Analyst: cyberwarfare arms race with China imminent
By segphault@arstechnica.com (Ryan Paul) on security
A congressional commission that reviews economic and security relations between the United States and China held a hearing last month on Chinese intelligence activities that impact national security. During this hearing, security expert Kevin G. Coleman of the Technolytics Institute think tank gave a presentation (PDF) on Chinese cyber-espionage efforts.
He warned that the United States is falling behind in technological defense capabilities and is largely unprepared for what he characterizes as the start of a cyber-warfare arms race. Coleman attempts to describe the threat posed by China's cybersecurity build-up, but how much of it is a sham? Some of his facts are misleading.
Apple hires former OLPC security head to harden Mac OS X
By chris.foresman@arstechnica.com (Chris Foresman) on security
Despite its assertion that Macs don't suffer from the viruses and malware that Windows does in a number of its "Get a Mac" ads, Apple has been criticized for not taking security seriously enough. This is particularly because Leopard does not implement (or implement fully) the same security measures as Windows Vista. Lest you think Apple is hoping that its relatively small market share will keep it safe forever, though, the company has hired former director of security architecture at One Laptop per Child, Ivan Krstić, to handle core security for its operating systems.
Krstić, who is an unabashed devotee of Linux and Python, created the Bitfrost security platform for the OLPC project. The system works by effectively running each application in its own sandboxed virtual machine. Each VM is equipped only with the hardware and network access approved either by a central authority server (such as in a school) or expressly permitted by the user. The system also includes an anti-theft mechanism that prevents a laptop from working once it has been reported stolen or otherwise can't check in with a central "leasing" server.
Lessons Learned from Time's Most Influencial Poll Abuse: Part 1
By Robert A. on IndustryNews
"In a text book case of web applications being abused due to insufficient anti-automation defenses, the Time Magazine's Internet poll of the most influential 100 people was bombarded with various methods to manipulate the results. The WASC Web Hacking Incident Database provides a great overview of the various tactics that Moot...
Apple releases OS X 10.5.7 security updates
By Robert A. on Vulns
"Apple released an update to its Leopard operating system yesterday that comes loaded with a host of security and bug fixes as well as added hardware support. The Cupertino-based firm said OS X 10.5.7 patches several security loopholes related to PHP, CoreGraphics, Apache Web server and the company’s browser Safari. Three...
Hackers steal UC Berkeley health records
By Robert A. on IndustryNews
"The University of California at Berkeley started warning students and alumni on Friday that online thieves infiltrated the school's restricted servers and stole medical records on more than 160,000 individuals. The database exposed by the breach held information on UC Berkeley's students, alumni and staff, including health insurance information and Social...
Facebook members hit by another phishing scam
By Michelle Meyers
In what's just the latest Facebook phishing scam, hackers on Thursday broke into accounts and sent e-mails to friends urging them to log on to fake Facebook sites, according to new reports and anecdotes from members.
The social-networking site is in the process of cleaning up from the hack ...
Pirated Windows 7 RC builds botnet
By Matthew Broersma
A pirated version of Windows 7 Release Candidate infected with a Trojan horse has created a botnet with tens of thousands of bots under its control, according to researchers at security firm Damballa.
The software, which first appeared on April 24, spread as quickly as several hundred new bots per ...
Microsoft patches critical PowerPoint hole
By Ina Fried
Microsoft on Tuesday released a patch aimed to fix a critical vulnerability in PowerPoint that had already led to exploits.
The vulnerability is listed as critical for Office 2000, but rated only as important for Office XP, Office 2003, and Office 2007. However, the hole had already formed the basis ...
Originally posted at Beyond Binary
Apple Macs, no crashes or viruses?
By Rik Ferguson on PDF
That is certainly the case if you believe Apple’s latest advertisement, available here and titled Elimination. “I just need something that works without crashing, or viruses or a ton of headaches.” Apple’s ads have always been amusing, but this won’t be the first time that someone calls them out for also being misleading. To say that there [...]
Trojan in Counterfeit Copies of Windows 7 Builds Botnet
By Darknet on windows 7 rc infected
This latest mass infection is through a vector I really don’t understand, see as though you can legitimately download Windows 7 from Microsoft. I guess people just prefer BitTorrent downloads to HTTP downloads, and whoever had this smart idea capitalized on that. Microsoft should perhaps do something about that and put out a legitimate BitTorrent copy. I [...]
Pangolin - Automatic SQL Injection Tool
By Darknet on web-application-security
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management [...]
Ensuring Data Security During Hardware Disposal
By Darknet on national-security
After our recent story about the trading of BlackBerries for data theft the issue has emerged again this time more towards the secure disposal of data stored on PC hard disks. If a company or organisation has a decent data/information security policy in place (Like ISO27001 for example) they should have a secure destruction/disposal policy as [...]
Insider May Have Breached More Than 10,000 Patient Records At Johns Hopkins
Employee at Johns Hopkins University may be source of identity thefts, report says
Researchers Hack Web Application Firewalls
OWASP Europe presentation demonstrates tools that fingerprint the brand of WAF, as well as bypass it altogether
Pirated Windows 7 OS Comes With Trojan, Builds A Botnet
Trojan-infested counterfeit version of Microsoft's pre-release version of Windows 7 at its peak was infecting over 200 PCs an hour
The Cost Of Fixing An Application Vulnerability
Security experts say enterprises spend anywhere from $400 to several thousands of dollars to fix a single vulnerability in their internally developed Web applications
Ceaseless Threats Pervade Web, Don't Ebb
In Virus and Spyware
McAfee's latest research note finds attacks thriving, driven by botnets, spam and social networking.
