Report: Mass Injection Attack Affects 40,000 Websites
By Robert A. on IndustryNews
"Researchers at Websense have discovered a mass injection attack that is redirecting Web browsers to a malware-bearing site. According to a weekend report by researchers at Websense, thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site. "The...
New malware attack infecting Web sites
By Tom Krazit
Security firm Websense has put out an advisory warning Web site owners about malicious code that redirects surfers to seemingly safe sites.
About 40,000 Web sites appear to have been compromised with rogue JavaScript code that redirects Web surfers to a fake Google Analytics site, after which they get ...
Center for Internet Security Releases iPhone Security Benchmark
In Risk Management
The Center for Internet Security released security advice for companies looking to securely manage iPhones on their networks.
Obfuscation Helping PDF Attacks Beat AV
In Virus and Spyware
The longtime practice of malware script obfuscation is still going strong, with whitelisting vendors positioning themselves as the best way to address the issue.
Obama's likely pick for cybersecurity head remains murky
Although some analysts have ideas about the qualities the person filling the position might need, no one is naming names of likely contenders.
Nominee: DHS won't lose cybersecurity authority
Rand Beers, the nominee to lead the DHS unit that oversees cybersecurity, said he has been told the department won't lose its authority in that area.
Napolitano names senior cybersecurity officials
Philip Reitinger, deputy undersecretary of DHS' National Protection and Programs Directorate, will also lead the National Cybersecurity Center.
Homeland Security Names New Cybersecurity Officials
Philip Reitinger, who worked in cybersecurity for Microsoft and fought cybercrime for the Department of Justice, will help to coordinate cybersecurity efforts across the government.
Social Engineering Aids Malware Delivery
By Karthik Raman on Malware Research
Earlier today the nice folks at SANS blogged about a malware campaign dressed up as a digital-certificate update for Bank of America. The malicious link contained the substring “bankofamerica.com” and took you to a Web page rigged to mimic Bank of America’s Web page: If you clicked on “Update Certificate,” a certifiably nasty piece of malware [...]
Quality control, data integrity, and the silly season
Every now and then we read about errors that we just have to laugh at. And now and then I get tired of writing serious columns. So today, either indulge me or just ignore this contribution altogether.
Tibco pushing new cloud application delivery system
Tibco on Wednesday is set to unveil Silver, a platform aimed at large enterprises that want to develop and deploy applications in cloud-computing environments, but still harbor uncertainties about that model.
Batteries.com, insurance firm report data breaches
Batteries.com, an online seller of batteries for consumer electronics, and Aviva USA, one of the largest insurance companies in the world, have both reported data breaches in recent days.
DHS names key cybersecurity staff
The U.S. Department of Homeland Security named Philip Reitinger as director of the National Cybersecurity Center, succeedin Rod Beckstrom, who quit the post earlier this year citing turf battles.
Fed Up With Twitter Spam? It’s Going to Get Worse
As every Twitter user knows, the popular micro-blogging site has become a hot spot for spammers intent on carpet bombing users with the usual pitches for government grants, debt-reduction services, and penile-enhancement pills.
Security tightened for .org
The Public Interest Registry will announce today that it has begun cryptographically signing the .org top-level domain using DNS security extensions known as DNSSEC.
Apple patches 10 critical QuickTime bugs
Apple on Monday patched 10 critical vulnerabilities in QuickTime, including one that was hinted at in a Mac hacking book three months ago.
Cybersecurity: What will the attention span be this time?
The idea that the White House would be interested in cybersecurity is not new. At least since former President Bush appointed Richard Clarke as National Coordinator for Security, Infrastructure Protection and Counterterrorism there has been some level of attention to this topic. But this attention has seemed to fade quite quickly after someone is appointed to a high-level cybersecurity czar-like role. Most people who have taken on that role have quickly quit in frustration.
LogLogic to protect against Britney Spears snoopers
LogLogic has responded to the rising number of unauthorised attempts to gain access to sensitive data, after launching a security product specifically designed to protect databases.
Thousands of Web sites stung by mass hacking attack
Up to 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.
Sophos suite combines encryption, antimalware for Windows desktops
The Endpoint Security and Data Protection suite from Sophos includes full-disk encryption plus anti-malware, application control and intrusion protection.
Oregon joins list of states saying no to Real ID
Oregon is one step closer to becoming the latest in a steadily growing number of states to reject the federal Real ID Act.
Apple patches QuickTime bug that was hidden in book
Apple has issued patches for its QuickTime and iTunes software, fixing critical security flaws along with a bug that was first hinted at earlier this year in a book on Macintosh computer hacking.
Busted: the NSW Police crime fighting toolkit
NSW Police will have access to a new forensic information database within nine months along with a suite of centralised records management and field imaging systems.
Twitter 'Best Video' Scam Attacks PCs
Crooks are going after Twitter users once again, this time with a "Best Video" tweet that attempts to lure victims into visiting a site that will launch PDF-based attacks.
Fake Outlook config scam aims to harvest logins
New spin on social engineering also punts scareware
Cybercrooks have come up with a new way to trick prospective marks into handing over login credentials or installing fake security (scareware) packages.…
US issues revised e-voting standards
Stringent recommendations for testing
The National Institute of Standards and Technology (NIST) delivered an update on Monday to the United States' electronic voting standards, adding more requirements to test systems for accuracy and reliability and additional rules to make paper audit trails easier to review.…
40,000 sites hit by PC-pwning hack attack
'Beladen' bedevils web surfers
More than 40,000 websites worldwide have fallen under the spell of a sneaky piece of attack code that silently tries to install malware on the machines of people who visit them, security experts from Websense have warned.…
Apple plugs QuickTime and iTunes flaws
Hinted-at QuickTime exploit walled up
Apple has released updates for QuickTime and iTunes designed to plug multiple security vulnerabilities.…
Digital Spy struggles to pin down tainted ad infection
Mystery malware assaults online gossips
Updated UK celebrity gossip website Digital Spy has apologised after serving up banner ads laced with malware earlier this week.…
Another Quicktime Update, (Tue, Jun 2nd)
Apple released another Quicktime update, version 7.6 ...(more)...
