Thursday, July 23, 2009

Around The Horn vol.1,141

UAE cellular carrier rolls out spyware as a 3G "update"

By jtimmer@arstechnica.com (John Timmer) on Spyware

With the proliferation of ever more capable smart phones, many security experts are predicting that the cellular world will be the new malware frontier. Always-on Internet connections and direct SMS messages do provide a lot of opportunities for external parties to inject malware into a user's phone. But in what may be developing into the most disturbing instance in the relatively short history of cellular malware, Blackberry users in the United Arab Emirates have had a spyware package placed on their devices through the actions of their carrier, which claimed it was necessary for a service upgrade.

IT admins: users' online antics greatest threat to security

By jacqui@arstechnica.com (Jacqui Cheng) on Web 2.0

Hackers don't have to work very hard to steal information from people and organizations—people are pretty willing to give it away. Social networks and other Web 2.0 sites are making it ever easier for Internet users to accidentally share too much information or become victim to phishing scams, leading to security research firm Sophos to warn IT admins on how to handle employee use of these services.

Adobe to fix critical Flash hole next week

By Elinor Mills

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component .

Researchers to offer tool for breaking into Oracle databases

By Elinor Mills

During their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas, security experts will release a tool that can be used to break into Oracle databases.

Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give out "all the tools to ...

Gmail offers auto-unsubscribe feature for newsletters

By Elinor Mills

Gmail Auto-unsubscribe gives you the option to have Google unsubscribe you from mailing lists.

Ever sign up for a newsletter and then regret it later and feel too lazy to go back to the source and unsubscribe? Well, instead of just marking the messages as spam and hoping ...

Adobe investigating zero-day bug in Flash

By Elinor Mills

Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is ...

Another round of Hacktivism

By Rik Ferguson on web

Independent websites dedicated to high profile Indian political figures have been compromised in a targeted attack.   The websites manmohansingh.org and soniagandhi.org have both been compromised by the same group who have injected defamatory and inflammatory content into many of the pages. Although these sites are not official, they are returned int he first page of a [...]

Touting Possible Benefits of Windows 7 Security

In Vulnerability Research

At least one respected security researcher believes that Windows 7 should prove effective at stemming some forms of electronic attack.

Panel OKs bill that would increase cybersecurity oversight

A Senate committee has approved a bill that would require the president to notify Congress about existing and new cybersecurity programs that involve personally identifiable information.

IG: DHS should get new infrastructure data system

The Homeland Security Department should finish the acquisition process for a new system that will be used to keep track of critical infrastructure, DHS' inspector general said.

Wanted: Cyber Warriors and Media Sanitizers

Posted by InfoSec News on Jul 23

http://www.wired.com/threatlevel/2009/07/raytheon/

By Kim Zetter
Threat Level
Wired.com
July 22, 2009

Defense and intelligence contractor Raytheon is moving into the
lucrative realm of cyber warfare, and wants to hire hundreds of cyber warriors toplay offense and defense,...

Hacking Oracles database will soon get easier

Posted by InfoSec News on Jul 23

http://www.washingtonpost.com/wp-dyn/content/article/2009/07/22/AR2009072202447.html

By Jim Finkle
Reuters
July 22, 2009

BOSTON (Reuters) - Hackers will soon gain a powerful new tool for
breaking into Oracle Corp's database, the top-selling business software used by companies to store...

Math students tackle cryptography

Posted by InfoSec News on Jul 23

http://www.chicagotribune.com/features/chi-cryptomath-city-zonejul22,0,1591681.story

By Angie Leventis Lourgos
Special to the Tribune
July 22, 2009

Julius Caesar is said to have encrypted battle plans in an alphabetical code, protecting the life-or-death messages from spies.  That...

Intell chief: Source of cyberattacks still unknown

Posted by InfoSec News on Jul 23

http://fcw.com/articles/2009/07/22/web-blair-cyberattack-responsibility.aspx

By Ben Bain
FCW.com
July 22, 2009

U.S. authorities haven’t figured out who was behind the recent cyberattacks that temporarily knocked some federal Web sites off-line, the country’s top intelligence official...

