Tuesday, June 2, 2009

Around The Horn vol.1,113

AV-Comparatives May 2009 report: three winners

By emil.protalinski@arstechnica.com (Emil Protalinski) on Av-Comparatives

AV-Comparatives is known for the thorough tests it does on security software. Following its February 2009 on-demand report, the company has released its May 2009 retrospective/proactive test. It is the second part of the previous report: the same 16 products (Command Anti-Malware was excluded), last updated on February 9, were set on the same highest detection settings. New samples from a week after the update were used in the test that looked at proactive detection capabilities. The detection rates (in percentage points) for the new malware were put into the following graph below:

Insecure Magazine 21 (June) Released

By Robert A. on Research

Insecure magazine 21 has been released and covers the following. Malicious PDF: Get owned without opening Review: IronKey Personal Windows 7 security features: Building on Vista Using Wireshark to capture and analyze wireless traffic "Unclonable" RFID - a technical overview Secure development principles Q&A: Ron Gula on Nessus and Tenable Network...

iTunes 8.2 preps for new iPhone firmware

By Seth Rosenblatt

Earlier today, Apple updated iTunes to get it ready for the anticipated iPhone firmware upgrade to version 3.0. The company also updated its QuickTime video player.

iTunes 8.2, for Windows and Mac, makes the program ready for the iPhone and iPod Touch operating system upgrade by pushing out ...

'Best Video' scam on Twitter dropped malware

By Elinor Mills

Twitter users were hit with another attack over the weekend featuring tweets reading "Best Video" and a link to a Web site that downloads malware, a security firm said on Monday.

The Web site, with a .ru (Russia) domain, purports to show an embedded YouTube video. Instead, the page downloads ...

Online Criminals Transfer Trillions Through Swiss Bank Accounts

By Rik Ferguson on Web 2.0

This is the story of how an amateur criminal used a simple piece of code and exploited some poorly written software to amass trillions of dollars and then distribute his ill-gotten gains almost at random.   A few online games have already been launched, designed to take advantage of Twitter’s huge and rapidly expanding user base. Arguably [...]

What Obama's Cybersecurity Plans Mean For Businesses

Administration's new cybersecurity policies could yield new security regulations and incentives for enterprises, experts say

DHS expands RFID use at borders today

DHS has started the Western Hemisphere Travel Initiative, which requires displaying eligible ID documents, most with RFID tags, at land and sea borders.

$300M in transit grants to aid in homeland security projects

DHS announced $300 million in economic stimulus law funding is available for eligible port security and mass transit projects.

New cybersecurity coordinator faces complicated road

Of the major goals laid out in the Cyberspace Policy Review, creating an effective information sharing and incident response capability across government and the private sector presents some of the greatest technological challenges and trickiest policy minefields.

Mobile Phones Face Hacking Threat, Experts Say

A flaw -- which enables criminals to access a cellphone data connection, steal data or install or remove programs -- gained wider attention at the BlackHat Europe security conference.

McAfee Releases June Spam Report

By David Marcus on Web and Internet Safety

Today we released our Spam Report for the month of June. In it we discuss two key findings: President Obama’s First 100 Days of Spam Although you might imagine the change of administration in the United States would have a major impact on the Internet, the first 100 days of Obama’s presidency were mostly business as [...]

Twitter hit with rogue anti-virus scam
For-profit attack

Twitter users over the weekend were the target of a scam that tried to infect them with rogue anti-virus software and other malware, in what is one of the first times the micro-blogging site has been hit by a known for-profit attack, a security researcher said.…

Feds quiz former worker over Texas power plant hack
Danger danger! High voltage!