Little-Known Botnets Can Pose Biggest Threat
In Phishing and Fraud
While the larger botnets might make the most headlines, it is the smaller ones flying under the radar that can be the most problematic for enterprises.
Web Attacks Surging, AV Lagging?
In Virus and Spyware
Web-based threats remain the order of the day, and standard AV systems are ill-equipped to handle them, reseachers contend.
Terrorist Screening Center gets new director
Timothy Healy is the new director of a center that administers the consolidated terrorist watch list database.
GAO: Secure Flight improved IT security
The Secure Flight passenger screening program has improved IT security and privacy controls in the last five months, auditors say.
Intelligence community wrestles with Web 2.0 tools for information sharing
A new policy calls on homeland security officials to make intelligence and law enforcement data easier to share by making it more discoverable. Here's how the systems might work.
Napolitano wants millions for IT
Homeland Security Secretary Napolitano told a House committee today about DHS' plans to invest hundreds of millions of dollars in IT systems.
IG: DHS data centers at risk
The Homeland Security Department didn't consider risks from hurricanes when it set up its new backup data center in Mississippi, according to a new report.
Information-sharing platform hacked
A DHS official confirmed that the department's platform for sharing sensitive but unclassified information with partner organizations was recently hacked.
Audit: CBP still has problems with IT controls
The Customs and Border Protection agency continues to be weak in IT security, audit states.
FakeAlert Trojan Holds Systems For Ransom
By Avelino Rico Jr and Geok Meng Ong on Web and Internet Safety
In March 2009, we notified our customers on a new variant of the infamous Vundo trojan family which we detected as Ransom-F and raised its risk assessment to a Low-Profiled threat. It was possibly the first indicators of a shift in the FakeAlert criminal model from instilling fear, to holding information technology resources for ransom but certainly not the [...]
NIST to weigh in on cloud security
The National Institute of Standards and Technology is going to weigh in on cloud computing and has started by working on a definition of what cloud computing is.
Most claims dismissed in Hannaford data breach suit
All but one of the legal claims filed against Hannaford Bros. -- the Maine-based retailer that suffered a security breach exposing some four million credit and debit cards -- has been dismissed.
Microsoft puts Mac users at risk with patch policy, says researcher
A security researcher has called foul on Microsoft for doing just what it has thrashed hackers over for years: revealing information that can be used by hackers to hijack computers before a patch is available.
Security logs, medical records found in disused hard drives
A third, or 34 per cent, of disused hard drives still contain confidential data according to a new study, which found missile defence system data and media records on ebay purchases.
Tiger gets security updates
At the same time that Apple released an update to Leopard (10.5), the company also fixed a number of security issues for users running Tiger (10.4).
Adobe fixes security holes in Acrobat, Reader
Adobe on Tuesday patched security flaws in its Acrobat and Reader applications. The updates repair bug CVE-2009-1492, which concerns Adobe's implementation of JavaScript in Reader and Acrobat. That flaw could allow a hacker to create a malicious PDF file that could execute other arbitrary code.
Who will check the security of cloud providers?
The most basic facts about your data – like where it is exactly and how it is replicated – become difficult to find out when you entrust it to a cloud, a new study says.
Full Disk Encryption Comes to Workgroups
Losing your laptop can be expensive in three ways. First, you'll spend hundreds or thousands of dollars to replace the hardware. Second, you'll suffer the time and aggravation of restoring your data, all the while hoping you have everything backed up properly. But most expensive? Surviving the backlash and legal consequences of losing customer data, financial records and private company information.
The regional, cultural and national differences of identity management
Last week's European Identity Conference was, as always, a wonderful look at not only European advances in identity management, but what's happening worldwide. I had the opportunity to host panel discussions that included people from Germany, Holland, Sweden, Norway, France, Italy, the U.K., Belgium, Canada, the U.S., Australia and India. It's a wonderful way to discover that although identity management theory is pretty much the same the whole world over, the practice, or implementation, of that theory has many regional, cultural and national differences.
Microsoft delivers mega PowerPoint patch
As expected, Microsoft today patched a six week-old critical vulnerability in PowerPoint, the presentation maker that's part of the popular Office suite. A fix for Mac versions is coming in June.
Groups rip secrecy over IP protection talks
Secrecy surrounding an anti-counterfeiting trade agreement that's being negotiated by several countries including the U.S., is heightening concerns about the intent of the pact.
AVG Identity Protection
When it comes to protecting yourself against malware, you can't take too many precautions. AVG Identity Protection ($20; 30-day free trial) gives you another security tool to protect against malware threats specifically designed to steal private information such as passwords, bank account information, and credit card numbers.
UC Berkeley Hit With Major Data Theft
If you're a current or former University of California, Berkeley student, and have taken advantage of the on-campus health services at some point in the past ten years, you may want to check your credit report. The university today announced that it has discovered a massive data theft involving 160,000 current and former UC Berkeley students.
