Twitter hacked again....
By Robert A. on IndustryNews
Twitter has been hacked again and had it's administrative panel (which shouldn't be web accessible) breached. "This week, unauthorized access to Twitter was gained by an outside party. Our initial security reviews and investigations indicate that no account information was altered or removed in any way. However, we discovered that 10...
JavaScript flaw reported in Adobe Reader
By Robert A. on Vulns
"The United States' Computer Emergency Readiness Team (US-CERT) warned users of the ubiquitous Adobe Reader to disable the program's use of Javascript after Adobe warned on Monday that a possible flaw had been found. In a post to its product security blog, the company said it was investigating reports of a...
Log toggling speeds up Cloud Antivirus
By Seth Rosenblatt
By pushing as much resource usage as possible into the clouds, Panda Security's new Cloud Antivirus aims to free up the RAM hogging that plagues many security programs. However, testing the new beta revealed slower-than-anticipated scan speeds when doing an on-demand full hard drive scan. Panda's got a ...
Originally posted at The Download Blog
Swine flu e-mail in Spanish links to data-stealing Trojan
By Elinor Mills
An e-mail referencing a vaccine for swine flu is circulating that includes a link to a malicious file on a Mexican Web site that is designed to steal bank log-in information, security firm SonicWall said on Friday.
The e-mail, which is in Spanish, has a link to the Qhost.NJI ...
Lime Wire tells Congress its P2P software is safe now
By Elinor Mills
In response to the reopening of an investigation into inadvertent file sharing with peer-to-peer software, an executive for Lime Wire told Congress in a letter on Friday that the new version of the program is "the most secure file-sharing software available."
The main investigative committee in the U.S. House ...
Originally posted at News - Digital Media
USPS probes possible mass security breach
By Ariel Bashi
This story was originally published at CBSNews.com.
CBS News has learned of another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose "sensitive and personally identifiable" information may have been viewed ...
Twitter's network gets breached again
By Elinor Mills
Twitter has confirmed that someone broke into its network and gained access to 10 accounts, which appear to include Britney Spears and Ashton Kutcher, according to screenshots posted on a French blog site.
"Our initial security reviews and investigations indicate that no account information was altered or removed in any ...
Facebook hit by phishing attacks for a second day
By Elinor Mills
Facebook stopped a phishing attack on Thursday, its second day in a row of dealing with a worm on the site that lures people to a fake Facebook page and prompts them to log in.
Unsuspecting Facebook users get a message from a friend urging them to "check this out" ...
Cloud Antivirus runs smooth but slow
By Seth Rosenblatt
Earlier Wednesday, Panda Security introduced Cloud Antivirus beta, the first full-featured cloud-based antivirus program. It does two things that make it competitive and unique compared with its competitors that are tied to your desktop: it prioritizes threats based on type, and it attempts to lighten the load that security programs ...
Originally posted at The Download Blog
Panda introduces cloud-based free antivirus
By Seth Rosenblatt
With threats like Conficker fresh in the public's mind, security remains a top concern for Windows users. Panda Security, publishers of Panda Internet Security and Panda Antivirus, is set to take antivirus where it hasn't been yet: into the clouds. Panda Cloud Antivirus ...
Originally posted at The Download Blog
Twitter Admin + Obama + Britney Hacked
By Rik Ferguson on web
A member of an underground forum, going by the name of Hacker Croll made a post on the 29th April claiming that he had compromised the account of a Twitter employee with administrative rights. The intruder did not use any malware or exploit to effect this attack, in his own words: ”I’ve used social engineering only, [...]
UK Government to Tackle E-crime?
By Rik Ferguson on countermeasures
In a news release from the Department for Business, Enterprise and Regulatory Reform (BERR) this week, Consumer Affairs Minister Gareth Thomas has stated that the government will shortly be announcing plans aimed at protecting the public from cybercrime; specifically people who use the internet to pay for goods and services. The government has online fraud and [...]
Amazon Disputes Hacker Claims of Ranking Manipulation
By Darknet on XSS
A while back it was all over the blogs and Twitter that Amazon had somehow demoted Gay and Lesbian themed books to keep them from showing up in searches. There was outrage from all the civil rights folks especially in the LBGT camp (rightfully so if it was true). After that the rumour started the manipulation was [...]
ScreenStamp! - Free Screenshot Tool With Timestamp
By Darknet on screenshot timestamp
What is ScreenStamp! ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen shots. ScreenStamp! [...]
Tech Insight: Back To Basics For Securing Your Outgoing Traffic
One way to leverage your existing infrastructure amid security budget constraints is egress filtering
New Tools Emerge To Ease Enterprise Fear Of Firewall Swapping
Many organizations are forced to stay with their existing firewall because changing vendors would risk disrupting the network and opening new security holes
Microsoft Alters Windows AutoRun Amid Conficker Concerns
Software giant tries to make worm tougher to spread via USB, but Conficker shows no signs of going away
DoJ Cans College Spammers
In Virus and Spyware
A quartet of alleged spammers were indicted by the DoJ late last week, ending a years-long campaign that generated millions in revenues.
