Zero Day
Tracking the hackers
Adobe plugs gaping holes in Flash Media Server
By Ryan Naraine on Web Applications
The patch addresses issues that allow an attacker to run malicious code on the affected system.
Cisco patches critical WebEx security holes
By Ryan Naraine on Zero-day attacks
Cisco WebEx WRF Player vulnerable to six code execution vulnerabilities.
Adobe PDF attack update: Patch coming Jan 12
By Ryan Naraine on Zero-day attacks
Adobe has finally provided official mitigation guidance and announced plans to ship a patch for this vulnerability on January 12th, 2010.
Yahoo! News: Security News
Security News
Hackers Hit OpenX Ad Server in Adobe Attack (PC World)
In technology
PC World - Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week.
AV-Comparatives Rates Anti-Malware Performance (PC Magazine)
In technology
PC Magazine - This week, AV-Comparatives.org released a performance test for anti-malware products that determines which offering has the lowest impact on system performance.
FBI probing cyber theft at Citibank: WSJ (AFP)
In politics
AFP - The US Federal Bureau of Investigation is probing an attack by suspected Russian computer hackers on Citigroup Inc. that resulted in the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday.
Obama Selects Tech Veteran for Top Cybersecurity Post (PC World)
In technology
PC World - Howard Schmidt was named as the White House's cybersecurity coordinator on Tuesday, a job that was reportedly difficult to fill as the U.S. strengthens its computer security defense.
Report: FBI probes hacker attack on Citigroup (AP)
In technology
AP - The FBI is investigating a hacker attack on Citigroup Inc. that led to the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday. The bank strenuously denied the report.
Report: Russian Gang Linked to Big Citibank Hack (PC World)
In technology
PC World - U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report.
Twitter hacked, attacker claims Iran link (Reuters)
In technology
Reuters - A computer hacker briefly hijacked Twitter.com on Thursday, redirecting users to a website and claiming to represent a group calling itself the Iranian Cyber Army.
Norton, PC Tools Top Real-World Malware Test (PC Magazine)
In technology
PC Magazine - AV-Test.org on Thursday released the results of a lengthy real-world malware protection study, dynamic testing that put a number of shipping security solutions through their paces.
Researcher Cures Poisoned BlackBerry With Kisses (PC World)
In technology
PC World - A security researcher in Asia has braved Internet worms and poisoned applets to rid BlackBerry smartphones of spyware with Kisses, a free software application.
Suspected NKoreans hack war plan for SKorea (AFP)
In technology
AFP - Computer hackers who may be from North Korea have gained access to a secret US-South Korean plan to defend the peninsula in case of war, the defence ministry said Friday.
Sex, hot online search topic for children: Norton (AFP)
In technology
AFP - Sex was a hot online search topic for children in 2009, according to findings released by Internet security specialty firm Norton.
Hacker seeks reduced sentence, citing Asperger's (AP)
In technology
AP - A computer hacker who was a force behind one of the largest cases of credit card theft in U.S. history says he has a developmental disorder and is asking for a reduced sentence.
China Jails Trojan Virus Authors in Cybercrime Crackdown (PC World)
In technology
PC World - A Chinese court Wednesday sentenced 11 members of a malware ring for writing and distributing Trojan horse viruses meant to steal online game account passwords, according to state media.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Admin Report Kit for Windows Server (ARK) - Voted WindowSecurity.com Readers' Choice Award Winner - Network Auditing Software
By info@WindowSecurity.com (The Editor)
Admin Report Kit for Windows Server (ARK) was selected the winner in the Network Auditing Software category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard and Altiris SecurityExpressions were runner-up and second runner-up respectively.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Reminder: Bejtlich Teaching at Black Hat DC 2010
By Richard Bejtlich
Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year.
First up is Black Hat DC 2010 Training on 31 January and 01 February 2010 at Grand Hyatt Crystal City in Arlington, VA.
I will be teaching TCP/IP Weapons School 2.0.
Registration is now open. Black Hat set five price points and deadlines for registration, but only these three are left.
- Regular ends 15 Jan
- Late ends 30 Jan
- Onsite starts at the conference
Seats are filling -- it pays to register early!
If you review the Sample Lab I posted earlier this year, this class is all about developing an investigative mindset by hands-on analysis, using tools you can take back to your work. Furthermore, you can take the class materials back to work -- an 84 page investigation guide, a 25 page student workbook, and a 120 page teacher's guide, plus the DVD. I have been speaking with other trainers who are adopting this format after deciding they are also tired of the PowerPoint slide parade.
Feedback from my 2009 sessions was great. Two examples:
"Truly awesome -- Richard's class was packed full of content and presented in an understandable manner." (Comment from student, 28 Jul 09)
"In six years of attending Black Hat (seven courses taken) Richard was the best instructor." (Comment from student, 28 Jul 09)
If you've attended a TCP/IP Weapons School class before 2009, you are most welcome in the new one. Unless you attended my Black Hat training in 2009, you will not see any repeat material whatsoever in TWS2. Older TWS classes covered network traffic and attacks at various levels of the OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.
I will also be teaching in Barcelona and Las Vegas, but I will announce those dates later.
I strongly recommend attending the Briefings on 2-3 Feb. Maybe it's just my interests, but I find the scheduled speaker list to be very compelling.
I look forward to seeing you. Thank you.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Favorite Speaker Quotes from SANS Incident Detection Summit
By Richard Bejtlich
Taking another look at my notes, I found a bunch of quotes from speakers that I thought you might like to hear.
- "If you think you're not using a MSSP, you already are. It's called anti-virus." Can anyone claim that, from the CIRTs and MSSPs panel?
- Seth Hall said "Bro is a programming language with a -i switch to sniff traffic."
- Seth Hall said "You're going to lose." Matt Olney agreed and expanded on that by saying "Hopefully you're going to lose in a way you recognize."
- Matt Olney also said "Give your analyst a chance." ["All we are sayyy-ing..."]
- Matt Jonkman said "Don't be afraid of blocking." It's not 2004 anymore. Matt emphasized the utility of reputation when triggering signatures, for example firing an alert when an Amazon.com-style URL request is sent to a non-Amazon.com server.
- Ron Shaffer said "Bad guys are following the rules of your network to accomplish their mission."
- Steve Sturges said "Snort 3.0 is a research project."
- Gunter Ollmann said "Threats have a declining interest in persistence. Just exploit the browser and disappear when closed. Users are expected to repeat risky behavior, and become compromised again anyway."
Thanks again to all of our speakers!
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Notes from Tony Sager Keynote at SANS
By Richard Bejtlich
I took a few notes at the SANS Incident Detection Summit keynote by Tony Sager last week. I thought you might like to see what I recorded.
All of the speakers made many interesting comments, but it was really only during the start of the second day, when Tony spoke, when I had time to write down some insights.
If you're not familiar with Tony, he is chief of the Vulnerability Analysis and Operations (VAO) Group in NSA.
- These days, the US goes to war with its friends (i.e., allies fight with the us against a common adversary). However, the US doesn't know its friends until the day before the war, and not all of the US' friends like each other. These realities complicate information assurance.
- Commanders have been trained to accept a certain level of error in physical space. They do not expect to know the exact number of bullets on hand before a battle, for example. However, they often expect to know exactly how many computers they have at hand, as well as their state. Commanders will need to develop a level of comfort with uncertainty.
- Far too much information assurance is at the front line, where the burden rests with the least trained, least experienced, yet well-meaning, people. Think of the soldier fresh from tech school responsible for "making it work" in the field. Hence, Tony's emphasis on shifting the burden to vendors where possible.
- "When nations compete, everybody cheats." [Note: this is another way to remember that with information assurance, the difference is the intelligent adversary.]
