Internet Security News: Week in Review December 6 - 12

This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today. Visit them at www.e-secure-it.com or email more-info@e-secure-it.com for more information on their available services.
House of Lords hears evidence on risk of cyberterattacks (from homelandsecuritynewswire at 12-12-2009) The House of Lords hears evidence that the U.K. communication system is vulnerable to cyberattacks; experts advised the Lords that since up to 90 percent of the critical infrastructure on which Europe depends is privately owned and crosses international boundaries, then only co-operative planning between public and private sectors, as well as EU member states, can hope to deal with the risks. The House of Lords has heard evidence from a number of high-ranking IT experts about the risk of cybe... read more» Bruce Schneier Recommends Security Chill Pill (from SecurityProNews at 12-12-2009) You might look at it this way: in a lot of large cities, murders occur on a regular basis, and the killers aren't arrested at the scene of the crime. But other people don't hide inside every time a crime is reported, barricading their doors and ordering bulletproof vests. Similarly, Schneier explained that not all vulnerabilities are serious, that there often isn't much an end user can do, and that the odds of any given individual being affected are pretty small.... read more» Hackers Break Into University's Admissions Server (from esecurityplanet at 12-12-2009) Eastern Illinois University officials this week said they are investigating how and why hackers infiltrated the school's admissions server last month, gaining access to the personal information of more than 9,000 former, current, and prospective students. According to a posting on the university's Web site, someone gained access to the critical server for more than six days in mid-November after the server was infected with the Virut virus.... read more» DNS flaw fixed, Neustar claims (from NetworkWorld at 12-12-2009) Neustar, a provider of managed DNS services to e-commerce sites, says it has developed an innovative, low-cost fix to a well-known problem that prevents DNS updates from getting propagated quickly across the Internet. Neustar unveiled Thursday the DNS Real-time Directory, a cloud-based computing service that will support the exchange of real-time updates of DNS information between the DNS vendors and ISPs that subscribe to it.... read more» Feds go global to fight cybercriminals overseas (from Yahoo at 12-12-2009) The tip came from another country's law enforcement officials: Eight major banks in the U.S. were being targeted by cybercriminals operating there. FBI agents fanned out that night to warn the branches that hackers were aiming to break into their computer systems. The banks were able to spot the attempted breaches, and block them, FBI officials said. Concerned about the rise in this type of sophisticated computer attack from abroad, the FBI and the U.S. Secret Service are beefing up their ... read more» FBI: Rogue Antivirus Scammers Have Made $150M (from Yahoo at 12-12-2009) They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than US$150 million for scammers. Security experts call them rogue antivirus programs. The FBI's Internet Crime Complaint Center issued a warning over this fake antivirus software Friday, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers.... read more» '.eu' internet domain now available in all EU languages (from Europa at 12-12-2009) From today, European citizens, businesses and organisations can register .eu website names using characters from all 23 official languages of the European Union. "Internationalised Domain Names under .eu, our European Top Level Domain, are a big step towards a truly global and at the same time local internet.... read more» Part 1/4: Introduction to Cyber Crime (Cybersecurity Act, Computer Fraud and Abuse Act, HIPAA) (from YouTube at 12-12-2009) Last Fridays news that Lori Drew (neighbor who posed on MySpace as potential teenage boyfriend) was being indicted under the Computer Fraud and Abuse Act represents yet another cyberlaw constitutional moment. Once again, were pressing laws intended to address X problem into service mending Y dispute. This time, however, the law is more sweeping than we might like to admit. In fact, courts have already read the CFAA to stretch awfully far - including to violations of agreements *not* found in... read more» New malware domain clearing house (from SunbeltBlog at 12-12-2009) In addition to the several malware domain clearing lists available on the net, Paretologic has added their own, available at http://mdl.paretologic.com. To see the list click the following URL: http://www.malwaredomains.com/wordpress/?p=740... read more» BA.com titsup - Airline's website grounded - The site was back up and working (from The Register at 12-12-2009) British Airways has lost its website and doesn't know when its coming back. The site crashed offline at about 6am UK time and technical staff are still working out what the problem is, according to a spokesman.... read more» FBI: Rogue antivirus scammers have made $150M (from