IDC - Web-borne Threats Rise, SaaS Follows
In web based malware web 2.0 social netowrking data protection SaaS
A new report issued by IDC finds Web-based attacks on the rise, along with interest in SaaS security services.
Researchers Warn of Nasty Trojan
In Virus and Spyware
A newly emerging Trojan attack could prove as troublesome as some other recent threats, including, you guessed it -- Conficker, some experts warn.
For Malware, All the World's a Stage
In Virus and Spyware
When studying some recent Trojan malware code, researchers at PandaLabs stumbled onto some familiar phrases.
Businesses Struggle with Social Networking
In Virus and Spyware
Social networking sites have created almost as many security concerns for administrators as they have created opportunities for everyone else.
Data sharing's new mandate
A new policy calls on homeland security officials to make intelligence and law enforcement data easier to share by making it more discoverable: here's how the systems might work.
Lawmakers attack cybersecurity on multiple fronts
Some experts advise House and Senate leaders to coordinate their cybersecurity efforts.
Survey: CISOs dish on FISMA
CISOs generally feel "empowered" in their jobs, but believe FISMA is not worth all the work.
Risks bedevil new technologies
Technological advances can bring significant improvements in the way we do our jobs, manage information and collaborate with others, but be careful: Almost every step forward comes with a new set of risks.
Cybersecurity report coming soon
The Obama administration expects to make public in the coming days the results of its 60-day cybersecurity review, according to the official who led that evaluation.
Bills aim to bolster electric grid's cybersecurity
Legislation to be introduced today in the House and Senate would increase the Federal Energy Regulatory Commission's authority to protect the country's electricity grid from cyberattacks.
Science site sees training potential
Education and outreach have been the motivation behind SciLands.org, a virtual community in Second Life dedicated to science and technology, whose members include NASA and NOAA, among others.
Federal Consortium: Something for everyone
The Federal Consortium for Virtual Worlds is looking to address basic challenges with virtual world technology.
Virtual training has risks
Second Life and similar virtual environments have a share of dangers for the unwary agency.
Report: U.S. needs clear policy on cyberattacks
A report by the National Research Council urged the government to form a clear national policy on its possible use of cyberattacks.
Carper introduces bills to reform IT procurement, FISMA
New legislation would reform the security and acquisition requirements for federal information technology systems.
Auditors: Coast Guard, FEMA weak on controls
The Coast Guard and FEMA still struggle with IT control problems, auditors say.
Security experts debate federal approach to cybersecurity
Security experts agree that the nation’s cyber defenses are inadequate, but they disagree about who should have authority for overseeing the protection of the cyber infrastructure.
Swine Flu Subjects and e-Pharmacy Sites
By David Marcus on Spam and Phishing
We have been getting quite a few requests for screenshots of swine flu spams as well as the e-pharmacy sites they link to. Your wish is our command. … The image below is a collection of a bunch of swine flu spams: You may notice several things here. First they are mainly text and links. Next, they [...]
A closer look at a Swine Flu spam
By Guilherme Venere on Spam and Phishing
It’s been just a few days since we started talking about spam using Swine Flu as a way to catch user’s attention to sell pills. This time, however, the message is not very “healthy”: The message above is in Portuguese, and goes like this: “For those who still don’t know, the pictures below show the Swine [...]
Looking at Swine Flu Spam Globally
By David Marcus on Spam and Phishing
Following up on Chris Barton’s excellent blog the other day on swine flu spam, we wanted to take a closer look at the numbers….. Many people may not realize that the words “swine” and “flu” had really not been seen in spam before this past weekend and almost certainly not together in the same subject line, [...]
Laundering as a Service
By Francois Paget on Scams
Money laundering is a process for concealing the origin of funds generated by illegal means. People generally associate money laundering with drug trafficking, gun smuggling, or corruption. But funds misappropriated by identity theft, phishing, and carding also have to be “laundered.” Today, the mushrooming of virtual money (or e-currency) makes the job easier when you [...]
LexisNexis says its data was used by fraudsters
LexisNexis acknowledged Friday that criminals used its information retrieval service for more than three years to gather data that was used to commit credit card fraud.
Two brothers among indictees in $4M spam case
Two Missouri men who made over US$4 million pitching and selling everything from electronics to teeth whiteners to students in more than 2000 colleges and universities have been indicted by a federal grand jury on a variety of e-mail spamming and related charges.
Expert: Cybersecurity incentives, not mandates, needed
The U.S. Congress should look to provide incentives for private businesses to adopt stronger cybersecurity practices instead of creating new mandates, one information security expert told a congressional subcommittee Friday.
Locking out users gives attackers a tool for denial of service
When I was a lad (OK, when I was a young systems engineer of 30 - which is 30 years ago), I was taught that if a user made several mistakes in entering her password, the system should lock her account until a system operator granted access again. The goal was to stop an attacker from guessing at a user’s password without limit.
Spammers pin campaign on swine flu
Swine flu spam is spreading like a virus of its own and recently turned malicious.