- The bad guy's business model is more efficient than the good guy's business model. They are global, competitive, distributed, efficient, and agile. [My take on that is the financially-motivated computer criminals actually earn ROI from their activities because they are making money. Defenders are simply avoiding losses.
- The best way to defeat the adversary is to increase his cost, level of uncertainty, and exposure. Introducing these, especially uncertainty, causes the adversary to stop, wait, and rethink his activity.
- Defenders can't afford perfection, and the definition changes by the minute anyway. [This is another form of the Defender's Dilemma -- what should we try to save, and what should we sacrifice? On the other hand we have the Intruder's Dilemma, which Aaron Walters calls the Persistence Paradox -- how to accomplish a mission that changes a system while remaining undetected.]
- Our problems are currently characterized by coordination and knowledge management, and less by technical issues.
- Human-to-human contact doesn't scale. Neither does narrative text. Hence Tony's promotion of standards-based communication.
Thanks again to Tony and our day one keynote Ron Gula!
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: White House appoints cybersecurity advisor
White House appoints cybersecurity advisor
Brief: Twitter investigates DNS hijack
Twitter investigates DNS hijack
News: Twitter attacker had proper credentials
Twitter attacker had proper credentials
News: PhotoDNA scans images for child abuse
PhotoDNA scans images for child abuse
Security Fix
Brian Krebs on computer and Internet security
Hackers exploit Adobe Reader flaw via comic strip syndicate
In Latest Warnings
Hackers broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat, Security Fix has learned. On Monday, Adobe Systems Inc. said it was investigating reports that criminals were attacking Internet users via a previously unknown security flaw in its Adobe Reader and Acrobat software. Experts warned that the flaw could be used to foist software on unsuspecting users who visit a hacked or booby-trapped Web site. Albany, N.Y.-based Hearst publication Timesunion.com now reports that on Thursday readers of its comics section began complaining of being prompted to download malicious software. In an update posted to its site, Timesunion.com said the attack took advantage of the recently disclosed Adobe flaw. The news outlet said it had traced the attack back to a problem at King Features, which serves comics on its Web site, and that
Twitter.com hijacked by 'Iranian cyber army'
In Latest Warnings
Hackers hijacked the Web site of micro-blogging community Twitter.com early Friday, briefly redirecting users to a Web page for a group calling itself the "Iranian Cyber Army." The attackers apparently were able to redirect Twitter users by stealing the credentials needed to administer the domain name system (DNS) records for Twitter.com. DNS servers act as a kind of phone book for Internet traffic, translating human-friendly Web site names like "Twitter.com" into numeric Internet addresses that are easier for computers to handle. "Twitter's DNS records were temporarily compromised but have now been fixed," the company said in a brief statement on its Web site. "We are looking into the underlying cause and will update with more information soon." Twitter's DNS service is provided by Manchester, N.H. based Dyn Inc. Tom Daly, chief technology officer at Dyn, said the incident was not the result of a security failure on its services. Daly
Security - RSS Feeds
Security - RSS Feeds
Rogue Antivirus Operations Thrive in 2009
From serving malicious ads to poisoning search engine results for recently deceased actress Brittany Murphy, rogue antivirus operations have been going strong all year long.
Obama Names Former Microsoft Exec Cyber-Security Chief
U.S. President Barack Obama has chosen Howard Schmidt to step into the role of cyber-security coordinator. Schmidt said he has been asked to focus on several areas, including the development of a comprehensive strategy to secure U.S. networks.
A Look Back at the 7 Top Security Acquisitions of 2009
Many IT pros watched their budgets get trimmed in 2009, but security was the one area that proved relatively resilient. That was good news for security companies, who did not sit still during the year. In the last 12 months, there were a number of acquisitions in the security space that gobbled up companies big and small. In a look back at the year soon to be in the history books, eWEEK lists the corporate acquisitions that caused the biggest ripples in the IT security industry.
- ...
Feds Again Delay REAL ID Deadline
Concern about holiday travelers from states that are not in compliance with the REAL ID Act prompts the Department of Homeland Security to extend the material compliance deadline. Without the extension, travelers without REAL ID would not have been allowed to board U.S. flights.
- Reality trumped regulations Dec. 18 as the Department of Homeland Security extended a deadline that would have required all travelers boarding airplanes to have driver's licenses that comply with the federal anti-fraud standards of the REAL ID law. quot;In order to ensure that the millions ...
Facebook Privacy: Just How Much Do Users Want?
Facebook's privacy changes have been widely debated during the past week. But just how much privacy users really want or care about on a social networking site is, in some ways, an open question.
- It hasnt been the best 10 days for Facebook. After instituting changes meant to improve user privacy, Facebook has been hit with a Federal Trade Commission complaint alleging the social networking site did the exact opposite. According to a host of consumer and privacy groups, Facebooks changes act...
New Twitter Attack Details Emerge
The attack that took down Twitter Dec. 17 used legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army. The incident underscores the importance for businesses of keeping an eye on DNS security.
Hackers Deface Twitter Site
UPDATED WITH IMAGE: Between about 10 p.m. and 11 p.m. Pacific time on Dec. 17, Twitter was replaced by a black background page showing a green flag with a headline that read, in English: Iranian Cyber Army ... This Website Has Been Hacked by Iranian Cyber Army. Twitter returned in about an hour.
Facebook Privacy Complaints Spur Call for FTC Investigation
The Electronic Privacy Information Center and nine other groups file a complaint with the Federal Trade Commission calling for an investigation into privacy on Facebook. The groups say Facebook's recent privacy and security changes exposed user information.
Seven Security Attacks for Your Christmas Stocking
`Tis the season to be jolly especially if you write malware or are looking for an ocean of victims to phish. Botnet activity, as usual, is up during the season, with spammers and attackers trying to take advantage of the explosion in cyber-commerce that accompanies Christmas season. At McAfee, researchers have already seen e-mails from the Cutwail botnet using a Christmas theme, including a campaign that tries to lure recipients to Websites selling fake jewelry and Rolex watches. The spammers even go so far as to include a Better Business Bureau logo and a McAfee Hacker Safe icon their site.
Dealing with Application Security Vulnerabilities
Statistics from Bit9 serve as a reminder of the importance of keeping application patches up-to-date in the enterprise.
- Applications vulnerabilities are the honey bringing attackers out of their hives. According to an analysis by Bit9, released Dec. 16, this year's list of applications with the most serious vulnerabilities had Adobe Reader, Acrobat, Flash Player and Shockwave at the top. For IT administrator...
Militants Hack Unencrypted Drone Feeds
The Pentagon admits that militants have hacked Predator drone feeds with widely available software that costs less than $30. However, U.S. military officials insist, there is no proof that the hackers have been able to alter the flights of the drones or otherwise disrupt the drone missions. The Pentagon says the feeds are now encrypted.
- Iraqi militants have used inexpensive, off-the-rack software quot;to intercept live video feeds from U.S. Predator drones, quot; the Wall Street Journal reported Dec. 17. While the Pentagon confirms the hacking of the drone feeds which are unencrypted military officials claim there is no proof t...
Adobe Reader, Acrobat Security Vulnerability Patch Coming as Attacks Continue
Adobe Systems plans to release a patch for a zero-day vulnerability in Adobe Reader and Acrobat that has come under attack. This is the second critical security vulnerability Adobe has promised users it will fix in the coming weeks.
- Adobe Systems is prepping a patch for a zero-day bug affecting its Reader and Acrobat software for release by Jan. 12. The vulnerability is considered critical by Adobe and impacts the latest versions of Adobe Reader and Acrobat for Windows, Macintosh and Unix systems. Earlier editions a...