ComputerWorld at 12-12-2009) They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs. The FBI's Internet Crime Complaint Center issued a warning over this fake antivirus software Friday, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers.... read more» FISMA Reform Without Reforming FISMA (from govinfosecurity at 12-12-2009) Must Congress reform the 7-year-old Federal Information Security Management Act to get government agencies to move away from paper compliance to real-time monitoring of digital assets to show their IT systems are secure? Not necessarily, says one of the leading computer scientists at the National Institute of Standards and Technology. Among the top goals of FISMA reform legislation before Congress is to codify practices agencies must follow to measure IT security in real time, and not annuall... read more» Top Five Reasons For Security FAIL (from CSOonline at 11-12-2009) The Internet security industry has seen every type of security solution fail. While there are exceptions, one can learn some general principles as to why things fail. Below are some observations.Security is only as good as its weakest link." This is probably the most well-known adage. Surprisingly however, many security solutions fail because of it, as the weakest link is often not obvious.... read more» Cyber Fraud Is A Threat To The Nation (from peacefmonline at 11-12-2009) The Inspector-General of Police, Paul Quaye, has said the extend of prohibited activities perpetrated through the use of digital communication technology is a threat to the nation’s security. He said due to insufficient expertise and equipment to handle cyber-related crimes, criminals are having a field day indulging in fraudulent activities through the internet.... read more» Fortinet detects increase in malware levels (from NetworkWorld at 11-12-2009) Fortinet, a network security provider and unified threat management (UTM) solutions specialist has observed the highest level of total malware detected in more than a year. According to its October 2009 Threatscape report, the level of total malware detected was four times greater than detected in September. Scareware tactics hit an all-time peak last month and the attacks were very severe.... read more» Northern Ireland police investigate 18th ATM robbery (from BBC at 11-12-2009) Police investigating a series of cash machine robberies using diggers across Northern Ireland say they are following "definite lines of inquiry". In the latest incident, a filling station was badly damaged in Templepatrick, County Antrim.... read more» Spyware, keyloggers and SQL injection are top attacks in 2009 (from ComputerWeekly at 11-12-2009) Spyware, remote control tools and SQL injection are the most common types of cyber attacks against business, according to the latest report from Verizon Business. Keyloggers and spyware accounted for 19% of data breaches in 2009, and remote control tools and SQL injection attacks were each involved in 18% of incidents. The 2009 Data Breach Investigations Supplemental Report on the anatomy of data breaches, details 12 other popular attack methods.... read more» Court Rejects Request to Consolidate TJX Hacker Cases (from Wired at 11-12-2009) A federal judge in Massachusetts has rejected a request from U.S. attorneys to consolidate a New Jersey case against Albert Gonzalez, who has admitted hacking more than 120 million credit card numbers from Heartland Payment Systems, with two other cases against him in Massachusetts.... read more» SQL injection attack claims 132,000+ (from Net-Security at 11-12-2009) A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009. ... read more» Trend Micro forecasts future threats (from CNet at 11-12-2009) Cloud computing and virtualization are just two technologies that cybercriminals are anxious to exploit, forecasts a report released Wednesday by security vendor Trend Micro. The year ahead offers new opportunities for cybercrooks as they hunt for more targets and new challenges as people try to protect themselves, says Trend Micro's 2010 Future Threat Report.... read more» Reacting to Security Vulnerabilities (from Schneier at 11-12-2009) Last month, researchers found a security flaw in the SSL protocol, which is used to protect sensitive web data. The protocol is used for online commerce, webmail, and social networking sites. Basically, hackers could hijack an SSL session and execute commands without the knowledge of either the client or the server. The list of affected products is enormous. If this sounds serious to you, you're right. It is serious. Given that, what should you do now? Should you not use SSL until it's fixed,... read more» Trend Micro Annual Report 2010 : The Future of Threats and Threat Technologies (from TrendMicro at 11-12-2009) In this report we examine how: * Cybercriminals will formulate more direct and brazen extortion tactics to obtain quicker access to cash. * It’s business as usual for botnets, but heavier monetization by botnet herders. * Social media will be used by malware to enter the users’ “circle of trust.” * Web threats will continue to plague Internet users. * Cloud computing will present new security challenges. * Changes in the Internet infrastructure will widen the play... read more» U.S.