IT director pleads guilty to deleting organ donation records
The former IT director for a nonprofit organ and tissue donation center pleaded guilty to a charge that she broke into the organization's computer network and deleted organ donation database records, invoice files, and database and accounting software, the U.S. Department of Justice said.
ProteMac Meter network monitoring app updates interface
ProteMac on Friday announced the release of ProteMac Meter 2.6, a new version of its network activity monitor for Mac OS X. A free update for registered users, ProteMac Meter costs $30.
Mac bomb ticks for security smug users
The ide fixe that Macintosh is impervious to attack could be shattered if cyber-criminals act on their arsenal of 0-day exploits, security experts say.
SnapGear rides again with McAfee UTM re-launch
Sold several times over, the great survivor of the security product world, SnapGear, has made its latest appearance in McAfee colours.
Hacker: I broke into Twitter
For the second time this year, a hacker has gained administrative access to a Twitter employee's account.
Facebook's privacy options
Facebook users -- and their managers -- who are concerned about keeping control of their information should get themselves over to the social network's Privacy Settings page without delay.
Microsoft doctors AutoRun in Windows 7 to stymie Conficker
Prompted by the spread of the Conficker worm through infected USB drives, Microsoft Corp. will unveil changes in next week's public Windows 7 Release Candidate that are designed to stymie such hacker strategies.
F5 adds security touches to Big-IP
F5 has added security enhancements to its Big-IP applications delivery platform. The company, which launched version 10 of the Big-IP software last month, held off on the security additions to the product.
Businesses losing fight against employee apps
Enterprises are struggling to control the use of consumer applications within the workplace, despite the panoply of security tools being used within corporations.
Need open source e-mail security? Get it ASSP!
What is the best way to prevent spam and viruses from entering your inbox? According to its makers, the open source Anti-Spam SMTP Proxy (ASSP) server project takes the honours because of its design and feature set, and best of all it is free and cross-platform.
Pay as you go for security solutions
Antivirus and Internet security software vendor ESET will now allow end-users to pay as they go with its first foray into software as a service.
Spammers Trying To Cash In on Swine Flu Frenzy
Worried about Swine Flu? If so, don't let your fear and anxiety dupe you into clicking dubious links in e-mails. Spammers are increasingly using Swine Flu in subject lines and messages to take advantage of people's fears of the rapidly-spreading Influenza strain, according to McAfee's Advert Labs Blog.
SaaS Web security a cheaper option, McAfee says
Santa Clara, Calif.-based security vendor McAfee Inc. released a software-as-a-service Web security tool for protecting a distributed workforce from Web threats, while rendering IT departments fewer upfront costs in light of current budgetary constraints.
Network security: What do Britney Spears, the Wizard of Oz and the Dark Market have in common?
Security experts say the darnest things: RSA Conference 2009 brings out the unexpected.
'Phantom' withdrawal case concludes in U.K. court
A one-day trial that raises questions about the security of cash cards used in the U.K. and Europe concluded Thursday, with a decision expected in about a month.
New cybersecurity bill for electric grid readied
Amid growing concern over the vulnerability of the U.S. electric grid to cyberattacks, two lawmakers are preparing to introduce new legislation aimed at bolstering the industry's responsiveness to such threats.
China arrests Web site attacker who extorted money
Beijing police have detained a man they say extorted cash from companies after launching cyberattacks on their Web sites, one of a handful of such arrests in China in recent years.
PGP complaint forces ElcomSoft to change booth decor
It isn't the best marketing proposition to sell encryption products next door to a fellow exhibitor who promises they can crack them.
Security pushed to provide ROI
Some security professionals argue that because their profession mitigates risk, it should be excluded from the need to return capital. Moreover, some make the case that project governance could be hijacked and reputation damaged if financial returns, based on an extrapolation of risk reduction, are not delivered.
Centrelink issues $500k unbreakable code for free
Centrelink will release its $560,000 smart card identification protocol for free in an attempt to buy-back security systems based on the technology.
UPDATE: Trend Micro acquiring Third Brigade as part of data-center security strategy
Trend Micro Wednesday announced it’s acquiring Third Brigade, an Ottawa, Ontario provider of host-based intrusion-prevention and firewall software, for an undisclosed price.
Swedish ISP says it will not store customer IP addresses
Swedish ISP Tele2 has decided not to store customer IP addresses in response to customer demand after Sweden implemented a law to make it easier for copyright holders to go after file sharers.
The Kilo-Day threat and mundane security
In the security business we spend a lot of time worrying about the "zero-day" threat that appears out of nowhere and immediately starts attacking a hereto unknown vulnerability.
Bloxx beefs up web content filtering system
Web filtering specialist Bloxx has released a new version of its filtering appliance, which it is touting as a "third generation solution" that offers more protection against encrypted anonymous proxies and no longer relies exclusively on databases for website URLs to block.
Where PCI DSS Still Falls Short and How to Improve It
There's no doubt that the mere existence of a uniform policy -- adopted, recommended and even mandated by such firm rivals as American Express, Visa and MasterCard -- is a huge step forward.