Microsoft Closes PowerPoint Zero-day Hole
Microsoft closed a critical PowerPoint hole that that has been under attack since last month, along with 13 other, less-important flaws in the Office application and related software.
Dark cloud computing
Cloud computing offers tremendous promise for the future of computing. In the cloud you will be able to link together remote computing resources to achieve massive amounts of computing without any of the capital infrastructure costs.
Apple delivers jumbo security update for Mac OS X
Apple on Tuesday patched 67 vulnerabilities in Mac OS X, including a pair of flaws that researchers used in March to pocket $5,000 each in a noted hacking contest.
Security management, compliance and the cloud
SIM technology drew in enterprise security managers looking to reduce the noise among multiple security devices distributed in large environments, but lost some ground when IDS and IPS technology gained intelligence. Now cloud providers could get into the security management game.
Implications of proposed Cybersecurity Act of 2009, Part 1
Legislators mean well, but their proposals for regulation of areas that depend on technical expertise always make my hackles rise - even before I've read the details. One of these cases is the occasion for today's and our next columns.
Implications of proposed Cybersecurity Act of 2009, Part 2
Garamella: An effective attack could disrupt or disable elements such as public utilities, including power, water and gas. Ground and air traffic control systems are also potential targets. These critical elements warrant no less protection than defense, finance and healthcare. There is a proliferation of data breaches from all sectors of the cyber infrastructure. Left alone, this situation will only get worse.
Global PC software piracy up because of China, India
PC software piracy was on the upswing in 2008 for the second year in a row, because PC shipments grew fastest in high-piracy countries like China and India, according to a study released Tuesday by the Business Software Alliance.
SMBs vulnerable to security breaches: Symantec
More than half of the 1,425 small and medium sized businesses surveyed by security company Symantec had suffered from security breaches in the last twelve months.
Teenager pleads guilty to Scientology Web attack
A 19-year-old New Jersey man has pleaded guilty to knocking the Church of Scientology's Web site offline in a series of January 2008 online attacks.
As hacking hits home, China strengthens cyber laws
A year ago, when a Time Magazine reporter told Tan Dailin that he'd been identified as someone who may have hacked the Pentagon, he gasped and asked, "Will the FBI send special agents out to arrest me?"
Johns Hopkins to patients: Employee stole data for fraud
Baltimore's Johns Hopkins Hospital is warning more than 10,000 patients after linking a woman working in the hospital's patient registration area to fraud.
Risk management shouldn't be a solo IT project
Recession or not, the protection and management of data remains vital, yet IT can often be perceived as the unpopular enforcer of a risk management strategy, said one IT consultant.
Heartland breach costs at $12.6M - and counting
Revealing how costly the data breach at Heartland Payment Systems Inc. could turn out to be, the payment processor said it has already spent or set aside more than $12.6 million to cover intrusion-related costs.
Unsafe at any speed: Memcpy() banished in Redmond
Larry? Steve? Linus?
Memcpy() and brethren, your days are numbered. At least in development shops that aspire to secure coding.…
Viral web infection siphons ad dollars from Google
Only getting bigger
A compromise that is moving virally across websites is making unwitting people who surf to them part of a botnet that redirects Google search results, a security researcher has warned.…
Hacker claims whaling expedition harpooned Steve Jobs
Alleged Amazon account access
A hacker has claimed he hijacked the Amazon.com account of Steve Jobs by sending the Apple CEO a phony email that tricked him into logging in to a fake website, according to the Cult of Mac blog.…
Ex-OLPC security man rocks up at Apple
Cupertino knits Krstic into security blanket
One Laptop Per Child's former top security architect started a new job at Apple earlier this week.…
Expenses row MPs warned to change cash card PINs
This Bank of Taxpayer cash machine is now closed
MPs and staff are reportedly being advised to "change bank PIN numbers" in order to guard against incidents of fraud arising from the leak of Commons allowance claims.…
Home Sec: No more funds to e-crime unit
Cybercrumbs from the table
The newly established Police Central e-crime Unit is unlikely to get increased UK government funding, according to a response to questions in the House by the Home Secretary on Tuesday. The reply by Jacqui Smith is a sign that the present home secretary is less inclined to invest in the nascent unit than her predecessor David Blunkett.…
Adobe plagued by 16-month-old XSS bug
Not to mention banks and ecommerce sites
More than 16 months after researchers warned that critical vulnerabilities in Adobe Flash files leave websites vulnerable to phishing and other serious attacks, a wide array of pages - some hosted on Adobe.com itself - remain vulnerable.…
Microsoft slapped for Windows-only Office patch
Mac patch on the way
Microsoft has defended its decision to release a Windows-only security patch for its Office program after a researcher warned it put Mac users of the software at risk.…
Cyber attack could bring US military response
No options removed from table
The United States' top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.…
Pirate Win 7 ruse used to build botnet
Zombie torrent
A Trojan buried within counterfeit copies of Windows 7 RC was used to build a botnet of compromised PCs.…
Patches bring zero-day relief from PDF and PowerPoint flaws
Phew
Microsoft has released a solitary bulletin that covers 14 vulnerabilities in PowerPoint, including a zero-day bug that has been the target of hacker exploitation over recent weeks, as part of its May Patch Tuesday update.…
Apple releases OS X 10.5.7 update
Squeezes Leopard's spots
Apple released an update to its Leopard operating system yesterday that comes loaded with a host of security and bug fixes as well as added hardware support.…
Court upholds 'hacking' charge against smut-surfing worker
Interesting definition leads to severe legal flagellation
A US court has turned down an appeal from a man convicted of computer hacking offences for using a workplace computer to post nude pictures of himself onto a swingers website.…
Europe calls for rules on RFID chips
Reding outlines responsibilities for companies
The European Commission has put out a series of recommendations to protect European citizens from the privacy risks associated with RFID chips.…
US teen pleads guilty over Scientology DDoS attacks
Anonymous botnet hacktivist faces spell behind bars
A US teenager has admitted involvement in a high profile denial of service attack against Scientology websites last year.…
XSS flaws found in sites of multiple anti-virus firms
Dirty half-dozen
Security researchers have revealed that the websites of no less than six anti-virus firms are vulnerable to cross-site scripting flaws, of a type that might lend themselves to phishing attacks.…
Confirmed Gmail outage, (Thu, May 14th)
I am affected as well. :) We've received several reports in the past few minutes about Gmail ...(more)...