-China Internet forum highlights need to step up online security (from Xinhuanet at 11-12-2009) The third annual U.S.-China Internet Industry Forum concluded here Thursday with delegates calling for more efforts to step up online security. An important part of network security was to ensure the security of online information, said Cai Mingzhao, former deputy director of China's State Council Information Office and an adviser to the Internet Society of China, which co-hosted the one-and-a-half-day forum with Microsoft Corporation.... read more» Nasscom to help police fight cybercrime (from siliconIndia at 11-12-2009) The National Association of Software and Service Companies (Nasscom) will extend its expertise to assist Tamil Nadu police in cybercrime investigation. "The Nasscom and Data Security Council of India intend to establish a Cyber Laboratory for Crime Branch in association with Lakshmi Vilas Bank. Besides assisting the police in cyber forensics and investigation, the Laboratory will serve as a permanent training centre," Pratap Reddy, Director (Cyber Security), Nasscom told The Hindu.... read more» How Organizations Get Hacked (from Information Week at 11-12-2009) Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just releasedVerizon Data Breach Investigations Supplemental Report and you'll get a great idea. while application-based attacks are still often overlooked, SQL-injection attacks accounted for 18% of all breaches, and were involved in 79% of lost records. That's a huge chunk of risk you might want to focus on.... read more» 2009 in threats - Fake security software, search engines and social networks (from Net-Security at 11-12-2009) The latest State of the Internet 2009 report by CA states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats. The report compiles trends from the first half of 2009. CA researchers tracked the following trends in 2009: Rogue or fake security software: Software that poses as legitimate Internet security software but is actually malware has experienced a significant surge in popularity. In the first half of 2... read more» OpenDNS taunts Google with real-time directory (from The Register at 11-12-2009) In mid-October, Sweden's net authorities managed to boot the entire country from the interwebs when a routine maintenance script accidentally removed a rather important dot from its top level domain. The period was reinstated in less than an hour, but address problems persisted for who knows how long, thanks to cached DNS records at ISPs across the globe.Clearly, the existing Domain Name System doesn't work quite as well as it should. ... read more» Cyber crime levels rise (from journalnow at 11-12-2009) The tip came from another country's law-enforcement officials: Eight major banks in the U.S. were being targeted by cyber criminals operating there. FBI agents fanned out that night to warn the branches that hackers were aiming to break into their computer systems. The banks were able to spot the attempted breaches, and block them, FBI officials said.... read more» LINX failure slows UK net traffic (from The Register at 11-12-2009) The London Internet Exchange (LINX) suffered a major failure yesterday afternoon, leading to a significant slowdown of UK traffic. The initial failure has been isolated to a network switch which then "cascaded", causing more problems, said spokesman Richard Yule. LINX acts as a main peering point for UK ISPs, allowing them to exchange traffic directly, which is cheaper than sending it over the public internet. The failure hit only one of its two peering platforms, which each use different har... read more» New attempt to tackle Skype spam (from The Age - Australia at 11-12-2009) When spam starts talking to you, you know you're in trouble. It pops up on your screen, trying to sell you watches, Viagra and a host of other goodies and it pretends to be your friend through Facebook and Skype. Now the Australian Communications and Media Authority will begin a new campaign aimed at getting consumers to complain about the latest form of spam instant messaging.... read more» Web site defacement surges over 14% in January-October (from The Hindu Business Line at 11-12-2009) The incidents of Indian Web site defacement reported in popular domains such as ‘.com' and ‘.in' rose over 14 per cent on a cumulative basis during January-October 2009 to 5,239, as compared to the year-ago period. This is as per data compiled by Indian Computer Emergency Response Team (Cert-in), which tackles hacking or virus attacks on the information systems in vital sectors such as power, railways, aviation and defence. The reported incidents of phishing spiked nearly 42 per cent to 708 c... read more» German Government to Help Rid Computers of Malware (from Softpedia at 11-12-2009) The German government plans to launch a major botnet-cleaning operation in the country in 2010. ISPs will identify and contact the owners of infected computers and a specialized call center will be created to offer assistance with cleaning the malware. The project is a joint initiative of the German