Protests of SOPA, PIPA Across Web
  28. How to Kill SOPA, PIPA While Building Consensus for Sensible Legislation
  29. Symantec admits its networks were hacked and source code stolen
  30. Symantec Confirms Hackers Breached Network in 2006
  31. Yangs exit from Yahoo may remove barrier to Asia asset sale
  32. Wikipedia, Google, Others Protest SOPA, PIPA
  33. Google blacks out its home page in support of Wikipedia SOPA protest
  34. DoD ID cards under attack
  35. How Facebook Took Down Koobface Malware
  36. Questioning of incoming data crucial for security awareness

InfoSec News 2012-01-18

Posted by on Jan 18, 2012 in ISN | 0 comments

InfoSec News for Wednesday January 18, 2012.

  1. MegaSearch Aims to Index Fraud Site Wares
    A new service in the cyber underground aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools.

    A glut of stolen card data has spawned dozens of stores that sell the information. The trouble is that each store requires users to create accounts and sign in before they can search for cards.

    Enter MegaSearch.cc, which aims to let fraudsters discover which fraud shops hold the cards they’re looking for, without having to first create accounts at each shop. This underground search engine aggregates data about compromised payment cards, and points searchers to various fraud shops selling them.

  2. NYT names five Koobface botnet suspects
    Trojan coins millions for its masters, say researchers: Five suspected masterminds behind the infamous Koobface botnet have been unmasked in a move abetted by Facebook to put the heat on cyber-crimelords.
  3. New stealthy botnet Trojan holds Facebook users hostage
    Victims must pay $25 to get back into stalkerbase: A new strain of cybercrime Trojan is targeting Facebook users by taking over their machines and shaking them down for cash.
  4. Symantec backtracks, admits own network hacked
    Symantec today backed away from earlier statements regarding the theft of source code of some of its flagship security products, now admitting that its own network was compromised.
  5. Facebook may let you share what you do off-site
    Speculation is swirling that Facebook is getting ready to announce a way to combine information on what users do on, and off, the social network.
  6. Police charge man with fraud over phoney computer orders
  7. Why Weve Censored Wired.com
  8. Clamor for cloud apps increases corporate data breach risk
  9. Zappos data breach response a good idea or just panic mode?
  10. Stuxnet and Duqu part of assembly line: researchers
  11. Oracle Accused of Downplaying Database Flaws, Severity
  12. Google ‘Good to Know’ Campaign Touts Web Privacy, Security
  13. Smartphones, Tablets, Android Are Why Malware Is Going Mobile in 2012
  14. Oracle Patches 78 Bugs in January’s Critical Patch Update
  15. Coastguard begged Costa Concordia captain Francesco Schettino to return to ship after crash, recording shows
  16. Russia faces violent revolution if it doesnt embrace democracy, billionaire Putin challenger declares
  17. Why is Wikipedia staging a blackout and what is SOPA?
  18. Vivian Krause: Oil sands money trail
  19. A SOPA/PIPA Blackout Explainer
  20. Google’s ‘Good to Know’ Is a Great Online Privacy Resource for Business
  21. Israeli and Palestinian hackers trade DDoS attacks in rising cyber-gang war
  22. Bits Blog: Even Big Companies Cannot Protect Their Data
  23. Zappos Breach Illustrate the Need for Stronger Password Rules
  24. New Sykipot Variant Targets Defense Sector Smart Card Credentials
  25. GFI Software Enhances Dynamic Malware Analysis
  26. Canadians ignoring brands on social networks
  27. Hacktivists expose personal info of T-Mobile staff
  28. Cambridge company Launches Ultra-Secure 3rd Generation Networked SCADA System
  29. Supreme Court Rejects Student Social-Media Cases
  30. Email, Personal Information on PlayBook Left Vulnerable to Hackers
  31. Threat incidents and security wins in 2011
  32. Facebook ‘Koobface’ Malware Gang Unmasked — Sophos Releases Exclusive Research
  33. Brazen Brazilian hackers opening cybercrime schools
  34. Wikipedia Planning SOPA, PIPA Protest Shutdown
  35. 10 Security Trends To Watch In 2012
  36. Collection of information key to thwarting APT attacks
  37. Symantec Announces Intelligent Information Governance To Mitigate Risks And Free Information
  38. U.S. online piracy bill headed for major makeover
  39. Facebook to name and shame Russian Koobface gang
  40. Collection of information key to thwarting APT attacks, report