Security
The Art of Technology
Brief: Malware makers colocate servers, grab IPv4 address blocks
By jtimmer@arstechnica.com (John Timmer) on Security
Malware distributors, apparently tired of facing the constant threats of disconnection, are taking advantage of lax background checks in the system for distributing IP address blocks and buying them directly. Address blocks, which cover a contiguous range of IP addresses, are typically reserved for legitimate institutions and businesses that can demonstrate a need for that sort of allocation. But, at the top level, there are only five regional registries, most of which cover large and culturally diverse geographic regions. That makes it difficult to confirm whether a given request comes from a legitimate organization, a problem that malware makers are using to their advantage.
These allegations against spammers and other online criminals were made in a recent article on Kaspersky Lab's Threat Post. According to its author, online crime is big enough business that it now makes financial sense for its perpetrators to colocalize hardware at server farms, set up a legitimate looking business address, and apply for blocks of IP addresses via a cooperative or indifferent local registry. When the application is received by the regional organization, it often lacks the ability to carefully vet them, or even understand the local business laws where the request originated.
It's still possible for ISPs to block access to a given allocation, but there are several ways to make that step more difficult, including mixing in some legitimate hosting within an address block and rotating among different allocations, among others. It also relies on the legitimate ISPs expending the time and effort to identify and block traffic. In any case, the practice chews through the increasingly scarce pool of unallocated IPv4 addresses.
The article is a bit confused in spots; it suggests that the malware authors are acting as their own ISPs (they're not) and suggests it's useful for botnet herders (they count on other peoples' computers to do the heavy lifting). But it does provide yet another example of how, since various forms of malware have become big sources of income, the line between that and legitimate business has become increasingly blurry.
etc: The bad guys are targeting VoIP at an increasing rate. A ...
In @etc
The bad guys are targeting VoIP at an increasing rate. A report from McAfee says the number of VoIP vulnerabilities has tripled over the past three years.
Read More:Fierce VoIP, Infosecurity
Decline in Web, increase in P2P attacks predicted for 2010
By jacqui@arstechnica.com (Jacqui Cheng) on security
Cybercriminals have already begun shifting their focus from websites to file-sharing networks when it comes to dispensing malware, and will continue with this trend throughout 2010. Security researchers at Kaspersky Labs predict that malicious applications, such as fake antivirus programs, will be on the decline next year as attacks over P2P go up, while more criminals look to target victims via mobile platforms.
In its 2010 Cyberthreat Forecast, Kaspersky Lab said that it expects an increase in mass malware epidemics over P2P networks. 2009 saw a series of mass malware epidemics that were not caused by, but supported by files that were spread over P2P networks. "This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X," the researchers said.
iPhone worm code suggests mobile botnets may be future risk
By chris.foresman@arstechnica.com (Chris Foresman) on smartphone
So far, what little malware has been released for the iPhone has only affected the small percentage of folks who jailbreak and leave an SSH daemon running with the default root passwords. While some of these programs have been nothing but harmless pranks, a malicious version that attempted to create an iPhone botnet has been analyzed by researchers, leading them to conclude that mobile phones could quickly become a major target for malware writers.
The worms all started when a Dutch hacker decided to use port scanning to find iPhones with open SSH ports and default root passwords. He wrote a little program that would change the wallpaper to look as though a somewhat official-looking warning box had opened, which warned the user about running open SSH ports with default passwords. An Australian hacker then used the technique to create a worm that was self-replicating.
Feature: How to obtain and install an SSL/TLS certificate, for free
By glenn@glennf.com (Glenn Fleishman) on @bieb
Anyone operating a server on any scale should want a digital certificate to encrypt data between clients and services, whether for personal, office, or public use. That's a broad statement, but it holds true no matter how you slice it.
With so many people accessing networks over WiFi or other untrusted networks for an increasing number of different kinds of services—calendars, contacts, Webmail, email, and so on—encryption is a must, whether via a VPN or by securing services one by one. While I recommend VPNs, they aren't always the practical, affordable, or correct solution. For remote email access, SSL/TLS is simpler and more straightforward, and you don't have to compromise on protection in the process.
etc: Twitter was apparently hacked by the "Iranian Cyber ...
In @etc
Twitter was apparently hacked by the "Iranian Cyber Army" Thursday night according to a message on the site. The company says the problem was its DNS records being "temporarily compromised."
etc: The Twitter website was defaced on Thursday night and rep...
In twitter
The Twitter website was defaced on Thursday night and replaced with a political message posted by a group that calls itself the Iranian Cyber Army. Shortly after the site was restored to normal, Twitter issued a statement confirming that its DNS records were compromised.
etc: The effectiveness of the US military's pilotless drone op...
In @etc
The effectiveness of the US military's pilotless drone operations is being threatened, according to a report. The culprit is a $26 software package used by militants to intercept the drones' live video feeds.
SecuriTeam
Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
APC Switched Rack PDU XSS Vulnerability
The APC Switch RACK PDU web administration login page is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
HP-UX Running OpenSSL Unauthorized Data Injection and Denial of Service
A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
Family Connections Multiple Remote Vulnerabilities
Many fields are not properly sanitised and some checks can be bypassed.
VideoCache vccleaner Root Vulnerability
VideoCache is a Squid URL rewriter plugin written in Python for bandwidth optimization while browsing video sharing websites. Version 1.9.2 allows a user with the privileges of the Squid proxy server to append semi-arbitrary data to arbitrary files with root privileges, upon the administrator's execution of the 'vccleaner' utility.
QuickHeal Antivirus 2010 Local Privilege Escalation
All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Security industry praises Schmidt but sees challenges ahead
By Robert Westervelt
President Obama's choice for cybersecurity coordinator is being widely praised, but experts say he has major hurdles to overcome.
Howard Schmidt expected to be named cybersecurity coordinator
By Michael Mimoso
Former Bush administration cybersecurity advisor Howard Schmidt is expected to be named cybersecurity coordinator.
Howard Schmidt named cybersecurity coordinator
By Michael Mimoso
Former Bush administration cybersecurity advisor Howard Schmidt is expected to be named cybersecurity coordinator.
Adobe warns of critical Flash Media Server vulnerability
By Robert Westervelt
Adobe issues update correcting two critical flaws in Flash Media Server 3.5.2 and earlier versions.
Cloud Security Alliance releases updated guidance
By Marcia Savage
New version provides more actionable advice for ensuring cloud computing security
Conficker-infected machines now number 7 million, Shadowserver finds
By Robert Westervelt
Despite inactivity, the number of bots created by the fast spreading Conficker/Downadup worm is in the millions, according to the Shadowserver Foundation, which monitors botnets.
SANS NewsBites
All Stories From Vol: 11 - Issue: 100
US Military Drone Surveillance Video Intercepted (December 17, 2009)
With the help of hackers and USD 26 piece of software, Iraqi militants have reportedly managed to intercept live video feeds from US Predator drones.......
EPIC Files FTC Complaint Over Facebook Privacy Changes (December 17, 2009)
The Electronic Privacy Information Center (EPIC) has filed a formal complaint with the US Federal Trade Commission (FTC) over Facebook's recent decision to change its default privacy settings to make more information about Facebook members public; if users want to limit who can see information about them, they must make those changes manually.......
Eleven Sentenced to Jail For Stealing Online Gaming Account Credentials (December 16 & 17, 2009)
Chinese authorities have jailed 11 people for their roles in a scheme that aimed to steal online gaming login credentials.......
Conficker on 6.5 Million Machines Worldwide (December 17, 2009)
According to information from Shadowserver, one in seven computers infected with Conficker are hosted on Chinese Internet service provider (ISP) Chinanet.......
Conficker Infects New Zealand Hospital Computer System (December 16 & 17, 2009)
The Conficker worm is believed to be responsible for a malware infestation of computer network at the Waikato District Health Board in New Zealand.......
