Report: spam-wielding botnets are working 9 to 5
By jacqui@arstechnica.com (Jacqui Cheng) on Symantec
Spam levels have risen over the past month to more than 90 percent of all corporate e-mail, according to Symantec’s May 2009 MessageLabs Intelligence Report (PDF). The latest report effectively communicates the concept of "spam, boy there sure is a lot of it," but goes into detail about the latest trends in spamming activity like botnet activity and the use of social networks.
In May, spam rose by 5.1 percent over April, with 57.6 of it coming from known botnets. One particular botnet called Donbot was named as the most active, and is responsible for 18.2 percent of all spam. Symantec wrote that much of the remainder (42.4 percent) of spam originated out of smaller or unclassified botnets.
Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability
By Robert A. on Vulns
Steve Friedl posted the following to bugtraq this afternoon. "There has been a fair amount written on the vulnerability itself, but there's a large cohort who has no idea if their systems are at risk ("What is WebDAV, and how do I know if I have or need it???"). So I've...
UK Military Exposed to Blackmail Risk Through Lost Data
By Rik Ferguson on countermeasures
The UK military admitted on a television program (Who’s Watching You, BBC2) this Monday(25th May) that they had lost a large amount of highly sensitive information which could potentially exposes high-ranking service men and women to bribery, extortion, compromise, identity theft and fraud to name but a few possible outcomes. The British Royal Air Force reported [...]
WarVOX 1.0.1 Released - Telephony Analysis & War Dialing Suite
By Darknet on warvox
WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, [...]
More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites
Anti-Phishing Working Group research shows how phishers are better covering their tracks -- and what to do when phishers compromise your Website
Insurance Company Endures an HR Website Nightmare
In social security
Aetna, one of the world's largest health insurance providers, had to do something special for its customers following a security "oops" reported May 26 involving its Website. It turns out that a number of human resource-related e-mails containing important personal...
Cheating on Your Security Audits
In Risk Management
Think security pros don't know how to cut corners? Think again. A survey from Tufin Technologies found many security specialists cheat on their audit reports.
Attackers Add Curses to YouTube Comments
In YouTube
Attackers are using YouTube comments to lure users to their spambot infection sites.
US-VISIT tests new approaches to exit system
The Homeland Security Department will begin testing two methods for collecting biometric data electronically from non-citizens as they leave through U.S. airports.
Long-awaited cybersecurity report to arrive Friday, White House says
The report is based on the results of the Obama administration’s 60-day review of the federal government’s cybersecurity policy.
FBI, U.S. Marshals reconnect after security problems
The FBI said its external unclassified network is back online and a U.S. Marshals spokesman said computers affected last week by a virus should be fixed by later this week.
Government Panel Calls For Privacy Policy Overhaul
Report to OMB outlines the creation of a chief privacy officer role and chief privacy officers at every federal agency that already has a CFO.
VMware Invests $20 Million In Terremark Cloud Services
The virtualization giant will own 5% of Terremark, which produces cloud and managed IT services for large companies and government agencies.
Department Of The Interior Can't Locate Many PCs
The federal agency can't locate 20% of its computers and, because it has no encryption requirements, the missing PCs could be vulnerable to data theft or loss.
Who digs the elephant trap?
By Igor Muttik on Web and Internet Safety
It is ironic but the extreme growth rate of malware attacks is actually partly due to how successful AV technology really is. Quite simply - if AV scanners were not so successful in blocking trojans and viruses there would be little need for the bad guys to write new ones. One can even say that [...]
Aetna contacts 65,000 after Web site data breach
Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.
Enterprise Data Security: Definition and Solutions
What is enterprise data security?
Security and regulatory concerns slow some server virtualization efforts
Some organizations, including Stanford Hospital and Clinics, have prescribed a cautious approach to virtualization, mindful that "there's uncertainty" about what’s still seen as a new technology.
Analyst: Mac Java Hack Signals Big Trouble
Last week, security researcher Landon Fuller posted attack code for a Java vulnerability in Apple's Mac OS X that hackers can use. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept," Fuller wrote on his blog.
CIS issues free benchmark on iPhone security
The nonprofit Center for Internet Security today released what it termed the industry's only consensus security benchmark for the iPhone.
Cloud Security Alliance, Jericho Forum sign pact
The Jericho Forum and the Cloud Security Alliance have made a formal commitment to jointly develop and promote best security practices in cloud computing.