Federal Office for Information Security (BSI) and eco, the Association of the German Internet Industry. The plan was announced on December 8, during the fourth national IT-Summit in Stuttgart and ... read more» Goverments must unite to head off cyber-terrorism threat, says Kaspersky (from Computer Weekly at 11-12-2009) Governments have begun working to combat cyber threats, but many are working on national initiatives to tackle a global problem, says Russian security firm Kaspersky Lab. "To fix this problem, governments need to think internationally," said Eugene Kaspersky, chief executive and co-founder of Kaspersky Lab. In an increasingly digital world, where all systems, including those for critical national infrastructures, are connected to the internet, every person, business and economy is at risk of... read more» Businesses urged to shore up their mobile defences (from v3 at 11-12-2009) Symbian chief security technologist Craig Heath has urged businesses to do more to prevent data breaches from stolen mobile devices, including ensuring the PIN function is activated on all handsets. Speaking at a roundtable event hosted by anti-virus software vendor AVG on Wednesday, Heath said the physical loss of phones was the number one cause of information leaks, ahead of malware or phishing scams.... read more» Wildfire spread of Malware on the internet (from The Daily Star at 11-12-2009) The spread of malicious programmes through the internet has skyrocketed in the last two years as their number exceeded 32 million in 2009 from just two million in 2007. This spread will increase further as it is financially motivated as cyber crime remains extremely profitable and out of reach of the law, according to the gurus of the Kaspersky Lab. Back in the nineties, when software viruses were just nuisance used to be simple. Back then malicious codes were transmitted via files through fl... read more» Microsoft Hack - All Microsoft queries are redirected to the hacked computer (from AVG at 11-12-2009) Basically, the rogue antispy was directing the victim to a genuine Microsoft address, but was modifying the html on the fly as it came back from the real Microsoft page. It made it read that Microsoft was recommending that the victim should buy the rogue. The answer is that they’ve hacked the host’s file on the victim’s computer. All Microsoft queries are redirected to the hacked computer. If the user is paying attention, they’ll see the numeric ip address instead of the Microsoft address, bu... read more» Potent malware link infects almost 300,000 webpages (from The Register at 11-12-2009) A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits. The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. Hacked sites contain an invisible iframe that silently redirects users to 318x .com , which goes on to exploit kn... read more» Data Nerds Hack NASA (In a Good Way) (from Wired at 11-12-2009) A bunch of data nerds from inside and outside NASA will gather at a house in Cupertino, California called the Rainbow Mansion this Saturday to hack through the agency’s data jungles. The event isn’t NASA-sponsored. None of the bureaucracy is involved at all. Instead, the event is being coordinated by a small group of people who just love the space program and want to help open up the agency’s troves of information.... read more» Top 15 most common attacks in IT security include SQL injection, keylogging and abuse of privileges (from scmagazineuk at 11-12-2009) The 15 most common attacks in 2009 have been detailed by Verizon Business. In its ‘An Anatomy of a Data Breach' report, its authors have tapped the company's detailed investigative records to identify, rank and profile the most common attacks. In total, the report details nearly 150 ways to detect and combat security threats. It listed the top five most common security attacks as: keylogging and spyware; backdoor or command/control; SQL injection; abuse of system access/privileges; and unaut... read more» Unu hits Kaspersky a second time with SQL Injection disclosure (from the tech herald at 11-12-2009) Unu, who has gained a good deal of attention lately, is known for his vulnerability disclosures that center on SQL Injection. In his latest adventures, he returns to a vendor he has targeted in the past, security software specialist Kaspersky. In February, Unu went public on HackersBlog and disclosed the SQL Injection flaws he had discovered on Kaspersky’s USA portal. The flaws, which led to complete access to users, activation codes, lists of bugs, admins, shopping, etc., were quickly patche... read more» Hacker Gary McKinnon to appeal against US extradition (from BBC at 11-12-2009) Computer hacker Gary McKinnon is mounting a fresh High Court challenge to stop his extradition to the US. Solicitor Karen Todner said papers were lodged with the High Court seeking a judicial review of the home secretary's decision not to block his transfer. The home secretary has 14 days to respond before a judge considers it.... read more» Cyber Threat Cases Up 87 Pct In 10 Months, Says Fadillah (from Bernama at 10-12-2009) An 87 per cent increase in cyber threat cases were reported through the