Twitter for the Internet Storm Center, (Thu, May 14th)
Even if you don't use Twitter, or could care less, you might want to read this post. ...(more)...
Adobe Acrobat (reader) patches released, (Tue, May 12th)
While patching your macs and windows machines on reboot Wednesday tomorrow, don't forget to patch ad ...(more)...
Apple patches and updates, (Tue, May 12th)
Apple released patches today: Apple OS X 10.5 ...(more)...
MSFT's version of responsible disclosure , (Tue, May 12th)
Microsoft is the one big company screaming loudest of all over responsible disclosure. ...(more)...
May Black Tuesday Overview, (Tue, May 12th)
Overview of the May 2009 Microsoft patches and their status. # ...(more)...
Sysinternals Updates 3 Applications, (Mon, May 11th)
Sysinternals blog has announced three new updates. Thanks to Roseman for the heads up! Au ...(more)...
EU Commissioners Call For Expanding Consumer Protection Laws to Software (May 9, 2009)
European Union Commissioners Viviane Reding and Meglena Kuneva have proposed that the EU Sales and Guarantee Directive, which applies to physical products, be extended "to cover licensing agreements of products like software" as well.......
FBI to Station Cyber Crime Agent in Estonia (May 11, 2009)
The Federal Bureau of Investigation plans to station a cyber crime expert in Estonia.......
Court Approves Ameritrade Class Action Suit Settlement (May 11, 2009)
Formal notice of a class action lawsuit settlement agreement involving Ameritrade customers whose data were exposed in a security breach will be published later this week.......
Court Upholds Felony Hacking Conviction (May 7, 2009)
An Ohio man's felony hacking conviction was upheld in appellate court late last month.......
US Military Intent on Increasing Interest in Cyber Warfare Career Paths (May 11, 2009)
The US military has demonstrated a growing awareness of the need to develop effective defense against cyber attacks.......
Vulnerability in Windows 7 Release Candidate (May 11, 2009)
A flaw has been found in the most recent Windows 7 Release Candidate; Microsoft has issued a hotfix for the vulnerability.......
Microsoft to Test Windows 7 Update Process on May 12 (May 11, 2009)
Microsoft plans to test the update process for Windows 7 on Tuesday, May 12 by sending out phony patches to PCs running the newest release candidate.......
Skimmers Used in ATM Thefts
Thieves in Staten Island, NY installed devices on ATMs at several branches of Sovereign Bank that allowed them to harvest account access data information.......
UC-Berkeley Data Breach Affects 160,000 Individuals (May 8 & 11, 2009)
A breach of databases at the University of California, Berkeley's health services center compromised personally identifiable information, including Social Security numbers (SSNs), and health insurance data, of more than 160,000 students, alumni and some spouses or parents of students and alumni.......
Johns Hopkins Hospital Notified 10,000 Patients of Possible Data Breach (May 11, 2009)
Johns Hopkins Hospital in Baltimore, MD, is notifying more than 10,000 current and former patients that their personal information may have been compromised.......
Scammers Target Economic Stimulus Payment Recipients (May 11, 2009)
According to a report in The Wall Street Journal, scammers are targeting people who are expecting to receive economic stimulus payments from the US Social Security Administration (SSA) this month.......
Study reveals lack of financial wireless computer security
By Marcia Savage
Vulnerability scanning in the financial districts of seven cities by AirTight Networks show many misconfigured and unmanaged wireless network access points.
Forrester advises cautious approach to cloud computing services
By Robert Westervelt
While it could save money, many firms should understand the security, privacy and legal issues when using cloud-based services.
Adobe issues Reader update fixing zero-day flaw
By SearchSecurity.com Staff
Exploit code to attack a remote code execution flaw in Adobe Reader was available in the wild.
Botnet threats and countermeasures
By Robert Westervelt
AT&T Labs' Brian Rexroad shares how the telecommunications giant detects and defends its network against botnets.
Software piracy losses total $53 billion, study finds
By SearchSecurity.com Staff
The sixth annual Global Software Piracy Study found software piracy dropped in about half of the 110 countries studied.
Microsoft updates Office to address serious PowerPoint vulnerabilities
By Robert Westervelt
One of the PowerPoint zero-day flaws was being actively targeted by attackers.