BC student to get his computers back after high court throws out search warrant
Massachusetts' highest court ruled there was no probable cause for Boston College police to seize computers from the room of a student who was being investigated for allegedly sending an e-mail claiming that a fellow student was gay.
Twitter gets targeted again by worm-like phishing attack
Twitter users have been tricked into divulging their login and password details to a Web site that then spammed their contacts.
Spammers Work by US Clocks and Target Facebook, Twitter
While many working Americans are heading into the office and starting their day, spammers are busy, too, readying for their next onslaught of junk messages. According to a new report from Symantec, spammers favor the same work schedule as the typical American office worker (Read another report on the findings here).
Swedish politicians challenge EU data retention directive
Sweden is being sued by the European Commission for not implementing a European Union directive requiring network operators to retain details of phone calls and e-mail messages. Instead of hurrying up the implementation process, some politicians view the suit as an opportunity to challenge the directive's consistency with the European Convention on Human Rights.
Latest Kaspersky mobile software wipes data via SMS
Kaspersky Lab's latest mobile security software due to be released next week can wipe data with a text message command even if a thief has swapped out the phone's SIM card.
RIM warns over PDF peril
BlackBerry squash potential
Research In Motion (RIM) has warned of a vulnerability in how BlackBerry servers handle malformed PDF files that potentially leaves the door open to hacking attacks.…
Lost laptop exposes thousands of pension records
Quest to free all world's imprisoned data continues
Exclusive A lost laptop containing the personal data of 109,000 Pensions Trust members has sparked the latest in a growing list of information security breach alerts.…
Dutch cat skinner publishes critics' personal details
Kitty handbag artist tracks hatemailers across cyberspace
The Dutch "artist" who in 2004 turned her pussy into a handbag under the performance art title "My dearest cat Pinkeltje (2004)" has published personal details of those who emailed her expressing their disgust.…
Microsoft fortifies Windows 7 kernel with overrun buster
Safe unlinking coming to a PC near you
Microsoft engineers have fortified the latest version of Windows with a feature designed to make it significantly harder for attackers to exploit bugs that may be lurking deep inside the operating system.…
Fraud guardian uses 'unfair business practices', Judge rules
LifeLock encroaches on Experian operation
Fraud-prevention service LifeLock engages in unfair business practices because it violates parts of a federal law governing the safeguarding of consumer credit reports, a federal judge has ruled.…
Seminal password tool rises from Symantec ashes
L0phtcrack returns
More than three years after Symantec unceremoniously pulled the plug on L0phtcrack, the seminal tool for auditing and cracking passwords is back with a set of new capabilities.…
BNP DDoS 'mega-assault' not actually mega in the least
It was eight, no ten really big lads that jumped me
A supposedly massive denial of service attack against the British National Party website has been exposed as a gross exaggeration.…
Stego in TCP retransmissions, (Thu, May 28th)
I just started reading an intersting new paper out of the Warsaw University of Technology entitled H ...(more)...
More new volatility plugins, (Thu, May 28th)
If you follow our diary at all, by now, you know I am a big fan of volatility for doing analysis of ...(more)...
Host file black lists , (Wed, May 27th)
Henry Hertz Hobbit who maintains a black list of bad hosts wrote in today with some host ...(more)...
WebDAV write-up , (Wed, May 27th)
SusanB wrote in today to tell us about a really good write-up on understanding Microsofts KB9 ...(more)...
International Telecom Union Publishes Cybercrime Legislation Toolkit (May 24, 2009)
The International Telecommunications Union (ITU) has published a toolkit for cyber crime legislation to provide guidance to countries when developing cyber crime legislation.......
French Anti Piracy Law Draws Criticism (May 22, 2009)
France's controversial anti-piracy legislation could see a thousand users lose Internet service every day.......
Committee Calls for National Cyber Security Coordination Center (May 22, 2009)
The National Security Telecommunications Advisory Committee has approved a proposal calling for a national cyber security coordination center.......
Bank Employee Draws 39-Month Sentence in Theft Scheme (May 25, 2009)
A former bank employee has been sentenced to more than three years in jail for attempting to steal GBP 1.......
Guilty Plea on Online Brokerage Account Fraud (May 21 & 22, 2009)
Michael Largent of California has pleaded guilty to wire fraud and computer fraud charges for a scheme in which he opened thousands of phony online brokerage accounts and amassed thousands of dollars from the micro-deposits the companies made to test the authenticity of the accounts.......