Cyber99 Assistance Centre between January and October as compared to the same period last year. The statistics were recorded by the MyCert Department of CyberSecurity Malaysia while the number of cases handled by the Digital Forensics Department rose by 17 per cent to 304 cases from 260 in the same period.... read more» Successful operation against child sex offenders on the Internet (from Europa at 10-12-2009) After a two year investigation, Operation Typhon, an international operation into child sex offenders on the Internet, has been concluded. House searches were conducted in 19 countries, specifically: Austria, Belgium, Bulgaria, Canada, Denmark, France, Germany, Hungary, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Romania, Slovakia, Slovenia, Spain, Switzerland and the United Kingdom, enabling the identification of 221 child sex offenders of which 115 have been arrested. The offende... read more» No Cybersecurity 'Czar,' No Big Deal (from govinfosecurity at 10-12-2009) The White House functions smoothly on matters regarding cybersecurity even without a permanent cybersecurity coordinator, says the top cybersecurity official at the Department of Homeland Security. "It is absolutely essential that there be strong, White House involvement in cybersecurity, and there is strong, White House involvement in cybersecurity," Philip Reitinger, DHS deputy undersecretary of the National Protection and Programs Directorate and director of the National Cybersecurity Cent... read more» ASIACRYPT 2009, Tokyo, December 6-10, 2009 (from asiacrypt2009 at 10-12-2009) The 15th Annual International Conference on the Theory and Application of Cryptology and Information Security will be held at Hitotsubashi Memorial Hall located inside National Center of Sciences Building in Tokyo. The International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT, is sponsored annually by the International Association for Cryptologic Research (IACR). ASIACRYPT 2009 will be held in cooperation with Technical Group on Information Secur... read more» U.S. boosts fight against global cybercrime (from Philly at 10-12-2009) The FBI and Secret Service are sending agents overseas to deal with digital dangers. The tip came from another country's law enforcement officials: Eight major banks in the United States were being targeted by cybercriminals operating there.... read more» Verizon Business Issues 2009 Supplemental Data Breach Report Profiling 15 Most Common Attacks (from databreaches at 10-12-2009) Verizon’s press release: The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold. In the “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” Verizon Business security experts tap the company’s detailed investigative records to identify, rank and profile the most common attacks.... read more» Delaware business: Cyber dangers lurk as online shopping rises (from delawareonline at 10-12-2009) It's clear Americans are concerned about online fraud. It's also clear they don't do enough about it.That's the conclusion of a new survey that Wilmington-based ING Direct commissioned as millions of consumers turn to their computers for a holiday shopping experience that's quick, convenient -- and potentially risky. The survey found that nine in 10 Americans are concerned about cyber attacks that can compromise credit-card numbers and other sensitive information, but remain lackadaisical abo... read more» US cyber security is back on the agenda (from Guardian at 10-12-2009) For the past month or so a curious game has been going on in the world of rumour and uncertainty that passes for the intelligence community. At the heart of it is an attempt to force the US president, Barack Obama, to put cyber security back to the top of his agenda and to usher in increased monitoring of the internet.... read more» The Internet's global reach moves US to create overseas operations to catch cybercriminals (from StarTribune at 10-12-2009) The tip came from another country's law enforcement officials: Eight major banks in the U.S. were being targeted by cybercriminals operating there. FBI agents fanned out that night to warn the branches that hackers were aiming to break into their computer systems. The banks were able to spot the attempted breaches, and block them, FBI officials said. Concerned about the rise in this type of sophisticated computer attack from abroad, the FBI and the U.S. Secret Service are beefing up their int... read more» Ten Years After Y2K, Web Threat Is Greater (from internet evolution at 10-12-2009) Remember 10 years ago? The IT industry had spent hundreds of billions of dollars worldwide remediating the threat of Y2K, otherwise known as the Millennium Bug. It seems unbelievable now that the need to conserve bits was acute because memory was so incredibly expensive in the early days of computing. And by employing dates using only two digits -- 96, 97, 98, 99, 00 -- it was feared that millions of computers would stop working as dates incremented into oblivion. Some people feared this woul... read more» Spam in UAE averaged 83.4% in 2009 (from zawya at 10-12-2009) According to Symantec Messagelabs Intelligence 2009 Annual Security report, cyber