InfoSec News 2012-01-17

Posted by on Jan 17, 2012 in ISN | 0 comments

InfoSec News for Tuesday January 17, 2012.

  1. Phishing Your Employees 101
    A new open source toolkit makes it ridiculously easy to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one can be abused by miscreants to launch real-life attacks.

    The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a login page — with a single click, and ships with an easy-to-use phishing lure creator. An education package is bundled with the toolkit that allows administrators to record various metrics about how recipients respond, such as whether a link was clicked, the date and time the link was followed, and the user’s Internet address, browser and operating system. Lists of targets to receive the phishing lure can be loaded into the toolkit via a spreadsheet file.

  2. NSA constructs hardened Android, unleashes it on world
    Vicious apps squashed by super-spook mobile OS: The US Defense Department’s The National Security Agency (NSA) has released a security-hardened version of Google’s mobile OS, Android.
  3. Japanese boffins fear virus nicked spacecraft blueprints
    Tokyo, we have a problem: Japanese space engineers have admitted one of their computers has been infected by a Trojan that may have leaked sensitive data, including system login information, to hackers.
  4. GAME: Our website wasn’t hacked!
    Leaked account login details are bogus, says chain: Video games purveyor GAME says it has not been hacked after reports yesterday claimed that the retail biz had suffered a security breach.
  5. Taxman two months late on cyber-crimefighters deadline
    HMRC still wants our dosh on time though: HMRC has missed a key deadline to create teams of cyber crime investigators and launch initiatives to counter the increased threat of web attacks on the authority’s systems and customers.
  6. Security challenges for the finance sector
  7. Survey: Security deployments, training reduce cyberattack wipeouts, downtime
  8. Chinese hackers target DoD, DHS smart cards
  9. Cyber attacks cost firms nearly US$500K per year, study finds
  10. Call center employee pleads guilty to stealing and misusing customers’ credit card numbers
  11. 44 employees’ names, e-mail addresses, phone numbers, and clear-text passwords dumped on the Internet
  12. 5,294 e-mail addresses, MD5 passwords, and usernames dumped on the Internet
  13. Visa advises on more secure credit card transactions
  14. Zappos Hacked: What You Need to Know
  15. Hackers breach T-Mobile Web server, leak staff data
  16. Zappos breach affects 24M, opens door for more attacks
  17. Online retailer Zappos warns customers after major hacker attack
  18. Non-US customers kept in dark as Zappos cleans up after data breach
  19. White House Opposes DNS Blocking in SOPA
  20. College and students ravaged by malware for over a decade
  21. College and students ravaged by viruses for over a decade
  22. 24 million email addresses, billing and shipping addresses, phone numbers, the last four digits from credit cards, passwords and more illegally accessed
  23. Zappos gets hacked, resets customers’ passwords
  24. Shopping site Zappos hit by hacker
  25. Hackers target children’s sites
  26. MP quits over Hitler joke video
  27. Russia vows to expose those responsible for Phobos-Grunt Mars probes inglorious end over the Pacific
  28. Pakistan PM Gilani found in contempt of court for suspected corruption cover-up
  29. Hackers strike Amazon-owned site
  30. NASA and ISS data stolen from Japanese space agency

InfoSec News 2012-01-16

Posted by on Jan 16, 2012 in ISN | 0 comments

InfoSec News for Monday January 16, 2012.