Sri Lankan Army site 'assasinated' by rebels
'Horrible' and 'gruesome'
The Sri Lankan army has said its website was hacked by rebels who posted "horrible and gruesome images."…
Fired IT director admits $94k rampage on organ bank
Revenge served coldly
A former technology director who was fired from a regional organ donation center in Texas has admitted to breaking into her former employer's network and destroying more than $94,000 worth of data.…
US Congress wants hack teams for self-penetration
While girding power grid
The United States Congress this week delved further into the country's cybersecurity preparedness as members introduced two bills designed to protect federal networks and electric power grids from attacks.…
NASA hacker Tenenbaum agrees to US extradition
Analyzer surrenders to US Marshals
NASA hacker turned credit card fraud suspect Ehud Tenenbaum has agreed to surrender to US justice, The Calgary Sun reports.…
Twitter breach gives behind-the-scenes Obama peek
Wanted: Security engineer
Twitter still hasn't come clean, but it appears yet another administrative account on the micro-blogging site has been breached, giving world+dog an inside peek at the accounts of Barack Obama, Ashton Kutcher, and other celebrities.…
Security researchers fret over Adobe PDF flaw
Double danger
Adobe has warned that its Reader and Acrobat PDF software is vulnerable to an unpatched vulnerability.…
Army officer tossed laptops in to the sea
Denies destroying evidence in Iraq mistreatment case
The High Court has heard how an army officer destroyed laptops containing pictures of Iraqis killed in a controversial battle near Basra.…
Security luminaries chew the fat on e-voting
Delorean 'time-machine' lands in Earls Court
Our Infosec show diary on Wednesday brought you news of ripped posters, fire and underpants.…
Firefox finds more pesky bugs
Patches week-old release
Mozilla Corporation has released a new version of Firefox in order to remove a bug found just a week after an updated version of the browser was released.…
ICO acts on student privacy breach
Slapped wrist for Manchester Uni
Manchester University has been censured by the Information Commissioner's Office for publishing personal information about students.…
Minnesota calls for 200-site net gambling blockage
Here we go again
Minnesota officials have ordered 11 internet service providers to block all computers in the state from accessing nearly 200 online gambling sites.…
US military's cyberwar rules 'ill-formed,' says panel
And 'undeveloped.' And 'highly uncertain'
The United States government has yet to form a coherent policy for engaging in warfare that involves attacks on a country's electrical power grids and other critical infrastructure, according to a non-profit group of scientists and policy advisors.…
Hacker behind P2P botnet gets no jail time
Turns to good after spawning Nugache
A hacker who confessed he created one of the world's first botnets to use peer-to-peer technology won't spend any time in prison because of the assistance he's provided to prosecutors.…
Trend taps Third Brigade for security and compliance tech
Purchase pushes security firm into intrusion defence
Internet security firm Trend Micro has acquired security and compliance firm Third Brigade. Terms of the deal, announced Wednesday and expected to close in the second quarter of 2009, were undisclosed.…
ElcomSoft poster provokes PGP apoplexy
Also: Pants, fire
Infosec A row broke out at the Infosec conference on Tuesday after PGP objected to the content of a poster on password recovery firm ElcomSoft's stand, and lodged an objection with conference organisers Reed Exhibitions.…
Security salaries hold up during economic gloom
Kit spending culled but work still plentiful
Information security salaries are holding up well during the economic downturn but capital spending projects are feeling the axe, according to a pair of surveys from training organisation (ISC)2 and specialist recruitment consultant ISS.…
Police want new remote hard drive search powers
New laws aim to tackle backlogs
Cyber cops want new laws to allow remote searches of seized hard drives in the hope they will help reduce long digital forensics backlogs - of up to two years for some forces.…
Patent granted for OLED biometric Flash drive
The mafia's drive of choice?
The development of a self-nuking Flash drive is already underway. But if you don’t fancy blowing up misplaced data in order to keep it secure, then you’ll soon be able to keep files safe with just one finger, or thumb.…
Swine flu spam clogs inboxes
Processed porker porkies proliferate
Spammers are trying to flog dodgy pharmaceuticals on the back of the swine flu epidemic.…
Blunkett to press for cyberwar probe of BT's Chinese kit
Kill button fear
Exclusive David Blunkett is to press national security officials to impose a programme of ongoing testing on equipment BT bought from Huawei, the networking manufacturer with allegedly close links to the Chinese military.…
UK.gov to spend £2bn on ISP tracking
Uberdatabase ditched, but IMP is go
The government plans to spend £2bn for ISPs to intercept details of their customers' emails, VoIP calls, instant messaging and social networking.…
Decrease in Conficker P2P?, (Sat, May 2nd)
Seems to be my day to ask for assistance. ...(more)...
Significant increase in port 2967 traffic, (Sat, May 2nd)
Today one of our Handlers notice an interesting anomaly in the Dshield data. Since late March Dshiel ...(more)...
Password != secure, (Fri, May 1st)
Reading a story on how an attacker broke into the administrative interface to twitter was the follow ...(more)...
Incident Management, (Fri, May 1st)
Continuing on the discussion started here regarding Incident Response and Incident Handling, let's n ...(more)...
