Home PHP Scripts Contact News Articles RSS Readers Members Area

Security Fix

 
Main

Security

Anti-Malware
Malware
MSNBC Security
Security Fix
Security World News
Random Feeds

Archives

| Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |

Sat, 19 Dec 09
Hackers exploit Adobe Reader flaw via comic strip syndicate
http://feeds.voices.washingtonpost.com/click.phdo?i=eaef57aeb66118c5bec566eea5f89ae4
Hackers broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat, Security Fix has learned. On Monday, Adobe Systems Inc. said it was investigating reports that criminals were attacking Internet users via a previously unknown security flaw in its Adobe Reader and Acrobat software. Experts warned that the flaw could be used to foist software on unsuspecting users who visit a hacked or booby-trapped Web site. Albany, N.Y.-based Hearst publication Timesunion.com now reports that on Thursday readers of its comics section began complaining of being prompted to download malicious software. In an update posted to its site, Timesunion.com said the attack took advantage of the recently disclosed Adobe flaw. The news outlet said it had traced the attack back to a problem at King Features, which serves comics on its Web site, and that



Sat, 19 Dec 09
Twitter.com hijacked by 'Iranian cyber army'
http://feeds.voices.washingtonpost.com/click.phdo?i=42557e60afba27f62665ab8a49ff8aa7
Hackers hijacked the Web site of micro-blogging community Twitter.com early Friday, briefly redirecting users to a Web page for a group calling itself the "Iranian Cyber Army." The attackers apparently were able to redirect Twitter users by stealing the credentials needed to administer the domain name system (DNS) records for Twitter.com. DNS servers act as a kind of phone book for Internet traffic, translating human-friendly Web site names like "Twitter.com" into numeric Internet addresses that are easier for computers to handle. "Twitter's DNS records were temporarily compromised but have now been fixed," the company said in a brief statement on its Web site. "We are looking into the underlying cause and will update with more information soon." Twitter's DNS service is provided by Manchester, N.H. based Dyn Inc. Tom Daly, chief technology officer at Dyn, said the incident was not the result of a security failure on its services. Daly



Thu, 17 Dec 09
Group IDs hotbeds of Conficker worm outbreaks
http://feeds.voices.washingtonpost.com/click.phdo?i=87ccd92fa79d0a6ebb7360260d373241
Internet service providers in Russia and Ukraine are home to some of the highest concentrations of customers whose machines are infected with the Conficker worm, new data suggests. The report comes from the Shadowserver Foundation, a nonprofit that tracks global botnet infections. Shadowserver tracks networks and nations most impacted by Conficker, a computer worm that has infected more than 7 million Microsoft Windows PCs since it first surfaced last November. "Conficker has managed to infect, and maintain infections on more systems than any other malicious vector that has been seen before now," Shadowserver stated on its Web site. Shadowserver's numbers indicate that the largest numbers of Conficker-infested PCs are in the East, more specifically China, India and Vietnam. For example, Chinanet, among the nation's largest ISPs, has about 92 million routable Internet addresses, and roughly 950,000 -- or about 1 percent of those addresses -- appear to be sickened with



Sat, 12 Dec 09
Check your Facebook 'privacy' settings now
http://feeds.voices.washingtonpost.com/click.phdo?i=e5ceaf8a584e4a4adff4c9941d9ce4cc
If you use Facebook and care about your privacy, take a moment to read this blog entry. Facebook has made some major changes that may allow a great deal more people to see your personal photos and videos, date of birth, family relationships, and other sensitive information. While logged in to Facebook, click the "Settings" link and you should see a box that looks like the one pictured below. You may see that Facebook has reset your privacy settings, so that the everyone can now see the information on your "About Me" page, as well as your "Family and Relationships" data; "Work and Education"; and most importantly "Posts I Create," which includes status updates, links, photos, videos and notes. Below is a screen shot of what my privacy settings looked like when I recently logged in. By default, the new privacy settings instituted across the Facebook network also expose your



Fri, 11 Dec 09
Paper-based data breaches on the rise
http://feeds.voices.washingtonpost.com/click.phdo?i=aca9ab0aad2f1526e5752a767cfa7932
More than one quarter of data breaches so far this year involved consumer records that were jeopardized when organizations lost control over sensitive paper documents. Experts say those incidents came to light in large part due to a proliferation of state data breach notification laws, yet current federal proposals to preempt those state measures would allow paper-based breaches to go unreported. According to the Identity Theft Resource Center, a San Diego based nonprofit, at least 27 percent of the data breaches disclosed publicly in 2009 stemmed from collections of sensitive consumer information printed on paper that were lost, stolen or improperly disposed of. Some 45 states and the District of Columbia have enacted laws requiring companies that lose control over sensitive consumer data such as Social Security or bank account numbers to alert affected consumers, and in some cases state authorities. Concerned about the mounting costs of complying with so