Heartland Will Pay American Express US $3.6 Million to Settle Breach-Related Charges (December 17, 2009)
Heartland Payment Systems has agreed to pay American Express US $3.......
House Ethics Committee Data Leak Prompts Security Policy Changes (December 16, 2009)
US House of Representatives chief administrative officer Daniel P.......
Stolen Laptop Holds Military and DoD Employee Information (December 16, 2009)
A laptop computer stolen from the home of a Fort Belvoir Family and Morale, Welfare and Recreation Command contains personally identifiable information of more than 42,000 US Army soldiers, US Department of Defense employees and their families.......
Facebook Sues Alleged Spammers (December 16 & 17, 2009)
Facebook has filed a lawsuit against three men and their associated companies for allegedly using phishing attacks to gain access to Facebook accounts and then using the compromised accounts to send spam.......
Adobe Will Patch Critical Reader and Acrobat Flaw in January (December 15, 16 & 17, 2009)
A recently disclosed critical vulnerability in Adobe Reader and Adobe Acrobat has prompted recommendations that users disable JavaScript in both programs until a fix is available.......
Mozilla Updates Firefox (December 16, 2009)
On Tuesday, December 15, Mozilla released Firefox 3.......
Minnesota Public Radio and Reporter May Face Legal Action Over Data Access (December 15, 2009)
A Texas company is threatening to take legal action against a Minnesota Public Radio (MPR) and one of its reporters after they aired a story about security problems at the company that exposed sensitive personal information.......
SANS Internet Storm Center, InfoCON: green
Merry Festivus: Commence the "Airing of Infosec Grievaces", (Wed, Dec 23rd)
In honor of today's holiday, Festivus (for those familiar with Seinfeld). ...(more)...
Blackberry Outage, (Wed, Dec 23rd)
UPDATED 6:00AMCST (bambenek) - It appears Blackberry's network is back up. The outage af ...(more)...
Tell us about your Christmas Family Emergency Kit, (Wed, Dec 23rd)
If you read this diary, then you are probably one of those people who will be asked to fix various f ...(more)...
Howard Schmidt named as new Cybersecurity Coordinator, (Tue, Dec 22nd)
The White House announced this morning that Howard Schmidt was named as the first White House Cybers ...(more)...
There is no such thing as a free lunch ., (Mon, Dec 21st)
An ISC reader wrote in alerting us to unconfirmed reports that organizations and some government age ...(more)...
iPhone Botnet Analysis, (Mon, Dec 21st)
SRI's Malware Threat Center has published an excellent analysis of the iPhone botnet that we covered ...(more)...
Educationing Our Communities, (Sat, Dec 19th)
A few weeks ago it was my pleasure to talk to a group of young people who were participating in a pr ...(more)...
Frustrations of ISP Abuse Handling , (Sat, Dec 19th)
I am the Abuse Coordinator for a small ISP in the Midwest and am very receptive and proactive when d ...(more)...
Wireshark 1.2.5 released - including three security fixes , (Fri, Dec 18th)
...(more)...
Twitter outage via DNS hijacking, (Fri, Dec 18th)
A number of diary readers have submitted that the popular micro blogging site, Twitter.com has been ...(more)...
PHP 5.2.12 has been released; contains security fixes. See http://www.php.net, (Thu, Dec 17th)
...(more)...
In caches, danger lurks, (Thu, Dec 17th)
When ISC reader Greg searched for a particular piece of information, and found the site hosting the ...(more)...
overlay.xul is back, (Thu, Dec 17th)
It's been a while. If I remember correctly, a variant of Vundo was using the overlay ...(more)...
SANS Information Security Reading Room
Last 25 Computer Security Papers added to the Reading Room
Securing the Network Perimeter of a Community Bank
Category: Firewalls & Perimeter Protection
Paper Added: December 17, 2009
The Register - Security
Biting the hand that feeds IT
Hackers break Amazon's Kindle DRM
The great ebook 'unswindle'
Updated Hackers from the US and Israel say they have broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices.…
Serious web vuln found in 8 million Flash files
XSS R Us
A security researcher has identified more than 8 million Adobe Flash files that make the websites hosting them vulnerable to attacks that target visitors with malicious code.…
Schmidt named Obama cybersecurity czar
Months long wait finally over
Howard Schmidt was confirmed as President Obama's cybersecurity czar on Tuesday, confirming an earlier prediction by AP that the long vacant role was about to be filled.…
iPhone worms can create mobile botnets
Paranoid, and not just about Android
A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks.…
Microsoft AV advice may aid attackers, researcher warns
Better performance. But at what cost?
A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware.…
Intel patches critical security bug in vPro software
Silicon-based bypass
Intel has released a patch for its series of silicon-based security protections after researchers from Poland identified flaws that allowed them to completely bypass the extensions.…
Closeted lesbian sues Netflix for privacy invasion
'Brokeback Mountain factor'
An in-the-closet lesbian mother has sued Netflix for publishing data that she believes could be used to out her.…
WinAmp update fades out critical media player flaws
This one goes up to 5.57
WinAmp users ought to upgrade following the discovery of multiple security vulns affecting the popular media player.…
Scareware scammers exploit Brittany Murphy's death
Cyber footpads poison more interweb searches
Actress Brittany Murphy's sudden death, just like Michael Jackson's untimely demise before her, has quickly been exploited by scareware scammers.…
Twitter hack linked to internal security breach
Cyber-reprisal for Iranian election support
Twitter's login credentials were used to make DNS changes that redirected surfers to a protest site last Friday, according to site admins.…
UK retail Wi-Fi security still patchy
War walk on the wild side
Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist.…
Heartland to pay Amex $3.6m for massive payment breach
Thanks, 'Segvec'
Heartland Payment Systems will pay American Express $3.6m to settle claims related to the criminal breach of its payment processing network last year.…
Return of MP3 spam punts penis pill sites
When Harry Met Spammy
MP3 spam has made an unwelcome return, two years after the tactic was first used to spamvertise products and services.…
DNS attack hijacks Twitter
#wtf
A DNS hijacking attack left Twitter temporarily affected for about an hour early on Friday.…
Film review site hacked to spew malicious PDFs
Aintitcool.com attack isn't
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file.…
Watchdog files complaint over Facebook 'privacy' settings
EPIC violation of user expectation
The Electronic Privacy Information Center (EPIC) has filed a formal complaint with the US Federal Trade Commission over Facebook's recent changes to user privacy settings, claiming the changes are in violation of consumer-protection law.…
Iraqi insurgents hack US drones with $26 software
Video feed intercept
Updated Iraqi militants are intercepting sensitive video feeds from US predator drones using $26 off-the-shelf software, and the same technique leaves feeds from most military aircraft vulnerable to snooping, according to published reports.…
China cages game Trojan hackers
Go directly to jail, do not collect any gold
Chinese authorities have sentenced 11 members of a malware gang to long stretches behind bars, after the group was convicted of creating and distributing Trojans designed to steal the login credentials of online gamers.…
RockYou admits security snafu exposed email login details
Suitably contrite over 32m credential breach
Social media application developer RockYou has vowed to improve its security and apply encryption following a breach that exposed 32 million user login credentials to hackers.…
Facebook sues social network spammers
Alleged anti-social behaviour provokes lawsuit
Facebook has launched lawsuits against a trio of alleged high profile hijackers and spammers.…
Secure USB drive relies on recognising faces
Works as a bottle opener too
Portable data security has stepped up a notch following one manufacturer’s decision to pair a USB Flash drive with facial recognition technology.…
Conficker jams up developing interwebs
Uber-botnet already used to sling scareware
The infamous Conficker worm has disproportionally affected computer systems in the developing world, according to new research.…
Adobe: critical Acrobat flaw fix 4 weeks away
Batten down the hatches
Users of Adobe's Acrobat and Reader programs have a full four weeks to fret over a critical flaw that's being exploited in the wild to install malware on vulnerable machines.…
Uni warns patients after doctor gets phished
Cautionary tale ad infinitum
Officials at the University of California at San Francisco have warned 600 patients that their medical information may have been leaked by a doctor who fell for a phishing scam.…
Network World on Security
The latest security news, analysis, reviews and feature articles from NetworkWorld.com.