OpenBSD 4.5, (Fri, May 1st)
OpenBSD 4.5 has been released ...(more)...
Adobe Flash Media Server privilege escalation security bulletin, (Fri, May 1st)
From their web site: A potential vulnerability has been identified in Flash Media Server 3.5 ...(more)...
Odd packets, (Fri, May 1st)
No. Timenbsp ...(more)...
ARIN Notification Concerning IPv6, (Thu, Apr 30th)
One of our readers, Mike, pointed out a certitifed letter that his organization received from ARIN. ...(more)...
Microsoft Revises 08-069, 08-076, and 09-012, (Thu, Apr 30th)
Microsoft has issued major revisions to the following security bulletins: * MS09-012 - Impor ...(more)...
Office 2007 SP2 is released as well, (Wed, Apr 29th)
Several people have written in to tell us that upon reading my article about the IE8 update, that th ...(more)...
Facebook Phishing attack -- Don't go to fbaction.net, (Wed, Apr 29th)
Matthew writes in to tell us about an article posted over on TechCrunch about a Phishing Attack that ...(more)...
Microsoft is turning off Auto-Run!, (Wed, Apr 29th)
Well, kinda. Yesterday morning Microsoft through their MSRC announced that they were going to furth ...(more)...
IT security skills and certification pay
By Carolyn Gibney
David Foote of Foote Partners talks about the firm's latest skills and certification pay research. Some security skills are holding their own in the tough economy.
Swine flu puts spotlight on pandemic planning
By Marcia Savage
Financial-services firms are monitoring the swine flu outbreak and readying pandemic plans.
Security Squad: Federal cybersecurity defenses
By SearchSecurity.com Staff
Editors discuss the U.S. electrical grid compromise and the restructuring of the federal cybersecurity authority. The Conficker hype and criticism of PCI DSS is also examined.
Swine flu outbreak results in spam pandemic
By Robert Westervelt
Spammers are taking advantage of the swine flu outbreak to trick users into giving up their email address, open a malicious PDF file and even buy a cure.
Despite recession, pay climbs for top IT security certifications
By Carolyn Gibney
The value of security certifications continued to increase in Q1 2009, proving that certs could be a worthwhile investment for those looking to boost their salaries.
Adobe working on patch to correct new zero-day flaw
By SearchSecurity.com Staff
Adobe Reader and Acrobat contain memory corruption errors that could be exploited by an attacker to execute arbitrary code.
Encryption in data management should never be ignored, expert says
By Eric Parizo
It isn't always convenient to encrypt sensitive data as part of an e-discovery process, but a data management expert at the Computer Forensics Show said its use is essential.
Trend Micro to acquire Third Brigade for virtualization, cloud security
By Robert Westervelt
Trend Micro said Third Brigade's technology bolsters its datacenter security strategy by helping its customers protect virtual servers and cloud computing initiatives.
Lawmakers Move to Secure Electric Grid
New legislation would expand the authority of Department of Homeland Security and Federal Energy Regulatory Commission to dictate cyber-security standards and controls to secure the vulnerable electric grid.
- Recent reports that hackers -- both foreign and domestic -- are launching attacks on the nation's power grid have prompted two U.S. lawmakers to introduce legislation that would increase federal authority to secure the electric grid. The Critical Electric Infrastructure Protection Act would d...
Twitter Confirms Hacker Gained Access
Officials at Twitter confirmed media reports that a hacker gained administrative access to the service and used it to view details of multiple accounts. It is the second time this year an attacker has gained administrative access by obtaining a Twitter employee's password, and follows a wave of worm attacks against the service a few weeks ago.
- Twitter co-founder Biz Stone has confirmed a hacker was able to breach security at the microblogging service, marking the second time this year an attacker gained administrative access via an employee's account. According to Stone, an attacker gained unauthorized access to Twitter this week and...
Twitter Hacker Abused Yahoo to Get Administrative Access
A French hacker claims to have accessed Twitter's administrative panel by breaking into the Yahoo e-mail account of a Twitter employee with administrator access and stealing the employee's password. The hacker reportedly was able to view data belonging to President Barack Obama, singer Britney Spears and actor Ashton Kutcher.
- A French hacker reportedly used social engineering to get Twitter administrative access and posted screenshots of data belonging to several high-profile celebrities. The hacker, operating under the handle of Hacker Croll, posted 13 screenshots of Twitter's admin panel. The screenshots include in...
McAfee Profit Up 77%, Results Beat Street View
Security software maker McAfee reports a quarterly profit that beat Wall Street expectations and soared 77 percent as sales at both its consumer and business units climbed. First-quarter net income rose to $53.5 million, or 34 cents a share, from $30.2 million, or 18 cents a share, a year earlier.
- BOSTON, April 30 (Reuters) McAfee Inc, the world's No. 2 security software maker, reported a quarterly profit that soared 77 percent as sales at both its consumer and business units climbed, helping it handily beat Wall Street expectations. It posted a profit, excluding items of 57 cents per sha...
Targeted Malware Attacks on the Rise Says F-Secure
OPINION: What does a targeted attack look like? A good one looks like the documents you read all day long.