Wed, 9 Dec 09
Critical updates for Adobe Flash, Microsoft Windows
http://feeds.voices.washingtonpost.com/click.phdo?i=17981fe2ab7f7a99c4efd47bc7d482c7
Microsoft released six software updates on Tuesday to fix at least a dozen security vulnerabilities in Windows, Internet Explorer, Windows Server and Microsoft Office. More than half of the flaws earned a "critical" rating, meaning criminals could exploit them to break into vulnerable systems without any help from users. Separately, Adobe Systems Inc. issued critical security updates to its Flash Player and AIR Web-browser plugins. The updates are available from the Windows Update Web site, or via the Automatic Update feature in Windows. Probably the most important update for most users is the one for Internet Explorer, which corrects five critical flaws in IE 6, 7 and 8. These are vulnerabilities that attackers could exploit to quietly install malicious software on your machine if you browse with IE to a hacked or booby-trapped site. A description of the rest of the vulnerabilities patched in this month's release from Microsoft is



Wed, 9 Dec 09
Security Fix author named 'cybercrime hero'
http://feeds.voices.washingtonpost.com/click.phdo?i=e03ed7b670a3d5e699e20c9daf50f321
Networking equipment maker Cisco Systems Inc this week bestowed a generous honor on the Security Fix author. In its 2009 annual security report released Tuesday, Cisco names Yours Truly as a "cybercrime hero," citing an ongoing investigative series detailing the plight of small businesses that have lost hundreds of thousands of dollars at the hands of malicious software. The mention comes in a section announcing Cisco's first-ever "Cybercrime Showcase," which the company said aims to "shine a spotlight on individuals and entities who have made significant positive contributions during the past year toward helping make the Internet a safer place for all users." Clearly, I am long overdue to design a decent superhero costume. In all seriousness, I am grateful for the mention, and for the recognition of my work. Interestingly, the two families of malicious software also mentioned as "winners" of Cisco's 2009 "Cybercrime Showcase" are malware families whose



Tue, 8 Dec 09
La. firm sues Capital One after losing thousands in online bank fraud
http://feeds.voices.washingtonpost.com/click.phdo?i=ad1872c920821e09ae1f6816ffd81493
An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year. In August, Security Fix wrote about the plight of Baton Rouge-based JM Test Systems, an electronics testing firm that in February lost more than $97,000 from two separate unauthorized bank transfers a week apart. According to JM Test, Capital One has denied any responsibility for the losses. On Friday, JM Test filed suit in a Louisiana district court, alleging breach of contract and negligence by the bank. The firm says it is still out a total of $89,000, and that it has spent roughly $70,000 investigating and responding to the breaches. "Capital One was not willing to make good on our losses or attempt any type of settlement," said Happy McKnight, JM Test's controller.



Sun, 6 Dec 09
Phishers angling for Web site administrators
http://feeds.voices.washingtonpost.com/click.phdo?i=0245d0b85e3b0c1b03591fd472dc9d1f
Scam e-mail artists have launched a massive campaign to trick webmasters into giving up the credentials needed to administer their Web sites, targeting site owners at more than 90 online hosting providers. Experts say the attackers are attempting to build a distributed network of hacked sites through which to distribute their malicious software. The spam e-mails arrive addressed to users of some of the top Web hosting firms, from hostgator.com to yahoo.com and 50webs.com, and bear the same basic message: "Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details." Recipients who click the included link are brought to a Web site made to look like a cPanel page (cPanel is a widely used Web site administration software package). People who fall for the scam and provide their credentials are then forwarded on to the actual site of the Web hosting



Sat, 5 Dec 09
Apple issues security updates for Mac OS X
http://feeds.voices.washingtonpost.com/click.phdo?i=6bf3caebe51669ed02d23ae0181b3fc0
Apple this week pushed an update for Leopard and Snow Leopard systems that plugs a large number of security holes in Apple's version of Java, a package installed by default on those Mac OS X systems that enables a number of multimedia Web applications. The new Java version fixes at least 14 vulnerabilities in the version designed for OS X 10.6 systems; the package put together for 10.5 Macs corrects more than two dozen security flaws. Mac users can grab the patches via Software Update or from Apple Downloads. The patch fun continues into Tuesday of next week, when both Microsoft and Adobe are scheduled to issue updates to plug security vulnerabilities of their own. Microsoft said Thursday that it plans to issue at least six security patches (each patch fixes at least one -- but often multiple -- security flaws). Half of those updates will carry a "critical" rating,

 

amigura.co.uk All Rights Reserved.