A former employee at a Texas power utility was arrested late last week over accusations he crippled its energy forecast system after launching a hacking attack.…

Plague of web bugs descend on British sites
HSBC, Barclays, The Telegraph bitten

It's been a busy week for high-profile web vulnerabilities, with discoveries of careless bugs on the sites of three British companies.…

Linksys router ripe for remote takeover
Stealth attack exploits gullible management console

A security researcher has discovered a flaw in a popular Linksys router that could allow attackers to remotely hijack the device using its web management console.…

Firefox users flip out over sneak MS add-on
Silent, but deadly annoying

Firefox fans are up in arms after a recent Microsoft software update silently installed a Firefox extension that is difficult to remove.…

MP 'devastated' over Facebook profile hack
'Outlawed from cyberspace and unable to communicate with my cyber friends'

A backbench Tory MP was left "devastated" after his Facebook account was hacked.…

Yet another "Digital Certificate" malware campaign, (Mon, Jun 1st)

Thanks to ISC reader Tom for passing on yet another socially engineered attempt to install malware i ...(more)...

Hackers Hit 40,000 Websites with Mass Compromise

Hackers have compromised about 40,000 legitimate Websites, infecting them with malicious JavaScript that ultimately redirects users to a malicious site, says Websense. Security researchers at Websense say the tactics are reminiscent of the notorious RBN group.
- Researchers at Websense are reporting a mass compromise that may have affected as many as 40,000 Websites. Although Websense would not name any of the compromised sites, researchers said the victims did not include any big-name government or business sites.

Twitter Hit with Fake Security Software Scam

Kaspersky Lab says Twitter has been hit with a scam that tries to rope users into buying bogus security software. Twitter users who were tricked into clicking on a link in a tweet were taken to a site that attempted to download scareware, according to Kaspersky Lab.
- Researchers at Kaspersky Lab have uncovered what may be the first attempt by attackers to use Twitter for scareware scams. The attack begins with a message, or tweet, with the words quot;Best Video quot; laced with a malicious link. Those tricked into clicking the link are directed to a rogu...

Beladen Loads Hacked Web Sites With Badness

In Latest Warnings

At least 40,000 Web sites recently were hacked and retrofitted with instructions that silently attempt to infest visitor PCs with malicious software, security experts warn. Internet security firm Websense has dubbed this series of attacks "Beladen," because the infected sites divert visitors to a site called beladen.net -- one of at least two exploit domains implicated in this attack (this domain actively serves malicious software, so please do not visit it). Stephan Chenette, a senior security researcher at Websense, said the company is not sure how the attackers are breaking into the hacked sites, and that it is still in the process of determining what the malware installed on victim's PCs actually does. However, each hacked Web page shares the same blob of obfuscated Javascript code, which is appended to the bottom of the hacked page's HTML. Each hacked site redirects to Web sites that bombard the visitor's PC with

Experts warn mobile phones face hacking threat (Reuters)

In business

Reuters - Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.

SB09-152: Vulnerability Summary for the Week of May 25, 2009

Vulnerability Summary for the Week of May 25, 2009

Hackers Compromise 40,000 Web Sites

Posted by InfoSec News on Jun 2

http://www.eweekeurope.co.uk/news/hackers-compromise-40-000-web-sites-1029

Security researchers at Websense say the tactics are reminiscent of the notorious RBN group.  Researchers at Websense are reporting a mass compromise that may have affected as...

Cisco Security Center: IntelliShield Cyber Risk Report

May 25-31, 2009

Report Highlight: European Union Sues Sweden Over Data Retention Laws

Construction Crew Severs Secret 'Black Line'

By Kim Zetter

A fiber optic cable not found on any map is accidentally severed during construction work on a Virginia office building. Within minutes, a bunch of sinister bodies are on the scene.

Apple Patches QuickTime Bug That Was Hidden in Book

Apple has released security updates for QuickTime and iTunes.

QuickTime 7.6.2 Enhances Security, Updated for ITunes 8.2

Apple on Monday released QuickTime 7.6.2 for Mac and Windows. The update is available for download from Apple's Web site and through the Software Update system...

Experts: Obama Cybersecurity Plan Short on Details

Some cybersecurity experts say an Obama plan lacks details.

4 Tips to Fight Botnets

Analysis: An overview of the nasties gunning for Your network, and solid suggestions for thwarting them.

Microsoft Strips Three-App Limit From Windows 7 For Netbooks, Adds Hardware Limitation

Turns out Windows 7 Starter Edition's limit of running three applications at once was the lesser of two evils.

No comments:

Post a Comment

My Blog List