- You read a lot about quot;limited, targeted attacks quot; in news about vulnerabilities. It means that attacks using the vulnerability have been observed in the wild very, very few times, like you could count them on one hand. These are usually very high-quality attacks, not the usual garbage y...
With Adobe Reader Zero-Day Circulating, Patching for Older Bug Lags
As users await a patch for the latest zero-day flaw affecting Adobe Reader and Acrobat, they should check to make sure their defenses for other vulnerabilities are up-to-date. Research from Qualys shows that many users have still not applied a patch for the zero-day security hole Adobe Systems fixed in March.
- While Adobe Systems works to patch the recent zero-day bug discovered in its Adobe Reader and Acrobat products, new data from Qualys suggests many users are so behind in patching that hackers needn't feel rushed to exploit the flaw. According to Qualys, there has been no significant reducti...
Anti-virus Moves to the Cloud
OPINION: Vendors such as Panda Security, McAfee and Trend Micro are looking into cloud security approaches. The volume and velocity of malware developments necessitate changes like this, and there are advantages to the cloud approach. It's also a risky move, but it's beginning to look inevitable.
- Panda Security has released a beta of its Panda Cloud Antivirus. It's a free download at www.cloudantivirus.com and there will be a free version of it even after it ships. The idea of a quot;cloud quot; product here is not really a gimmick, even if quot;cloud quot; is the buzzword of 2009. The...
Trend Micro Acquires Third Brigade for Data Center Security
Trend Micro has signed an agreement to buy Third Brigade to extend its data center protection strategy with virtualization and host intrusion prevention technologies. The deal is expected to close in the second quarter of 2009.
- Trend Micro is extending its data center protection strategy with a planned purchase of server and application security vendor Third Brigade. According to Trend Micro, the company is buying the business to accelerate its dynamic datacenter security strategy and to provide customers with access...
Adobe Moves to Fix Reported Vulnerabilities in Acrobat and Reader
A quick response to public posting of a vulnerability shows a better attitude at Adobe. Even so, there are two dangerous unpatched vulnerabilities to worry about.
- Adobe has announced in its Product Security Incident Response Team blog that it has confirmed reports of a new vulnerability in all currently supported versions of Reader on all supported platforms. It states that the vulnerability also affects Acrobat and that it will now develop fixes for all affe...
Windows Vista and Server 2008 SP2 Released to Manufacturing
Numerous performance and feature improvements are included in the new update to be released publicly in Q2.
- Microsoft announced on Tuesday the release to manufacturing of Service Pack 2 for Windows Vista and Windows Server 2008. This is a unified service pack with a single installer for both platforms, simplifying deployment. General availability of this service pack is expected in Q2 of 2009. The not...
Gunter Ollmann: A Botnet by Any Other Name
A Botnet by Any Other Name
Brief: U.S. wiretaps fall for first time in five years
U.S. wiretaps fall for first time in five years
Brief: Image spam up, flu keywords take off
Image spam up, flu keywords take off
Brief: Companies slowest to fix Office, Acrobat flaws
Companies slowest to fix Office, Acrobat flaws
Facebook Boosts Security After Dual Phishing Attacks (NewsFactor)
In business
NewsFactor - Facebook has brought in some soldiers to fight the war against malware and phishing scams on the social-networking site. After two different malware attacks this week, Facebook announced it would begin using San Francisco-based MarkMonitor's antifraud services as an additional layer of protection against attacks.
Cyber crooks churning out trick flu emails (AFP)
In technology
AFP - Cyber crooks are capitalizing on influenza fears with torrents of email promising "swine flu" news but delivering malware or dubious offers for potency drugs or penis enlargement.
- Keep New:
- Posted on: Fri, May 1 2009 5:35 AM
- Email This
- Clip/Blog This
Acquisition Boosts Top-Line Growth At Computer Security Company (Investor's Business Daily)
In business
Investor's Business Daily - You wouldn't know it from McAfee that personal-computer sales and corporate spending on technology are weak.
- Keep New:
- Posted on: Thu, Apr 30 2009 6:28 PM
- Email This
- Clip/Blog This
Spammers flood Internet with trick flu emails: security firm (AFP)
In technology
AFP - Cyber crooks are capitalizing on influenza fears with torrents of email promising "Swine flu" news but delivering malware or dubious offers for potency drugs or…
Internet 'flooded with swine virus spam emails' (AFP)
In technology
AFP - Spam emails using "swine flu" as a keyword phrase have flooded the Internet as opportunists seek to exploit concerns over the outbreak of the virus, a global cyber security firm warned Thursday.
Spammers Trying To Cash In on Swine Flu Frenzy (PC World)
In technology
PC World - Worried about Swine Flu? If so, don't let your fear and anxiety dupe you into clicking dubious links in emails. Spammers are increasingly using Swine Flu in subject lines and messages to take advantage of people's fears of the rapidly-spreading Influenza strain, according to McAfee's Advert Labs Blog.
China scales back IT disclosure demands (AP)
In technology
AP - Beijing has temporarily averted a trade clash with Washington by scaling back a demand for foreign suppliers of computer security technology to disclose how their products work.