UC Berkeley breach affects 160,000
By SearchSecurity.com Staff
Hackers gained access to databases in the campuses health services center from Oct. 9, 2008 until April 9, 2009.
Sun IDM Arbitrary Commands Execution Vulnerability
Sun Identity Manager facilitates centralized identity provisioning for variety of application and platforms. Its web interface allows end users to request password change. To handle such requests the system has to manipulate account databases on the target resources. In the case of *NIX-based systems the management server remotely logs in to a target server and issues a series of shell command, using send-expect technique.
LevelOne AMG-2000 Proxy Bypass Vulnerability and Plain Text Passwords
AMG-2000 is an AP Management Gateway dedicatedly designed for small to medium-sized network deployment and management, making it an ideal solution for easily creating and extending WLANs in SMB offices. AMG-2000 uses an internal Squid proxy to restrict access to the wireless LAN or Internet, e.g. by supplying a username/password on the portal site.
FormMail Multiple Vulnerabilities
Multiple vulnerabilities exist in FormMail software cross site scripting, HTTP response header injection and HTTP response splitting.
AjaxTerm Session ID Collision
AjaxTerm, an open source web based terminal, uses a form of random session id generation which can lead to remote session hijacking.
A-A-S (Application Access Server) Multiple Security Vulnerabilities
The Application Access Server is vulnerable to extremely dangerous XSRF (Cross Site Request Forgery) attacks. A remote attacker can use the XSRF flaw to take control over the system running the A-A-S server. The issue is triggered when a web page containing a malicious JavaScript code is viewed. Such malicious code can automatically make requests to the AAS server on the user's behalf.
Quagga Linux Denial of Service Vulnerability
…
FRISK Software F-prot CAB Bypass / Evasion
FRISK Software produces "the hugely popular F-Prot Antivirus products range offering unrivalled heuristic detection capabilities".
Oracle Database SQL Injection vulnerability in LT.ROLLBACKWORKSPACE
. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS.
CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities
. A remote attacker can exploit a buffer overflow to gain apache privileges, or cause a denial of service. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities.
Symantec System Center Alert Management System Console Arbitrary Program Execution Vulnerability
…
Google vs. Gumblar: Search Engine Abused in New Round of Stealthy Attacks
A wave of Website compromises is infecting users with malware that redirects Google search results to malicious pages. The malware, which so far is targeting users of Internet Explorer, also steals FTP credentials and installs a backdoor.
- A multipronged attack targeting users of Internet Explorer is poisoning Google search results and redirecting users to compromised pages. According to ScanSafe, the stealthy malware is hitting computers via drive-by attacks leveraging PDF and Adobe Flash exploits. Once installed, the malware a...
Boface.BJ.Worm Uses Facebook to Trick Users
PandaLabs reports the discovery of Boface worm variant No. 56, called the Boface.BJ.worm, which tricks users into purchasing a fake anti-virus application after convincing them to download and install malware via Facebook. Some 1 percent of all computers scanned by the Panda ActiveScan online scanner have been infected with Boface since August 2008.
- PandaLabs announced May 14 that has uncovered a variant of the Boface worm known as the Boface.BJ.worm that uses Facebook to trick users into purchasing fake anti-virus software. The malware analysis and detection laboratory, run by Panda Security, estimates that roughly 2 million Facebook user...
Key Exchange
In this eWEEK podcast hosted by Mike Vizard, the director of product marketing for Thales, Kevin Bocek, talks about the impact that a new KMIP (Key Management Interoperability Protocol) standard will have on spurring widespread adoption of encryption.
- Audio Podcast Content....
Social Networks 10 Times as Effective for Hackers, Malware
Research from Kaspersky Lab shows malware on social networking sites such as Facebook and MySpace is 10 times more successful at infecting users than e-mail-based attacks. Enterprises and users need to adopt sound security practices to deal with the problem.
- That hackers are using sites such as Facebook, LinkedIn and MySpace to launch attacks is no revelation. New statistics, however, show just how effective malware on social networking sites can be. In its quot;Malware Evolution 2008 quot; report, published in February 2009, Kaspersky Lab r...
Will Windows 7 Overcome Anti-Virus Fear and Loathing?
Anti-virus systems: can't live with them, can't live without them. But that may all change with Windows 7, which improves on and streamlines security measures already baked into Windows operating systems.
- I hate anti-virus. There, I said it. And it felt good. For many years, I chose not to use AV on my personal systems, choosing vigilance about my downloads, e-mail attachments, and application and OS updates over relying on a third-party solution to keep me free from infection. However, once d...
Adobe Swats Reader, Acrobat Bugs
Adobe Systems patches two zero-day vulnerabilities affecting multiple versions of Adobe Reader and Adobe Acrobat. One security vulnerability affects Reader and Acrobat across all platforms; the second bug affects Reader on Unix systems.
- Adobe Systems released patches for zero-day flaws in Adobe Reader and Adobe Acrobat on May 12. The first of the Adobe bugs, a problem with the GetAnnots Doc method in the JavaScript API, affects Adobe Reader and Acrobat versions 9.1 and earlier across all platforms. To exploit this vulnerabil...