Virtualization security remains a work in progress
While adoption of server virtualization is proceeding at a gallop, the effort to refine virtualization security reached only a slow trot in 2009.
New Zealand spammer fined $210,000
A New-Zealand man has been fined $210,000 for breaching the Spam Act 2003 in a case brought by the Australian Communications and Media Authority (ACMA) in the Federal Court of Brisbane.
International airports to get new ePassport readers
Up to 400 new ePassport document readers will be rolled out across Australia’s airports as part of an Australian Customs and Border Protection Service IT upgrade.
Obama cyber czar choice worries about smartphones, social networking
In choosing Howard Schmidt as cyber czar President Obama has gotten someone who has held a similar job in a previous administration, has varied experience at high-level corporate jobs, was a frequent panelist at security conferences and who has even written a book on defending the Internet.
Schmidt Tapped as White House Cybersecurity Coordinator
An administration official told CSOonline.com Monday night that IT security veteran Howard Schmidt will be the new White House cybersecurity coordinator, a position President Obama created seven months ago.
Report: Russian gang linked to big Citibank hack
U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report.
Microsoft's 'whitelist' helps hackers, says Trend Micro
By recommending that users exclude some file extensions and folders from antivirus scans, Microsoft may put users at risk, a security company said today.
Virtual insecurity: Who's in control of your virtual machines?
Server virtualization has reached an inflection point in the enterprise at the 10-year mark. Capital expense savings from physical server consolidation are leveling off and early gains in IT operational efficiency are at risk due to rapidly growing and increasingly complex virtual infrastructures. Moreover, business-critical production applications -- the next virtualization frontier -- demand higher levels of service and strict security and compliance oversight, further challenging IT operations teams.
Federal Government to streamline online authentication
The Federal Government has moved to streamline the use of authentication tools among departments and agencies.
Big Budget Cuts Don't Mean the End of Staff Training
A resourceful CISO arranges low-cost training for his staff by working with a local security company. Another tip: Take a cop to lunch.
Ten 2010 IT Security Predictions, Part 2
Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and the folks from ICSA Labs, a vendor-neutral testing and certification lab, offer 10 predictions for security in 2009. (Second of 2 parts).
How to protect your cloud data
The Cloud Security Alliance has taken a second run at creating recommendations for businesses to follow in order to better secure cloud services.
Twitter's own account caused blackout, says DNS provider
Hackers redirected Twitter.com's traffic to a rogue Web site for more than an hour early today by accessing its DNS records using an account assigned to Twitter, the company that manages Twitter's DNS servers said today.
Whitelisting made strides in 2009
When McAfee bought Solidcore, it was a clear sign that whitelisting is gaining acceptance. But not all users are happy about the trend.
Google’s Dashboard Approach to Privacy
If you use Gmail, Google Calendar, Google Docs, or any of the ever-growing array of Google services, you may have cringed at the trove of personal data the company has gathered. To allay concerns, Google launched Dashboard, a single page housing privacy controls and settings for most of its services.
Don't Lose Everything When You Lose a Laptop
The FireFound add-on for the Firefox browser adds tracking and remote wipe features that can help with lost or stolen computers.
Bugs and Fixes: Zero-Day Patch for Internet Explorer 6 or 7
A dangerous vulnerability in Internet Explorer 6 and 7 became publicly known before a fix was available, raising the specter of a high-risk zero-day attack.
Drone incident serves up data encryption lesson
The disclosure that Iraqi insurgents were able to intercept live video feeds from U.S. drones has focused the spotlight on a familiar IT security issue: data encryption.
Adobe explains PDF patch delay
Adobe chose to wait until mid-January to patch a critical PDF bug because issuing an emergency update would have disrupted its quarterly security update schedule, the company said today.
Security heavyweights predict 2010 threats
Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Plus, Info-Tech on security trends.
Twitter Goes Down: Apparently Hacked?
In case you haven't already noticed, Twitter went down for a while late Thursday night, Pacific Standard Time. Although as of this writing, all Twitter has acknowledged is "an unplanned downtime," there are various reports streaming in that Twitter was hacked by a group claiming to be the "Iranian Cyber Army."
Twitter's Love-Hate Relationship With Iran
On the early hours of Friday morning, the Iranian Cyber Army claimed it has hacked into Twitter. The microblogging site was down for nearly an hour, leaving millions in the eastern hemisphere tweetless. The reasoning behind this attack is suspicious, especially as Twitter was a core tool this summer for Iranian protesters to put their story out.
Upgraded Dutch payment card still vulnerable to relay attack
New security features being implemented into Dutch payment cards won't stop a kind of attack that fraudsters could use in the future in order to steal money from bank accounts, according to researchers at the University of Cambridge in the U.K.
Facebook Target of FTC Privacy Complaint
Ten privacy groups have filed a complaint with the Federal Trade Commission over recent changes to Facebook's privacy policy.
Heartland pays Amex $3.6 million over 2008 data breach
Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network.
Researcher cures poisoned BlackBerry with Kisses
A security researcher in Asia has braved Internet worms and poisoned applets to rid BlackBerry smartphones of spyware with Kisses, a free software application.
Hackers take Twitter offline
Microblogging site Twitter went offline for a while Friday after hackers calling themselves the Iranian Cyber Army apparently managed to change DNS records, redirecting traffic to another Web page.
Cloud Security Alliance issues new guidelines
The Cloud Security Alliance published the second edition of its guidelines for secure cloud computing on Thursday, delivering a voluminous document that sets out an architectural framework and makes a host of recommendations around cloud security.
Privacy groups bring Facebook complaints to FTC
Ten privacy and consumer groups, including the Electronic Privacy Information Center (EPIC), filed a complaint Thursday with the U.S.Federal Trade Commission, saying that Facebook's newly revamped privacy settings are deceptive and unfair.
Facebook Privacy Complaint Ignites War of Words
A high-profile electronic privacy group filed a federal complaint against Facebook on Thursday -- and now, Facebook is lashing back.
Patch Management Made Easy with WSUS 3.0 SP2
One of the challenges that comes with running a network is keeping your operating systems patched and secure. In response to this problem, Microsoft has released Windows Server Update Service 3.0 SP2 as a means to centrally download updates and control how they are deployed to the computers throughout your network. Additionally, WSUS provides extensive reporting features to quickly give you a snapshot of your computers' status. If your network is big enough to have a server and use Active Directory, it's big enough to benefit from using WSUS.
Cyber criminals eye file sharing networks: Kaspersky Lab
This year is on its way out and seemingly cyber criminals are also planning their year ahead. Secure content management solutions developer Kaspersky Lab has outlined the threats it expects to see in 2010 as a result of cyber criminal activity.
The 2009 data breach hall of shame
If there was anything even vaguely comforting about the data breaches that were announced this year, it was that many of them stemmed from familiar and downright mundane security failures.
Is Backing Up Online Safe?
After reading When the Backup Drive Gets Full, LaTonya Powell asked whether online backup services such as Mozy (which I recommended in that tip) are really secure.
China jails Trojan virus authors in cybercrime crackdown
A Chinese court Wednesday sentenced 11 members of a malware ring for writing and distributing Trojan horse viruses meant to steal online game account passwords, according to state media.