No Jail Time for Nugache Worm Creator (PC World)
In technology
PC World - A 20-year-old man from Cheyenne, Wyoming, has been sentenced to five years' probation for creating what researchers called one of the most sophisticated botnet networks of hacked computers in recent years.
Four Indicted in Giant College Spam Operation (PC World)
In technology
PC World - A federal grand jury in Missouri has indicted two brothers and two other people on charges related to an alleged e-mail spamming case that targeted more than 2,000 U.S. colleges and sold more than US$4.1 million worth of products to students, the U.S. Department of Justice announced.
Free Panda Antivirus Beta Draws on Cloud Servers (NewsFactor)
In business
NewsFactor - Panda Security has rolled out a public beta of a new cloud-based antivirus offering that the company says provides advanced protection against new and unknown viruses. Available for a free download, Panda Cloud Antivirus consists of a lightweight AV agent that resides on the user's PC and connects in real time to the company's cloud-based servers.
Panda Security Protects PCs with a Free, Cloud-Based Antivirus Tool (PC World)
In technology
PC World - Panda Security has released Cloud Antivirus, a malware-protection tool that mostly resides on a network cluster instead of your PC. The free tool just installs a small client on your computer to connect online. While a self-described beta, Cloud Antivirus could be worth much more than its free price by the way it cuts your risks and administration costs.
Panda Launches New Free Cloud-based Antivirus (PC World)
In technology
PC World - Panda Security, the Spain-based antivirus software, today released a new free antivirus program called Panda Cloud Antivirus. The "Cloud" appellation comes from its sending data about files to Panda servers on the Internet for scans, instead of using your PC's resources.
PGP Complaint Forces ElcomSoft to Change Booth Decor (PC World)
In technology
PC World - It isn't the best marketing proposition to sell encryption products next door to a fellow exhibitor who promises they can crack them.
Panda Releases Free Cloud-Based Antivirus Solution (PC Magazine)
In technology
PC Magazine - Panda Security on Wednesday announced the release of Panda Cloud Antivirus, a lightweight, free antivirus solution that uses cloud-based technology to identify malware.
Changes in Windows to Meet Changes in Threat Landscape
By MSRCTEAM
Customers have heard us say over the years that the threat environment is an ever-evolving one. That means that one of our jobs in working to keep customers safe is to continually monitor the threat environment and make changes to adapt to it.
Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.). However, the AutoRun task will still be enabled for media like CD-ROM. There are more details on the change over at the Windows 7 blog as well as at the Security Research and Defense (SRD) blog.
The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices. The best known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: there is other malicious software that abuses this feature. You can get more details on this change and others in the threat environment from the Microsoft Malware Protection Center’s blog.
Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media. We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection. Since non-writable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writable) we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.
This change will be present in the Release Candidate build of Windows 7. In addition, we are planning to release an update in the future for Windows Vista and Windows XP that will implement this new behavior.
Thanks.
Christopher
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Kaspersky Enterprise Space Security - Voted WindowSecurity.com Readers' Choice Award Winner - Anti Virus solution
By info@WindowSecurity.com (The Editor)
Kaspersky Enterprise Space Security was selected the winner in the Anti Virus category of the WindowSecurity.com Readers' Choice Awards. McAfee VirusScan Enterprise and avast! Server edition were first runner-up and second runner-up respectively.
HP Integrity rx3600 and rx6600 System, BMC, iLO-2 MP and FPGA Firmware Release Version 4.11 (c01726932)
Critical Customer Advisory (Apr 29 2009)
HP Integrity rx3600 and rx6600 System, BMC, iLO-2 MP and FPGA Firmware Release Version 4.11 (c01726932)
Description
The purpose of this advisory is to announce the release of a firmware package that includes new System firmware 04.11,new BMC firmware 05.24, and new Integrated Lights-Out (iLO) MP firmware F.02.23.
Products and Operating Systems
• HP Integrity rx6600 Servers,HP Integrity rx3600 Servers
• not applicable
View article
Open Cloud Standards – Part 3
By vmtn@vmware.com (VMTN) on Technical Information
Posted by Winston Bumpus Director of Standards Architecture, VMware After last week’s exciting VMware announcements around the first cloud OS VMware vSphere 4, this week we have additional important news around the announcement of the Distributed Management Task Force (DMTF)...
US Cyber Security Needs an Overhaul (April 29, 2009)
Calling the United States' approach to cyber security "broken," "childlike," and "embarrassing," experts in the field are calling for "rethinking how we do
[cyber security ]
.......
US Cyber Warfare Policy Should be Transparent (April 29, 2009)
According to a report from the National Research Council's Committee on Offensive Information Warfare, "the current policy and legal framework regulating use of cyberattack by the United States is ill-formed, undeveloped, and highly uncertain.......
Swedish ISPs Say They Will Not Log IP Addresses (April 28 & 29, 2009)
Tele2 AB, one of Sweden's major Internet service providers (ISPs), will become the second ISP in that country to stop logging users' IP addresses; the decision was made in response to Swedish legislation that makes it easier for copyright holders to obtain identities of users suspected of downloading copyrighted material without permission.......