HSBC companies slapped with US5M fines over data breaches

Posted by InfoSec News on Jul 23

http://www.zdnetasia.com/news/business/0,39044229,62056295,00.htm

By Jo Best
Special to ZDNet Asia
July 23, 2009

Three HSBC companies have been hit with fines after the financial
services watchdog found they weren't doing enough to protect customers' data.

The Financial Services...

The AP Plans 'News Registry' To Protect Content

The world's oldest and largest news gathering organization aims to fight online theft of its content with digital tracking beacons.

Privacy Tool Makes Internet Postings Vanish

The open source tool called Vanish encrypts any text that's entered into a browser and scatters it, in disappearing pieces, across a network.

Adobe Warns Of Critical Flash Vulnerability

Echoing security warnings issued earlier this year, Adobe is warning users of Flash Player, Reader, and Acrobat to exercise caution online due to a zero-day vulnerability that's being actively exploited.

Rising Internet Fraud, Darknets On Agenda At Black Hat

The information-security community is set to converge for the industry's premier conference as Black Hat comes to Las Vegas on July 25 - 30.

Researchers Bypass Secure Web Connections

EV SSL certificates are supposed to help people feel more secure online. But at Black Hat next week, two researchers plan to disclose a way around SSL protection.

New Zero-Day Attacks Use PDF Documents

By Vitaly Zaytsev on Zero-Day

As we already mentioned multiple times in the past, exploits that take advantage of newly discovered holes in popular applications represent a growing threat to Internet users. Many, if not most, computer systems are vulnerable to these attacks. More evidence shows zero-day attacks remain the preferred choice of cybercriminals. Today, a new unpatched Adobe vulnerability has [...]

Adobe promises patch for seven-month old Flash flaw

Adobe admitted its Flash and Reader software have a critical vulnerability and promised it would patch both next week.

Malware levels to exceed those of 2008

Security firm McAfee has identified more than 1.2 million different types of malware in the first half of 2009.

25% of firms suffer social-network phishing attacks

Cybercriminals are increasing the number of attacks on social networks, says Sophos.

Mozilla patches 11 serious bugs in older Firefox 3

Mozilla yesterday patched 11 vulnerabilities, 10 of them critical, in Firefox 3.0, the browser that Mozilla plans to stop supporting sometime in January 2010.

Adobe confirms Flash zero-day bug in PDF docs

Adobe is investigating a critical flaw in its Flash format that is currently being exploited by hackers using malicious PDF documents, according to the company's security team and outside researchers.

Zero-day PDF Attack Goes After Flash Flaw

Adobe's unfortunate security problems continue: Symantec today reported that is has discovered a new attack in the wild using malicious PDFs that target a zero-day security hole in Adobe Flash.

Congress eyes biometric authentication for job eligibility

In a move likely to worry opponents of a national ID card, some lawmakers in Congress are proposing that biometrics be used to authenticate the identity of anyone seeking a job in the U.S.

Mind Games: How Social Engineers Win Your Confidence

Social engineering and mind games expert Brian Brushwood has not come by his knowledge in the traditional manner of school or business training. Brushwood is the host of the Internet video series Scam School, a show he describes as dedicated to social engineering in the bar and on the street.

DNS security, net neutrality up for debate at IETF meeting

Standards body IETF will tackle the Internet's toughest problems, including DNS security, IPv6 adoption and network neutrality, at its Stockholm meeting next week

New tool makes cloud-dwelling data self-destruct
Prototype makes sensitive emails 'vanish'

Just in time for the evolution to cloud computing, boffins at the University of Washington have developed a tool that makes electronic data self-destruct automatically after a set period of time.…

Total eclipse used to bait scareware scam
Ruse targets geographically-confused stargazers

Wednesday's total solar eclipse over India and China has been exploited as a bait for sites punting scareware.…

Signed mobile malware prompts Symbian security review
Sexy Space wriggles under testing procedures

Analysis The recent distribution of digitally signed mobile malware raises troubling questions about Symbian's automated approval procedure.…

New attacks exploit vuln in (fully-patched) Adobe Flash
Browse and get owned

Online criminals are targeting a previously unknown vulnerability in the latest versions of Adobe's ubiquitous Flash Player that allows them to take complete control of end users' computers, security researchers warn.…

Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information, (Thu, Jul 23rd)

Earlier this month, Missouri passed a breach notification law as part of on omnibus package of laws ...(more)...