Chinese ISP hosts 1 in 7 Conficker infections
Security experts have known for months that some countries have had a harder time battling the Conficker worm than others. But thanks to data released Wednesday by Shadowserver, a volunteer-run organization, they now have a better idea of which Internet Service Providers have the biggest problem.
McAfee Avert Labs
Cutting edge security research as it happens.......
Hacker’s Holiday – A Viral Video!
By Shane Keats on Uncategorized
Ketchup stains. Klingons. Exploding monitors. They’re all part of our fiendishly clever new music video, Hacker’s Holiday. Pity poor Tiny Tim. He gets a shiny new PC for Christmas and doesn’t both to protect it. Well, you can guess the rest. A few short days later (12 days maybe?) his PC is ready for the [...]
Hacker’s Holiday: A Viral Music Video
By Shane Keats on Web and Internet Safety
Ketchup stains. Klingons. Exploding monitors. They’re all part of our fiendishly clever new music video, Hacker’s Holiday. Pity poor Tiny Tim. He gets a shiny new PC for Christmas and doesn’t both to protect it. Well, you can guess the rest. A few short days later (12 days maybe?) his PC is ready for the [...]
Check Your Friends! Facebook IMs May Lead To Trouble
By David Marcus on Web and Internet Safety
I ran into a few strange IMs over the weekend. When I was not shoveling out my driveway from the 15 inches of snow that covered it I was logged into Facebook telling people about it…. It was then that I started receiving some VERY interesting IMs from a friend extolling the virtues of a [...]
Brittany Murphy Searching Dangers
By David Marcus on SiteAdvisor
Sadly, actress Brittany Murphy passed away over the weekend. With her unfortunate passing will come the inevitable web searches that lead Internet users to some potentially unsafe sights. This has been a well established trend throughout 2009. It is a sad reflection that malware authors and scammers will use these events as lures to distribute [...]
Conficker Again in the News, Part 2
By Francois Paget on Web and Internet Safety
Yesterday, my colleague Dave Marcus quoted for you the new graphs and stats posted by Shadowserver. Indeed, since November 2008, W32/Conficker (alias Downup, Downadup, Kido) has frequently made headlines. This computer worm has five main variants, which have appeared during the last year. Wikipedia lists the dates: A variant: First appeared 21 November 2008 B [...]
McAfee Labs Report on VoIP Vulnerabilities
By David Marcus on Vulnerability Research
Voice over Internet Protocol (VoIP) is a method for making phone calls over the Internet or using private networks. Traditional phone calls must travel over a series of switches and circuits owned by the telephone companies, which control the process and the charges. By using VoIP, both businesses and individuals can enjoy a substantial cost [...]
InSecurity Complex
Keeping tabs on flaws, fixes, and the people behind them.
Web-based Lookout protects mobile devices, data
By Elinor Mills
Lookout offers data security, backup, and management over the Web and a way to locate and protect missing or stolen devices.
Using Facebook and Twitter safely
By Elinor Mills
Share a lot? Here's a guide to the security and privacy problems that users of Facebook and Twitter encounter, and what they can do about it.
Firefox, Adobe top buggiest-software list
By Elinor Mills
Open-source Firefox reports all holes, putting it at the top of the list for bug reports, while Adobe replaces Microsoft in the second spot, reports find.
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
Citigroup, Law Enforcement Refute Cyber Heist Report
Posted by InfoSec News on Dec 22
http://www.pcworld.com/businesscenter/article/185334/citigroup_law_enforcement_refute_cyber_heist_report.html
By Jeremy Kirk and Robert McMillan
IDG News Service
December 22, 2009
Citigroup and a federal law enforcement source on Tuesday refuted a
claim that the bank's customers lost millions of dollars in an advanced
cyber heist over the summer, leaving lingering questions over details of
the alleged attack.
According to a report in...
Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack
Posted by InfoSec News on Dec 22
http://www.wired.com/threatlevel/2009/12/stephen-watt
By Kim Zetter
Threat Level
Wired.com
December 22, 2009
The two great friends talked every day and shared information about all
of their exploits - sexual, narcotic and hacking - according to
prosecutors. Now another thing they’ll have to share information about
is their experience in federal prison.
While accused TJX hacker kingpin Albert Gonzalez awaits a possible
sentence of 17...
Serious web vuln found in 8 million Flash files
Posted by InfoSec News on Dec 22
http://www.theregister.co.uk/2009/12/22/mass_flash_file_vulnerability/
By Dan Goodin in San Francisco
The Register
22nd December 2009
A security researcher has identified more than 8 million Adobe Flash
files that make the websites hosting them vulnerable to attacks that
target visitors with malicious code.
The Flash files are contained on a wide variety of sites operated by
online casinos, news organizations, banks, and professional...
Obama to name Howard Schmidt as cybersecurity coordinator
Posted by InfoSec News on Dec 22
http://www.washingtonpost.com/wp-dyn/content/article/2009/12/21/AR2009122103055.html
By Ellen Nakashima
Washington Post Staff Writer
December 22, 2009
Seven months after President Obama vowed to "personally select" an
adviser to orchestrate the government's strategy for protecting computer
systems, the White House will name a former Bush administration official
to the job Tuesday.
Howard A. Schmidt, who was a cyber-adviser in...
IDF bolstering computer defenses
Posted by InfoSec News on Dec 21
http://www.jpost.com/servlet/Satellite?cid=1260930892360&pagename=JPost%2FJPArticle%2FShowFull
By YAAKOV KATZ
The Jerusalem Post
Dec 18, 2009
In the face of a growing cyber warfare threat, the IDF is beefing up its
defenses against enemy hackers.
The IDF operates a number of units - in Military Intelligence and the
IDF's Computer Services Directorate - which are jointly responsible for
defending the IDF as well as other intelligence...
Call for Papers: The 5th International Conference for Internet Technology and Secured Transactions (ICITST-2010)
Posted by InfoSec News on Dec 21
Fowarded from: d.lin (at) icitst.org
*********************************************************************
The 5th International Conference for Internet Technology and
Secured Transactions (ICITST-2010), Technical Co-Sponsored
by IEEE UK/RI Communications Chapter, November 8-11, 2010, London, UK
(www.icitst.org)
*********************************************************************...
Attack Of The RAM Scrapers
Posted by InfoSec News on Dec 21
http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222002720
By Keith Ferrell
DarkReading
Dec 18, 2009
The inclusion of RAM scrapers in a recent Verizon Business list of the
top data breach attack vectors has prompted a bit of buzz about what
exactly RAM scraping is and how much of a threat it poses.
A RAM scraper as identified in the Verizon Business Data Breach
Investigation report is a piece...
Tips for providing low-cost security training
Posted by InfoSec News on Dec 21
http://www.computerworld.com/s/article/345792/Big_Budget_Cuts_Don_t_Mean_the_End_of_Staff_Training?taxonomyId=17
By Julia King
Computerworld
December 21, 2009
At the height of the recession, Providence Health & Services in Seattle
whacked its IT training budget by a hefty 65%. That meant conferences
and most tuition-based classroom training were out of the question. So
Eric Cowperthwaite, the health service provider's chief information...
TJX Hacker 'Will Never Commit Any Crime Again'
Posted by InfoSec News on Dec 21
http://www.wired.com/threatlevel/2009/12/gonzalez-remorseful/
By Kim Zetter
Threat Level
Wired.com
December 18, 2009
Confessed hacker Albert Gonzalez's turn as a Secret Service informant
led him down a dark path of obsession, culminating in the largest
identity-theft spree in history.
Frances Gonzalez Lago, Gonzalez’s sister, wrote his sentencing judge
that her brother’s work as an informant for the agency between 2003 and
and 2008...