Nugache Worm Author Sentenced (April 29, 2009)
Jason Michael Milmont, who last year admitted to creating the Nugache worm, has been sentenced to one year of home confinement and five years of supervised release.......
Lawmakers Seek to Increase Federal Energy Regulatory Commission's Authority (April 29, 2009)
Legislation expected to be introduced this week in the US Congress is intended to provide increased protection for computer systems that control the country's critical infrastructure.......
French Legislators to Debate Three Strikes Law Again (April 29, 2009)
The French government has resubmitted legislation that calls for Internet service providers to sever customers' Internet connections if they persist in downloading digital content in violation of copyright laws.......
Four UK NHS Trusts Sign Formal Undertakings for Violating Data Protection Act (April 30, 2009)
Four UK NHS Trusts found to be in violation of the Data Protection Act have signed formal undertakings saying that they will encrypt all mobile and portable data storage devices.......
Adobe Acknowledges Reader and Acrobat Flaws (April 28 & 29, 2009)
Adobe has acknowledged that "all currently supported shipping versions of Adobe Reader and Acrobat, (versions) 9.......
Mozilla Releases Firefox 3.0.10 and Firefox 3.5 Beta 4 (April 30, 2009)
Just one week after releasing Firefox 3.......
West Virginia State Bar Computer Network Breached (April 28 & 29, 2009)
The West Virginia state bar said that it discovered a computer intrusion that penetrated the organization's internal computer network.......
Conficker Now Turning Infected Machines Into Spam Servers (April 28 & 29, 2009)
The Conficker worm is now installing malware called Waledac on infected machines; the malware turns the machines into spam servers.......
British Army Captain Threw Laptops Overboard (April 30, 2009)
British Army intelligence officer Captain James Rands told the High Court that he threw two laptops into the English Channel to destroy them.......
Swine Flu Briefing/Resource and Technical Security Management Newsletter (May 1, 2009)
Information on the Swine Flu is somewhat fragmented and sometimes sensational or incorrect.......
Microsoft Offers Secure Windows ... But Only to the Government
By Kim Zetter
The Air Force persuades Microsoft CEO Steve Ballmer to give it a secure Windows configuration that saves the service $100 million in contract costs and countless maintenance hours. But don't bother looking for it at Best Buy.
Windows 7 Release Candidate Hits the Streets
By Scott Gilbertson
Developers can download the Release Candidate of Windows 7, Microsoft's next desktop operating system. Windows 7 RC1 will be available to the general public as a free download on Tuesday, May 5.
Downtime Deterrent: 24/7 Web Monitoring
Just Uptime's small web monitoring application makes a big difference to clients like Comply Serve Limited.
Phishers Target Facebook Again
Scam tries to steal passwords by getting Facebook users to enter their log-in credentials at a fraudulent site.
Hacker: I Broke Into Twitter
UPDATE: Twitter confirms break-in after a French hacker posts 13 screenshots of a Twitter product manager's admin interface to prove the claim.
How to Land a Six-Figure Software Developer Job
New sites spill the beans on salaries, interviews, and trick questions.
Federal CISOs: Bad Economy Could Create Vulnerabilties
Government security pros focused on external threats
Google Apps Gains LDAP Support
The new feature is likely to appeal to enterprise IT staffers
How to Search in Twitter
If you want to keep track of a current hot topic, say, a mildly interesting topic such as swine flu, how else might you do it?
Microsoft Doctors AutoRun in Windows 7 to Stymie Conficker
But it's not saying when it will make the same changes in XP and Vista.
Why You Don’t Want Windows 7’s XP Mode
Sure, it’s great for business, but there are five reasons why XP mode is not ideal for consumers.
Panel Calls for National Dialog on Gov't Cyberattacks
The U.S. government lacks a comprehensive policy about cyberattacks, a group says
Panda Security Protects PCs with a Free, Cloud-Based Antivirus Tool
Antivirus protection moves off individual PCs and into a network cluster for cheaper, better protection.
Phishers Hit Facebook With Scam Messages
The attack tries to steal Facebook usernames and passwords.
Panda Launches New Free Cloud-based Antivirus
The software maker today released a new lightweight, Internet-based program available for download.
Panda Unveils Free Security Service
Consumers can download a free "thin client" for Windows desktops that pulls the latest anti-malware updates from Panda servers online.
PGP Complaint Forces ElcomSoft to Change Booth Decor
Opposite PGP booth, show organizers remove poster saying ElcomSoft can crack PGP passwords
Feds' red tape left medical devices infected with computer virus
By Stephanie Condon
The Conficker Internet virus has infected important computerized medical devices, but governmental red tape interfered with their repair, an organizer of an antivirus working group told Congress on Friday.
Rodney Joffe, one of the founders of an unofficial organization known as the Conficker Working Group, said that government regulations prevented ...
More Swine/Mexican/H1N1 related domains, (Sat, May 2nd)
Just a reminder to be ever vigilant in your browsing for Swine/Mexican/H1N1 flu information. W ...(more)...
No comments:
Post a Comment