Serious Adobe Flash flaw being exploited

By Robert Westervelt

Purewire principal researcher Paul Royal explains the ins and outs of the latest Adobe Flash vulnerability. Adobe said it plans to fix the flaw by July 30.

Adobe issues security advisory for Flash zero-day flaw

By Robert Westervelt

A serious flaw in Adobe Flash Player could enable an attacker to take complete control of a computer. Security firms are reporting limited attacks in the wild.

Adobe acknowledges serious Flash zero-day vulnerability

By SearchSecurity.com Staff

UPDATED: Adobe Systems Inc. said it was investigating a potential Adobe Flash error. Symantec discovered attacks exploiting an error in a Flash component.

Adobe Vulnerability Targeted in Drive-by Attacks

A new zero-day vulnerability affecting Adobe's Flash Player software is being targeted by attackers via drive-by downloads. Here is some advice on mitigating the vulnerability.

U.S. Must Attract More Cyber-Security Pros, Report Finds

As the Obama administration works to shore up cyber-security, a new report found the government needs new ways to attract the right talent for the job. The report, prepared by Partnership for Public Service and a consulting firm, urged for Congress to be pushed to expand programs for training fresh talent.

Service Offers to Retrieve Stolen Data, For a Fee

In Web Fraud 2.0

A former cyber cop in the United Kingdom is heading up a new online portal that claims to offer a searchable database of about 120 million consumer records that have been phished, hacked or otherwise stolen by computer crooks. Visitors who search for their information and find a match can verify which data were stolen -- for a £10 ($16.50) fee. Colin Holder, a retired detective sergeant with the Metropolitan Police, said the idea for lucidintelligence.com became obvious shortly after he resigned from the U.K. fraud squad in 2004. "About six months after I retired, I was contacted by an old source who said he was seeing a vast amount of credit card and other personal data being exchanged between criminals, and what could he do with it,'" Holder recalled. Many companies scour e-crime chat rooms and message boards for stolen data, and share that data with banks and companies

Attackers Target New Adobe Flash/Reader Flaw

In Latest Warnings

Adobe Systems Inc. said Tuesday it is investigating reports that attackers are exploiting a previously unknown security hole in its Acrobat, Flash and PDF Reader applications. Adobe's security advisory says the security weakness appears to affect Adobe Reader and Acrobat 9.1.2, as well as Adobe Flash Player 9 and 10.That's about the extent of the information provided by Adobe at this point. Meanwhile, Symantec says it has seen several instances of this vulnerability being exploited in targeted attacks -- such as those in which the attackers include a poisoned attachment in an e-mail that addresses the recipient by name.

China's Green Dam and the cyberwar implications

By Ryan Naraine on Zero-day attacks

Guest editorial by Oliver Day Chinese military leaders have always been aware of the military advantage the US has over the People’s Liberation Army.  Reading through their published assessments of Sino-US war possibilities confirm our belief that we would dominate them in the air, land and sea.  However the PLA was born of asymmetric warfare and [...]

The future of mobile malware - digitally signed by Symbian?

By Dancho Danchev on Mobile (In)Security

Earlier this month, a mobile malware known as Transmitter.C, Sexy View, Sexy Space or SYMBOS_YXES.B, slipped through Symbian’s mobile code signing procedure, allowing it to act as a legitimate application with access to device critical functions such as access to the mobile network, and numerous other functions of the handset. Upon notification, the Symbian Foundation quickly [...]

Adobe Flash zero-day attack underway; Harden PDF Reader immediately

By Ryan Naraine on Zero-day attacks

Malicious hackers have found a new vulnerability in Adobe’s ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets. The Adobe Flash Player flaw, which is currently unpatched, affects millions of Windows XP and Windows Vista users.  Adobe has acknowledged a “potential vulnerability” but, inexplicably, has not seen it fit to [...]

Surprise: Facebook Use Cuts Productivity at Work

A Nucleus Research study found that Facebook work in the workplace is cutting employee productivity.

TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

No comments:

Post a Comment

My Blog List