N.Korea 'Hacks into S.Korea-U.S. Defense Plans'
Posted by InfoSec News on Dec 18
http://english.chosun.com/site/data/html_dir/2009/12/18/2009121800317.html
The Chosun Ilbo
Dec. 18, 2009
Suspected North Korean hackers may have gained access to a war plan
devised by South Korea and the U.S. in preparation for an emergency,
including details of specific operational scenarios, intelligence
agencies believe.
According to the January issue of the Monthly Chosun published Friday,
the National Intelligence Service and the...
Sci-fi reviews site hacked to spew malicious PDFs
Posted by InfoSec News on Dec 18
http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/
By Dan Goodin in San Francisco
The Register
18th December 2009
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that
redirected anyone visiting the movie review site to a server containing
a malicious Adobe Reader file.
The attack targeted a vulnerable PHP script on one of AICN's servers
that automatically appended the malicious link to banner ads served...
Heartland pays Amex $3.6M over 2008 data breach
Posted by InfoSec News on Dec 18
http://www.computerworld.com/s/article/9142448/Heartland_pays_Amex_3.6M_over_2008_data_breach?taxonomyId=17
By Robert McMillan
IDG News Service
December 17, 2009
Heartland Payment Systems will pay American Express $3.6 million to
settle charges relating to the 2008 hacking of its payment system
network.
This is the first settlement Heartland has reached with a card brand
since disclosing the incident in January of this year.
The U.S....
Twitter hijacked by 'Iranian Cyber Army'?
Posted by InfoSec News on Dec 18
http://news.cnet.com/8301-1023_3-10418140-93.html
By Steven Musil
Digital Media
CNet News
December 17, 2009
Updated at 11:15 p.m. PST to include comment from witness and reflect
Twitter.com accessible again.
Twitter.com was down Thursday evening, and there is a suggestion that
the microblogging site may have been hacked or the victim of a DNS
hijacking.
The site, which was inaccessible for about an hour starting around 10
p.m. PST, was...
Scores of Scottish ministers' files lost or stolen
Posted by InfoSec News on Dec 18
http://www.telegraph.co.uk/news/newstopics/politics/scotland/6827331/Scores-of-Scottish-ministers-files-lost-or-stolen.html
By Simon Johnson
Scottish Political Editor
Telegraph.co.uk
17 Dec 2009
Policy documents belonging to SNP ministers have also been lost in the
post, stolen from a Holyrood conference room and left on a train and in
a car park.
The litany of lost information has been revealed for the first time, and
includes data that...
Secunia Weekly Summary - Issue: 2009-51
Posted by InfoSec News on Dec 18
========================================================================
The Secunia Weekly Advisory Summary
2009-12-10 - 2009-12-17
This week: 117 advisories
========================================================================
Table of Contents:
1.....................................................Word From...
Hacker hit community college system
Posted by InfoSec News on Dec 18
http://www.newsobserver.com/news/crime_safety/story/246272.html
By Kristin Collins
Staff writer
Newsobserver.com
December 17, 2009
Patrons of the state's community colleges may have had their drivers
license and Social Security numbers stolen by a hacker.
College officials announced late today that 51,000 library users at 25
campuses, including Wake Tech and Johnston County, were the victims of a
security breach in August.
They said the...
Document Reveals TJX Hacker’s Assistance to Prosecutors
Posted by InfoSec News on Dec 17
http://www.wired.com/threatlevel/2009/12/gonzalez-memo/
By Kim Zetter
Threat Level
Wired.com
December 15, 2009
Admitted TJX hacker Albert Gonzalez has identified two Russian
accomplices who helped him hack into numerous companies and steal more
than 130 million credit and debit card numbers.
Gonzalez told prosecutors that the hackers breached at least four card
processing companies, as well as a series of foreign banks, a brokerage
house...
Spymaster sees Israel as world cyberwar leader
Posted by InfoSec News on Dec 17
http://www.reuters.com/article/idUSTRE5BE30920091215
By Dan Williams
TEL AVIV
Reuters
Dec 15, 2009
TEL AVIV (Reuters) - Israel is using its civilian technological advances
to enhance cyberwarfare capabilities, the senior Israeli spymaster said
on Tuesday in a rare public disclosure about the secret program.
Using computer networks for espionage -- by hacking into databases -- or
to carry out sabotage through so-called "malicious...
FW: DHS Holds Virtual Job Fair to Expand Cyber Workforce
Posted by InfoSec News on Dec 17
Forwarded from: Jeff Moss <jmoss (at) blackhat.com>
Thought I would pass this on to everyone on InfoSec News, it’s the
follow up to the announcement of DHS getting authority to hire up to
1,000 more people in security.
-- Jeff Moss
------
DHS Holds Virtual Job Fair to Expand Cyber Workforce
Secretary Napolitano on Friday announced the launch of a virtual job
fair at www.dhs.gov/cyberjobfair to recruit cybersecurity experts --...
Texas company lays out 'hacking' case against Minnesota Public Radio
Posted by InfoSec News on Dec 17
http://www.minnpost.com/braublog/2009/12/15/14315/texas_company_lays_out_hacking_case_against_minnesota_public_radio
By David Brauer
minnpost.com
Dec 15 2009
Do Minnesota Public Radio and reporter Sasha Aslanian realistically face
civil and criminal penalties after uncovering a Texas firm’s security
breaches involving state of Minnesota job-seeker data?
Lookout Services - which acknowledges an October security breach and
subsequent...
Five Things You Need to Know About Social Engineering
Posted by InfoSec News on Dec 17
http://www.networkworld.com/news/2009/121609-five-things-you-need-to.html
By Robert McMillan
IDG News Service
December 16, 2009
SOCIAL ENGINEERING IS GROWING UP. Social engineering, the act of
tricking people into giving up sensitive information, is nothing new.
Convicted hacker Kevin Mitnick made a name for himself by cold-calling
staffers at major U.S. companies and talking them into giving him
information. But today's criminals are...
CFP: Workshop on Collaboration and Security (COLSEC'10)
Posted by InfoSec News on Dec 17
Forwarded from: Patrice Clemente <patrice.clemente (at) gmail.com>
----------------------------------------------------------------
The 2010 International Symposium on Collaborative Technologies and Systems
(CTS 2010)
CALL FOR PAPERS
Workshop on Collaboration and Security (COLSEC'10)
The Westin Lombard Yorktown Center Chicago, Illinois, USA May 17-21, 2010 In...
Botnet Operators Infecting Servers, Not Just PCs
Posted by InfoSec News on Dec 17
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=222002433
By Kelly Jackson Higgins
DarkReading
Dec 16, 2009
Botnet operators have always been able to easily infect and convert PCs
into bots, but they also are increasingly going after servers -- even
building networks of compromised servers.
Web servers, FTP servers, and even SSL servers are becoming prime
targets for botnet operators,...
Federal Computer Week: Security News
VA security scholarship program delayed until 2011
A program enacted in 2006 to help the Veterans Affairs Department beef up its information security expertise by offering financial assistance to doctoral students and those who recently earned doctorates still is more than a year away from awarding its first scholarship, according to a report made to Congress.
DHS setting new deadlines for Real ID
The Homeland Security Department has extended the Dec. 31 deadline for states to comply with Real ID drivers license requirements and is setting new deadlines with the states.
National cybersecurity coordinator choice widely applauded
Industry insiders say the breadth and depth of the appointee's experience in both government and the private sector bodes well for his performance in the challenging job of coordinating the government’s cybersecurity policy.
Obama picks cybersecurity coordinator
Howard Schmidt is President Barack Obama’s choice for cybersecurity chief, the administration announced today.