Microsoft Closes PowerPoint Security Holes
Microsoft plugs a zero-day hole in Office PowerPoint as part of Patch Tuesday. The sole Microsoft security bulletin for May also addresses 13 other vulnerabilities affecting Office PowerPoint.
- Microsoft pushed out a patch May 12 to give Office PowerPoint users a shield against ongoing attacks targeting a zero-day vulnerability. The fix is part of the month's sole Patch Tuesday security bulletin a massive patch for a total of 14 security issues in PowerPoint. The only flaw known to...
Pirated Windows 7 Builds Botnet with Trojan
Security researchers at Damballa report shutting down the command and control server of a botnet built by a Trojan bundled with pirated copies of Windows 7 RC. The Trojan is believed to have infected thousands of users.
- Attackers pushing pirated, malware-laced copies of Microsoft's upcoming Windows 7 operating system have been actively trying to build a botnet. According to researchers at Damballa, attackers hid a Trojan inside of pirated copies of the operating system and began circulating them on BitT...
Conficker, Coreflood and Other Malware Madness on Your PC
There are pieces of malware that make a big splash such as Conficker and then those such as Coreflood that for a variety of reasons do a better job of flying under the radar. In the end, the long-term success of a piece of malware to a large extent depends on it being able to avoid both detection and sustained scrutiny by the security community. Doing so can allow attackers to build mammoth botnets to the tune of hundreds of thousands of zombie computers - or, in the case of Conficker, millions. The usual endgame for the hackers, of course, is to turn the mountains of stolen data into money. After discussions with some security vendors and researchers, eWEEK has compiled a short list of some of the stealthier and more persistent pieces of malware out there today.By Brian Prince
Microsoft Delivers Beta 2 of 'Geneva' Identity Server
Microsoft releases Beta 2 of its upcoming next-generation identity management solution, code-named Geneva.
- Microsoft on May 11 released Beta 2 of its upcoming next-generation identity management solution, code-named Geneva. Brendan Foley, director of Product Management for Microsoft's Identity amp; Security Business Group, told eWEEK that the Geneva platform simplifies access to applications and s...
Heartland Breach Blamed for Failed Membership Renewals
In Economy Watch
In February, Bill Oesterle began seeing nearly twice the normal number of transactions being declined for customers who had set up auto-billing on their accounts. The co-founder of Angie's List -- a service that aggregates consumer reviews of local contractors and physicians -- said he originally assumed more customers were simply having trouble making ends meet in a down economy. But as that trend continued into March and April, the company shifted its suspicions to another probable culprit: credit card processing giant Heartland Payment Systems. The data breach last year at Heartland -- a company that processes roughly 100 million card transactions a month for more than 175,000 businesses, has forced at least 600 banks to re-issue untold thousands of new cards in a bid to stave off fraud. For consumers, receiving a new credit or debit card number means contacting companies that have those credentials on file to charge
Adobe, Apple and Microsoft Issue Security Updates
In New Patches
This turned out to be one of the busiest Patch Tuesdays in a long while: Adobe, Apple and Microsoft all independently released software security updates today. Adobe patched two vulnerabilities in its PDF Reader and Acrobat software. The update applies to all supported versions of both programs on Windows, Mac and Linux systems. Adobe vulnerabilities are some of the most heavily used in targeted attacks, and they show up quite a bit in exploit kits that are sewn into hacked and malicious Web sites. So, if you use Reader or Acrobat, try not to let too much time elapse before you apply this update. Redmond issued a single update to plug at least 16 security holes in its PowerPoint software. The Microsoft Office PowerPoint update is rated critical and applies to all supported versions of PowerPoint, including Office for Mac, Microsoft Works 8.5 and 9.0, as well as various Office
Pirated Version of Windows 7 Has Malware Built-in
In Fraud
Security researchers are warning that Internet users who install pirated versions of Microsoft's latest Windows 7 operating system may also be installing malicious software, too. Experts at Atlanta-based security firm Damballa say they first noticed hacked versions of the Windows 7 release candidate available on peer-to-peer file-sharing networks and newsgroups last week, shortly after the OS was released to developers. Damballa found that computers with the tainted versions of Windows 7 were programmed to silently reach out to an Internet server to check for further updates, which in this case is a piece of malware that Kaspersky Antivirus calls Win32.Banload.cdk. "The first thing this does is phone home and get a list of additional malware to install," said Tripp Cox, vice president of engineering at Damballa. Damballa managed to grab control over the server that's contacted by the pirated Windows 7 versions -- codecs.sytes.net. -- which is how it knows
Oprah, KFC and the Great PC Cleanup?
In From the Bunker
Last week, Kentucky Fried Chicken stores around the nation struggled to accommodate a surge of roughly 4 million new customers, after Oprah Winfrey told viewers of her show that they could get a free meal at KFC by printing out an Internet coupon. By most accounts, the marketing gimmick was a disaster, but it got me thinking about Oprah's sheer ability to mobilize the masses. I wondered: How much badness on the Internet would disappear overnight if Oprah suggested that her devotees download, install and run a set of free PC security scanning tools? Probably quite a bit, or at least enough to register a notable drop in global spam volumes, malicious software attacks and other activity that depends largely on remotely compromised PCs or "bots" to do most of the grunt work. Estimates of just how many systems are infected by bot programs vary widely, but even by the
Brief: Financial districts a wireless hacker's paradise
Financial districts a wireless hacker's paradise
Brief: PowerPoint gets hefty fix, Apple inundates
PowerPoint gets hefty fix, Apple inundates
Brief: Cyber attack could bring U.S. military response
Cyber attack could bring U.S. military response
Brief: Hackers steal UC Berkeley health records
Hackers steal UC Berkeley health records
New Wave of "Gumblar" Hacked Sites Installs Google-targeting Malware (PC World)
In technology
PC World - A new round of Web sites hijacks is attempting to install malicious, Google-focused software on unpatched PCs, according to security company ScanSafe, further cementing the drive-by-download approach as a bad-guy tactic of choice.