WH cybersecurity plan needs private sector guidance
By Eric Ogren
The job of critical infrastructure protection must include guidance from the private sector to put best practices to work at the federal level.
Hackers targeting unpatched Microsoft DirectShow flaw
By SearchSecurity Staff
Software giant is investigating a newly discovered flaw in DirectShow's QuickTime parser that could allow an attacker to execute code remotely
How to Secure Sensitive Data Before a Layoff Occurs
Over the past six months, many of us have become desensitized to the staggering number and size of layoffs that continue to occur almost daily. But the reality for the IT industry is that layoffs have a different effect on those of us in the industry whose mission it is to protect the company's reputation, intellectual property, confidential data (both electronic and hard copy) and business operations. Knowledge Center contributor Gregory Shapiro outlines seven steps IT professionals can take to protect their company's data before a layoff is implemented.
- Unlike individual employee terminations, which are customarily unannounced and immediate, layoffs present a larger threat to corporations because they leave the door open to both intentional and unintentional data loss, leakage and integrity problems. When employees sense impending layoffs or a...
Sophos Arms New Security Suite with Encryption Technology
Sophos releases its Security and Data Protection suite, which combines several different offerings. Included in the mix are full-disk encryption, e-mail encryption and Web security technology.
- Sophos is bringing together its e-mail, endpoint and Web security technologies in a new protection suite aimed at slashing costs and administration for enterprises. With the Security and Data Protection suite, Sophos is combining several offerings: Endpoint Security and Data Protection, Ema...
Microsoft's Fix for the Firefox Add-on Snafu
In New Patches
Last week, I received a tremendous reader response to a post I wrote about a security update from Microsoft that silently installed a "Microsoft .NET Framework Assistant" add-on for Firefox users that was difficult and risky for users to uninstall. Given the emotional buttons this subject pushed among a large number of readers, I've put together a brief update along with some information provided in the comments to the previous post. Since that posting, someone pointed out that Microsoft has issued a patch in an apparent bid to appease those who have cried foul about this silently installed add-on. The patch is available and detailed at this link here. The update patches Windows systems so that the add-on installed by Microsoft can be successfully uninstalled without the user having to manually edit the Windows registry. (While editing the registry isn't all that difficult, a misstep can cause serious problems and
Security Updates for iTunes, QuickTime
In New Patches
Apple has issued updates to fix security issues in its QuickTime media player and iTunes software. Updates are available for both Mac and Windows versions of both programs. The QuickTime patch brings the program to version 7.6.2, and plugs at least 10 security holes, including two that are specific to the Windows version of QuickTime. The iTunes update, version 8.2, fixes a single yet critical flaw in iTunes that could let a malicious Web site use the program to install software on the user's system. Apple users can grab the updates from Software Update. Windows users will need to use the bundled Apple Software Update program to fetch these.
Fed Up With Twitter Spam? It's Going to Get Worse (PC World)
In technology
PC World - As every Twitter user knows, the popular micro-blogging site has become a hot spot for spammers intent on carpet bombing users with the usual pitches for government grants, debt-reduction services, and penile-enhancement pills.
Apple Plugs Bugs in QuickTime, iTunes (NewsFactor)
In business
NewsFactor - Apple has issued patches for its QuickTime and iTunes software. The patches fix critical vulnerabilities and a bug that was partially revealed in a book, The Mac Hacker's Handbook, by Charlie Miller and Dino Dai Zovi, released in March.
Windows Passwords: Making them Secure (Part 3)
By (Derek Melber)
How to make a Windows password secure enough to solve all of the issues that were covered in the first two installations of this series.
U.S. Military Turns to Twitter for Afghan Hard News
By Reuters
KABUL (Reuters) - "What are you doing?" For the U.S. military in Afghanistan, the answer to the latest social networking craze seems to be: "Killing Taliban."
U.S. commanders launched their "social networking strategy" for Afghanistan Tuesday, using the hugely popular website Twitter to release information about some of their operations (http://twitter.com/usfora)
Ex-Fed: Privacy Advocates Should Go After China, Lay Off NSA
By Kevin Poulsen
Former NSA general counsel Stuart Baker raises the specter of government spying at the Computers Freedom and Privacy Conference but says China is the real threat, not the NSA.
Accused Rogue Admin Terry Childs Back in Court
Former network administrator for city of San Francisco appeared for another hearing last week, after months of postponements.
The Truth About Apple, Security and Responsibility
While we might continuously debate glossy vs. matte screens, the visual aesthetics of a translucent dock, or the value of MobileMe, few issues in the Apple...
Learn How to Speak Wi-Fi
What's beamforming? Airtime fairness? When a vendor claims to support "wireless security," what kind of security are we talking about?
Review: E-mail Encryption Made Easy
What are you doing to protect your company's sensitive e-mail? We test three apps that can ease the process.
Sophos Suite Combines Encryption, Anti-Malware
The Endpoint Security and Data Protection suite from Sophos includes full-disk encryption plus anti-malware, application control and intrusion protection.
Security Tightened for .org Domain
The Public Interest Registry will announce that it has begun cryptographically signing the .org top-level domain.
Apple Patches 10 Critical QuickTime Bugs
Apple this week patched 10 critical vulnerabilities in QuickTime, including one that was hinted at three months ago.
Posts
No comments:
Post a Comment