Encryption of Predator video feeds will take time
It could take as long as five years before video feeds from Predator and Reaper drones are fully encrypted and U.S. forces are able to keep enemy forces from intercepting the information, reports Ellen Nakashima in the Washington Post.
Laptop with personal data about thousands stolen from Army employee
A government laptop containing names and personally identifiable information of more than 42,000 patrons of childcare and recreational facilities at Fort Belvoir in Virginia since 2005 was stolen on Nov. 28.
Hackers with political agenda bring down Twitter
Twitter says attack on site's Domain Name System redirected users to a cryptic anti-American message from the "Iranian Cyber Army."
iPhone: Enterprise-worthy, perhaps, but secure enough for feds?
The latest iPhone operating system is more secure, but doubts linger about whether it can rival the BlackBerry for government-level real security.
eWeek Security Watch
An Unpleasant Anniversary: 11 Years of SQL Injection
In Vulnerability Research
The first known publicized discussion of SQL injection came in the form of an article in Phrack magazine Dec. 25, 1998, courtesy of a researcher known as Rain Forest Puppy. More than a decade later, the same vulnerability is at the center of some of the most publicized data breaches of the year.
Brittany Murphy Searches Yield Malicious Results
In Social engineering
In yet another example of attackers poisoning search engine results, attackers are using the passing of actress Brittany Murphy to lure users to malicious sites.
MP3 Spam Makes a Comeback
In Spam
Researchers at Symantec and Trend Micro have reported seeing mp3 spam hitting inboxes.
Pharma Spam Finds Its Voice
In Virus and Spyware
Pharma spammers have become so desperate in their attempts to avoid e-mail filters for text and image files that they've begun using MP3 audio files to lure end users.
DarkReading - Security News
DarkReading
Pioneer Linens, Celebrating 97 Years of Luxury Linen Retailing in Florida, Opens New Fort Lauderdale Storefront Catering to Luxury Homeowners With Mansions at the Sea
Friends Play Top Role in Video Gamers' Purchase Decisions
Zscaler Protects Against Adobe Acrobat Reader Zero-Day Exploits
Reportlinker Adds Remote Shopping 2010
SingleHop Announces Tandem Reseller Program: Redefining the Way Servers Are Resold
DarkReading - All Stories
DarkReading
Facebook Hit By Clickjacking Attack
Social network targeted by emerging brand of attack that's hard to kill
Feds Need To Push Forward On Cybersecurity, Says Former FBI CIO
Key to any plan is to focus on hardware, software, and people, and to understand that cybersecurity is a risk management effort, says Zal Azmi
The 9 Coolest Hacks Of 2009
Digital faces, missile defenses, iPod Touches, and even texting teens all were the subject of extreme hacks
White House Names Howard Schmidt As Cybersecurity Czar
Former Bush administration official will head U.S. cybersecurity initiative for Obama, but experts question whether the post has much power
Smartphone Security Startup Offers Free Beta
Product to mix lightweight mobile client with cloud-based security, backup and anti-theft features
4 Factors To Consider Before Firing Up That DLP Solution
There's an ugly truth that DLP vendors don't like to talk about
Attack Of The RAM Scrapers
Beware of malware aimed at grabbing valuable data from volatile memory in point-of-sale systems
Electronic Medical Records: The Good, Bad, And Ugly
EMRs offer huge benefits, but privacy and security threats are massive as well
Lab Test Results: Symantec, Kaspersky Lab, PC Tools, AVG, Detect The Most Zero-Day Attacks
AV-Test finds detection rates of 83- to 90 percent, but rival lab says rates are actually 29- to 64 percent
Privacy Group Files Complaint To FTC About Facebook
Recent changes will make too much user information available to the public, maintains the Electronic Privacy Information Center
Product Watch: IBM Replaces Passwords With Palm-Vein Biometrics In Single Sign-On
Fujitsu's PalmSecure LOGONDIRECTOR is integrated with IBM Tivoli Access Manager for Single Sign-On
Readying For A Zero-Day Attack: Expect The Unexpected
In new report, Dark Reading describes methods for managing zero-day attacks and vulnerabilities
Botnet Operators Infecting Servers, Not Just PCs
Web, FTP, and SSL servers are becoming handy tools for botnets to expand and multiply
Cybercriminals Bypassing Two-Factor Authentication
Targeted attacks have resulted in theft of money and/or information, says Gartner
Product Watch: Bit9 Lists Top Vulnerable Applications Of 2009
Adobe apps top list of most vulnerable apps
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool
By Darknet on web-server-security
hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration...
Read the full post at darknet.org.uk
Brittany Murphy Dies & Scareware Scammers Strike
By Darknet on worm
It seems to be a trend now, whenever someone famous dies some kind of malware or phishing scam will pop up playing on their death with the usual social engineering aspect. The most memorable one recently of course was the passing of The King of Pop – Michael Jackson The latest one is Brittany Murphy who passed [...]
Read the full post at darknet.org.uk
PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility
By Darknet on pdf security
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. [...]
Read the full post at darknet.org.uk
CounterMeasures - A Security Blog
Rik Ferguson blogs about current security issues.
Twitter (not) hacked by Iranian Cyber Army
By Rik Ferguson on web
UPDATE: I was asked to talk to Channel 4 news in the UK about this incident this evening and they have been good enough to share the full content of my interview and a subsequent interview on the same subject with Tim Stevens from King’s College London. _________________________________________________________________________________________ Original post: At about 6am GMT Twitter fell victim to [...]
CNET News - Security
Web-based Lookout protects mobile devices, data
By Elinor Mills
Lookout offers data security, backup, and management over the Web and a way to locate and protect missing or stolen devices.
Originally posted at InSecurity Complex
Hackers claim to crack Kindle copyright armor
By Leslie Katz
Two hackers, one in Israel and one in the United States, say they've found ways to export e-books from Amazon's popular e-reader to other devices.
Originally posted at Crave
Using Facebook and Twitter safely
By Elinor Mills
Share a lot? Here's a guide to the security and privacy problems that users of Facebook and Twitter encounter, and what they can do about it.
Originally posted at InSecurity Complex
Report: FBI investigating Citibank cyberattack
By Lance Whitney
Russian cybercriminals reportedly hacked into Citibank, stealing tens of millions of dollars and prompting an FBI investigation, says The Wall Street Journal.
White House appoints cybersecurity chief
By Lance Whitney
New Cybersecurity Coordinator Howard Schmidt promises to develop strategies to protect U.S. networks, beef up technology partnerships, and promote R&D.
So, is it safe to tweet now?
By Caroline McCarthy
In the "Iranian Cyber Army" incident, Twitter has once again proven embarrassingly vulnerable. The good news? It doesn't look like user accounts were compromised--not that Twitter stores a whole lot of personal information.
Originally posted at The Social
Twitter hijacked by 'Iranian Cyber Army'
By Steven Musil
The microblogging site appeared defaced by a group that identified itself as the "Iranian Cyber Army" before the site went down.
Originally posted at News - Digital Media
Firefox, Adobe top buggiest-software list
By Elinor Mills
Open-source Firefox reports all holes, putting it at the top of the list for bug reports, while Adobe replaces Microsoft in the second spot, reports find.
Originally posted at InSecurity Complex
Predator drones hacked in Iraq operations
By Declan McCullagh
The apparent security breach arose because the UAVs do not use encryption in the final link to their operators on the ground.
CGISecurity - Website and Application Security News
All things related to website, database, SDL, and application security since 2000.
Adobe on Fuzzing Adobe Reader For Security Defects
By Robert A. on Security Tools
Adobe has published an entry on their blog outlining how fuzzing plays a part in discovering security issues in their product prior to launching it. Its good to see a company such as Adobe publishing this information as its one of those things that is discussed frequently by the security community, however...
Posts
No comments:
Post a Comment