On Your Side: BitDefender Support Issues (PC World)
In technology
PC World - I purchased BitDefender Anti-Virus 2009 with a registration key for three PCs, but I've been unable to update my older version because the upgrade option on the main menu is grayed out.
Microsoft says hackers seek to attack PowerPoint users (Reuters)
In technology
Reuters - Microsoft Corp said on Tuesday that hackers are seeking to attack users of its PowerPoint presentation software for Windows PCs and released patches to protect them against the threat.
Security Alert: Twitter Porn Names Scam (PC World)
In technology
PC World - Popular social networking site Twitter's current top trending topic, or things that are twittered the most in a period of time has a security hole. What larger hole to patch then that of human error itself. The "twitter porn names" among things to do with your friends and gives you something to tweet about is nothing more then a disguise to get users to publicly post answers to their online security questions.
TA09-133B: Adobe Reader and Acrobat JavaScript Vulnerabilities
Adobe Reader and Acrobat JavaScript Vulnerabilities
TA09-133A: Apple Updates for Multiple Vulnerabilities
Apple Updates for Multiple Vulnerabilities
TA09-132A: Microsoft PowerPoint Multiple Vulnerabilities
Microsoft PowerPoint Multiple Vulnerabilities
Microsoft Security Bulletin Summary for May 2009
Revision Note: V1.1 (May 13, 2009): Removed an erroneous note for MS09-017 pertaining to security updates KB969618 and KB957789 for supported versions of Microsoft Office PowerPoint 2007.Summary: This bulletin summary lists security bulletins released for May 2009.
MS09-017 - Critical: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (May 13, 2009): Corrected the entry in the Affected Software table for "Bulletins Replaced by this Update" and the SMS detection and deployment information for the PowerPoint Viewer 2003 (KB969615) update. Also removed an erroneous footnote from the Affected Software table pertaining to security updates KB969618 and KB957789 for supported versions of Microsoft Office PowerPoint 2007. This is an informational change only. There were no changes to detection or to the files included in this update.Summary: This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft security updates for May 2009
Learn about and download the latest computer security updates for May 2009. Read tips on protecting your computer by using anti-spyware and anti-spam programs.
What is a botnet?
Basic definition of botnets, and links to how to recognize and avoid computer infection. Keep your computer from becoming a zombie by installing a firewall, keeping your antivirus, antispyware, and software up-to-date
What is spam?
Basic definition of spam and how to prevent it, recognize identity theft spams, and avoid phishing.
What are Internet filters?
Basic definition of internet filters, and links to where to download Microsoft filtering services and programs.
What is identity theft?
See a basic definition of identity theft and links to in-depth information about how to recognize and prevent it.
MS09-017 - Critical: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
May 2009 Bulletin Release
By MSRCTEAM on video
Summary of Microsoft’s monthly security bulletin release for May 2009.
Today we released one security bulletin, MS09-017, affecting our PowerPoint products. This update addresses several vulnerabilities including the issue described in Microsoft Security Advisory 969136. In that advisory, we noted that we were aware of limited, targeted attacks.
The security of our customers is important to us and due to these active attacks, we have released the updates for one product line (all versions of Microsoft Office for Windows) so that the majority of our customers can protect their systems. We are able to do this because the updates were ready within the predictable release cycle for the entire product line. Updates for the additional products (Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5 and Microsoft Works 9.0) will be released when testing is complete and we can ensure high quality. When ready, we will revise the bulletin and notify customers.
Risk and Impact
To help with risk assessment and impact analysis, Microsoft provides detailed information in the vulnerability information section of the bulletin as well as the Exploitability Index. The aggregate severity of the bulletin is critical and we give it a 1 on the Exploitability Index which means consistent exploit code is likely (and indeed already in the wild for one vulnerability in this update). Of the 14 vulnerabilities being addressed, there are some things to note:
- We are only (currently) aware of active attacks against CVE-2009-0556.
- We are not aware (currently) of any active or reliable exploits of CVE-2009-0556 against affected versions of Office for Mac.
- Microsoft Office 2007, Microsoft Office 2008 for Mac, Microsoft Office PowerPoint Viewers, and Microsoft Works versions 8.5 and 9.0 do not contain the CVE-2009-0556 vulnerability.
- When we released Microsoft Security Advisory 969136 on April 2, 2009, both the Security Research & Defense and the Microsoft Malware Protection Center (MMPC) teams posted analysis to their blogs. This information provides valuable insight in to the active exploits.
- The bulletin is rated critical only for Microsoft Office PowerPoint 2000 SP3. All other versions have an aggregate rating of important.