Judge Quashes Search Warrant in Boston University Case (May 25, 2009)
A judge in Boston has ordered that computer equipment and other items be returned to a Boston University student because investigators failed to demonstrate probable cause that Riccardo Calixte had committed a crime.......
Defense Department Looks at Expanding Cyber Threat Data Sharing Model (May 25, 2009)
For the last two years, the US Defense Department Cyber Crime Center has acted at the hub for cyber threat information sharing between DoD and more than two dozen major US defense contractors.......
Missing Hard Drives Also Contain Sensitive Personal Information of RAF Personnel (May 24, 2009)
A memo obtained through the Britain's Freedom of Information legislation reveals that three hard drives reported missing from an RAF facility in September 2008 contained more than banking information, as was initially reported.......
NHS Had 140 Data Security Breaches in First Four Months of 2009 (May 25, 2009)
The UK Department of Health said that 140 data security breaches were reported by NHS in the first four months of this year alone.......
Gumblar Responsible for Spike in Drive-By Download Attacks (May 22 & 25, 2009)
The US Computer Emergency Readiness Team (US-CERT) has issued a warning about a significant spike in drive-by download attacks.......
DDoS Attack Causes Internet Outage in China (May 21 & 22, 2009)
A distributed denial-of-service (DDoS) attack on a Chinese domain registrar caused connectivity problems in several of the country's provinces last week.......
RBS WorldPay Is Now PCI DSS Compliant (May 21, 2009)
RBS WorldPay is now certified under Payment Card Industry Data Security Standard version 1.......
Banks, e-commerce sites use device identification to stop fraud
By Marcia Savage
Companies battling online fraud can use device identification technology to help authenticate users and screen out fraudsters.
EMC adds configuration management with Configuresoft acquisition
By Robert Westervelt
EMC said it would move Configuresoft into its Resource Management Software Group. The software could detect configuration changes in both virtual and physical environments.
Is Mobile Security an Oxymoron?
eWEEK Labs does its own investigation of the security of mobile apps such as those from Apple's App Store. Labs found that mobile apps may be broadcasting much more than you know. Indeed, you might say that your smartphone is talking about you.
- A couple months ago, I pondered the security of mobile application transmissions when used over insecure networks, specifically over unencrypted Wi-Fi hot spots. Whereas a mobile device browser shows the little lock so users know SSL is being employed to protect certain data, mobile applicati...
McAfee IDs Most Dangerous Web Search
In a new report, McAfee identifies what popular search keywords are most likely to lead to malware. The answers may surprise you, and give you pause as you search for your favorite song lyrics on Google.
- Last year, Google detected one trillion unique URLs on the Web at once. The vehicle that gets users to those places is search, but within those trillion URLs are a lot of dark alleyways that are home to attackers. According to McAfee, some of the riskiest searches on the Internet today are assoc...
Twitter Gets Targeted Again by Worm-like Phishing Attack (PC World)
In technology
PC World - Twitter users have been tricked into divulging their login and password details to a Web site that then spammed their contacts.
Malware-fighting firewalls miss the mark (InfoWorld)
In technology
InfoWorld - In the beginning was the firewall, and it was pretty good.
Data Breach Exposes RAF Staff to Blackmail
By Kim Zetter
The Ministry of Defence loses three hard drives containing audio recordings with high-ranking air force officers being interviewed in-depth for a security clearance. In the interviews, the officers disclosed information about extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories.
Autonomy Tool Analyzes Data From Facebook, Social Networks
Autonomy has released a new tool that provides companies with a way to mine information from social-media networks.
ID Theft Use of Credit Cards Leaps
Thieves’ use of stolen credit card numbers has more than doubled in ID theft cases, according to a new report, but there’s good news as well.
Twitter Gets Targeted Again by Worm-like Phishing Attack
Twitter users have been tricked into divulging their login and password details to a Web site that then spammed their contacts.
Google Waves Goodbye to E-Mail, Welcomes Real-Time Communication
By Michael Calore
Google unveils a new web app that integrates chat, mail and wikis. It's all in real time — including keystroke reveals of comments in progress.
White House Launching Transparency Blog
In a nod to openness and citizen participation in government, the Obama Administration will also open White House blogs to public comments.
Obama Should Scrap Cybersecurity Czar, Analyst Says
Gartner expert says president's plan to protect nation's computing infrastructure won't work.
Anti-U.S. Hackers Infiltrate Army Servers
Exclusive: Defense Department investigators subpoena records from Google, Microsoft, and Yahoo in connection with ongoing probe.
No comments:
Post a Comment