  1. DHS media monitoring could chill public dissent, EPIC warns
    The U.S. Department of Homeland Security is engaging in media monitoring activity that achieves no public safety goals and will likely have a chilling effect on legitimate criticism of the agency, a leading privacy advocacy group warned.
  2. Zappos coughs to HUGE data breach
    Up to 24 million users zappwn3d: Online online shoe and apparel outlet Zappos.com has apologised over a massive data breach that exposed the personal details of millions.
  3. Facebook chat phishing attack impersonates Facebook security team
    A new phishing attack that’s spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network’s security team.
  4. US military access cards cracked by Chinese hackers
    Access to buildings and intranets harvested by super-spy Trojan: A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers.
  5. Sykipot Trojan hijacks DoD smart cards
    A variant of the Sykipot Trojan Horse hijacks U.S. Department of Defense (DoD) smart cards in order to access restricted resources.
  6. Kenyan startup claims Google ‘scalped’ its data after staging a STING
    Google smacks back: Mocality’s data was ‘publicly available’: Google has been accused of “fraudulently” accessing a rival Kenya-based business listings database and then attempting to sell the internet giant’s competing GKBO product to that customerbase.
  7. New attacks on Israeli websites
  8. White House blasts Internet piracy bills
  9. Israels stock exchange, airline attacked by website hackers
  10. Hackers attack Israels stock exchange, national air carrier
  11. Q&A: RSA’s Art Coviello reflects on last year’s big data breach
  12. RSA chief: Last year’s breach has silver lining
  13. Zappos hacked, info of 24+ million customers may be compromised
  14. Zappos Latest Company Hit by Data Breach
  15. San Francisco City College systems infected for over a decade
  16. RSA security breach has improved security measures
  17. Facebook Security impersonated by hackers in chat phishing attack
  18. Small medical practices greatly at risk for data breaches
  19. White House Blasts Internet Blacklisting Bills
  20. Microsoft’s Trustworthy Computing, Security Still Priority 10 Years Later
  21. Chinese ‘attack US DoD Smart Cards’ with Sykipot Malware
  22. Obama administration joins the ranks of SOPA skeptics
  23. Nortel trial to open old wounds
  24. Where Nortel went wrong
  25. Were senior executives scapegoats for Nortels demise?
  26. Confessions of a Mossad spy
  27. Customers’ account administration e-mail, account names, dates of birth, contact numbers, postal addresses, passwords, and credit card details may have been accessed by hacker
  28. Rep. Smith Waters Down SOPA, DNS-Redirects Out
  29. Podiatrist used names and identity information of approximately 200 nursing home patients as part of Medicare fraud scheme
  30. Office of the Privacy Commissioner retrieved hundreds of medical records that were scattered amongst debris in an abandoned rural property belonging to a doctor who had been disciplined
  31. Banking information and other data from perhaps tens of thousands of students, faculty and administrators were exfiltrated overseas by numerous viruses that were on systems for over a decade
  32. Symantec accused of selling “scareware”
  33. Nevada State Bar Investigating Copyright-Troll Righthaven
  34. 342,000 records of subscriber/customers, including 315K e-mail addresses and phone numbers, 85K dates of birth, and 27K MD5 passwords dumped on web
  35. Microsoft to scale up its threat intelligence sharing
  36. Syria tank attack on border town leaves at least 15 dead, add to civil-war fears
  37. Oracle Plans 78 bug Fixes in January’s Giant Critical Patch Update
  38. Facebook chat-based phishing attack impersonates Facebook Security
  39. U.S. still using RQ-170 Sentinel drones despite capture by Iran
  40. Expired Digital Certificates: A Management Challenge
  41. Sykipot Malware Steals Pentagon Smart-Card Credentials
  42. TSA Air Marshal Arrested for Stealing Boston Occupiers iPhone on the Eve of Eviction
  43. Complaints about online traffic slowdowns increasing: CRTC
  44. Arab League braces for civil war as protests erupt across Syria
Page 18 of 30« First...10...1617181920...30...Last »