- The only vulnerability that affects all products in the affected products list is CVE-2009-0224. This vulnerability was responsibly disclosed, is rated critical on Microsoft Office PowerPoint 2000 SP3 and important for all the other affected products.
Mitigations and Workarounds
For mitigations and workarounds, I will simply reiterate the information previously stated in the Security Research & Defense blog:
There are a couple workarounds you can apply in your environment to protect yourself from potential attacks. If your environment has mostly already migrated to using PPTX, you can temporarily disable the binary file format in your organization using the FileBlock registry configuration described in the MS09-017 security bulletin. Alternatively, you can temporarily force all legacy PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE). The steps to enable MOICE are listed in the MS09-017 security bulletin.
More Information
In the following 8 minute video, I sit down with Adrian Stone from the MSRC to cover this release in a little more detail:
More viewing & listening options:
- Windows Media Video (WMV)
- Windows Media Audio (WMA)
- Large Preview Image (PNG)
- Small Preview Image (PNG)
- iPod Video (MP4)
- MP3 Audio
- Streaming WMV (512kbps)
- High Quality WMV (2.5 Mbps)
- Zune Video (WMV)
As always, our friends in the MSRC have provided further analysis in the Security Research and Defense blog so have a look at that and if you have questions, please join us for our regular live webcast tomorrow (Wednesday May 13, 2009) at 11:00 am PDT (UTC –7). Click HERE to register.
On the malware front, the Microsoft Malware Protection Center (MMPC) has added two new items to the Malicious Software Removal Tool (MSRT): Win32/Winwebsec and Win32/FakePowav.B. Customers can download the Malicious Software Removal Tool (MSRT) here. Additional details can also be found on the Microsoft Malware Protection Center blog.
Support
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Thanks,
Jerry Bryant
Security in the Cloud: Trustworthy Enough for Your Business?
By deb@shinder.net (Deb Shinder)
Taking a look at The Cloud. Is it secure enough for your business?
Cisco Security Center: IntelliShield Cyber Risk Report
May 4-10, 2009
Report Highlight: Hacker Demands US $10 Million for Release of Stored Data
Paul Henry, Security Hero
Paul Henry is truly a Security Hero, he is most well known for his expertise and leadership in digital forensics, but he is actually well grounded. We are thankful he is willing to invest the time to participate in the Security Hero project.
Corporate-Espionage, E-mail Break-in Case Zaps Electronics Industry
The corporate-espionage case of David Goldenberg, former executive with AMX Corp., is rocking the world of high-end office and consumer electronics systems.
Security Logs, Medical Records Found in Disused Hard Drives
A third, or 34 percent, of disused hard drives still contain confidential data according to a new study.
Most Claims Dismissed in Hannaford Data Breach Suit
All but one of the legal claims filed against Hannaford Bros., the Maine-based retailer that suffered a security breach exposing some four million credit cards, have been dismissed.
Microsoft Could Teach Apple a Lesson about Security
Analysis: Both Apple and Microsoft issued huge patches yesterday -- and it's obvious Apple has much to learn about security.
Plug Critical Hole in Adobe Reader
Get the latest patch to fix two serious flaws in the under-attack Reader and Acrobat.
Tiger Gets Security Updates
At the same time that Apple released an update to Leopard (10.5), the company also fixed a number of security issues for users running Tiger (10.4).
The Hidden Secrets of Online Quizzes
You can have a ball taking online quizzes on Facebook and other sites, but here are some things you should know before you do.
Safari 3.2.3 Improves Security
Apple has released Safari 3.2.3, a new release of its Web browser for Mac OS X 10.4, 10.5 and Windows.
PowerPoint Gets Mega Patch
Microsoft's single update patched 14 separate vulnerabilities, 11 of which were rated "critical."
Microsoft Closes PowerPoint Zero-day Hole
Today's Patch Tuesday focused solely on closing a critical, under-attack hole, and 13 others as well, in the Office app.
As Hacking Hits Home, China Strengthens Cyber Laws
China has strengthened its cybercrime laws, pushing maximum sentences from three years to seven.
Teenager Pleads Guilty to Scientology Web Attack
A 19-year-old New Jersey man has pleaded guilty to targeting the Church of Scientology with a DDOS attack last year.
Why You Should Be Worried About Your Privacy on the Web
How much of your personal information is floating around in cyberspace? Beyond your Social Security number, that is ...
Why I Won't Ditch My Google Apps
Analysis: Despite some security glitches, millions of people trust Google with their private data every day.
How to Protect Your Privacy on Google
Google provides many ways to protect your privacy online -- you just need to find them. Here are six good ones.
Secure Your Wi-Fi While Traveling
By Michael Calore
The good news is, you can get WiFi when your traveling pretty much end to end. The bad news: hackers know this, and know these mobile networks are wide open. Take full advantage of them, if only to alleviate the tedium of those long stretches in airports and planes. Just be aware of the dangers, and be safe.
General: We Just Might Nuke Those Cyber Attackers
By Nathan Hodge
How would the American military respond to an attack on its networks? If we take the commander of U.S. strategic forces at his word, they'd nuke those hackers, if need be.
'Anonymous' Member Pleads Guilty to Scientology Web Attacks
By David Kravets
An "Anonymous" member pleads guilty to his role in a DDoS attack of Scientology's website last year. It was the first prosecution against a member of the online griefers.
No comments:
Post a Comment