criminals have sharpened their survival skills and operated a volume and variety approach in 2009. The report highlights a turbulent spam activity throughout the year, with average spam levels globally reaching 87.7 per cent. It touched highs and lows of 90.4 per cent in May and 73.3 per cent in February respectively. ... read more» Internet by the people, for the people, with the people (from icenews at 10-12-2009) Last month in China, President Barack Obama said that criticism on the Internet had made him a better president. There is no doubt that the Internet renders our decision makers more transparent and accountable than ever before. A new law in Finland gives citizens a right to broadband Internet access, and European Union discussions on the ‘Telecoms Package’ have resulted in a decision that a user’s internet access may be restricted, if necessary and proportionate, only after a fair and imparti... read more» T-Mobile data scam detected a year ago (from The Register at 10-12-2009) The Information Commissioner's Office (ICO) has been investigating the theft and sale of T-Mobile customers' personal data for almost a year, it has emerged. News of the security breach, which saw rogue staff at the mobile operator divulge contract details to cold-calling marketeers, was only released to customers last month. According to a Freedom of Information Act response, T-Mobile told regulators about the raids on its database on 16 December 2008. The ICO today said its investigation is... read more» Verizon report highlights attack trends (from the tech herald at 10-12-2009) In a supplemental to their 2009 Data Breach Investigations Report, Verizon Business has highlighted fifteen of the common attacks they have seen aimed at their clients. In the full Data Breach Report released earlier this year, the Verizon Business RISK team looked at more than 90 incidents, which resulted in 285 million compromised records. “This supplemental report seeks to address the thousands of inquiries we’ve received from companies around the world wanting a more detailed explanation ... read more» Computer hackers find legal firms' info attractive (from Denverpost at 10-12-2009) Denver law firms say they are on the alert after reports that computer hackers have targeted client information of some national law offices. The FBI in November said it had seen "noticeable increases" in efforts to hack into law firms' computer systems — a trend that cyber experts say began as far back as two years ago but has grown dramatically. Law firms are targeted because they likely store valuable client information such as Social Security numbers or bank account information, said C... read more» Judge reduces sentences of two Cuban spies (from Reuters at 10-12-2009) U.S. District Judge Joan Lenard cut the sentence of Ramon Labanino, also known as Luis Medina, from a life term to 30 years, an assistant to the judge told Reuters. In a separate later ruling, Lenard reduced the sentence of a second convicted spy, Fernando Gonzalez, also known as Ruben Campa, from 19 years to 17 years and nine months. Cuba said the sentence reductions did not go far enough.... read more» Report finds enterprises failing to protect sensitive data (from scmagazineus at 10-12-2009) Confidential data remains unprotected in many large enterprises, according to a recent survey released by Enterprise Strategy Group (ESG) on behalf of database security firm Application Security. In the second annual survey of 175 IT and information security professionals from North American enterprises with 1,000 or more employees, 40 percent said most of their data is adequately secured and 11 percent said some confidential data is secured. Two percent of respondents said most confidential ... read more» Notre Dame employees' data exposed online for three years (from Computer World at 10-12-2009) In an embarrassing security gaffe, personal data on more than 24,000 past and present employees at the University of Notre Dame was made publicly available on the Web for more than three years. The breach resulted when an employee inadvertently posted files containing the names, Social Security numbers and zip codes of the employees on a publicly accessible university Web site.... read more» Federal Data Breach Bill Passes House - The bill has some more stringent requirements for data brokers (from datalossdb at 10-12-2009) Yesterday, for the first time ever, a data breach notification bill actually came to a vote in the United States Congress. The House of Representatives passed by voice vote H.R. 2221, the Data Accountability and Trust Act. This bill and others have been introduced many times over the past several sessions of Congress, but unlike other similar bills and this bills' predecessors, H.R. 2221 not only came out of committee, but was voted on and passed. This bill is similar in nature to multiple st... read more» New Verizon Business Report Outlines 15 Most Common Attacks (from DarkReading at 10-12-2009) Keyloggers and spyware are the most commonly occurring attacks in companies that suffer major data breaches, according to a report published today by Verizon Business. The new report, "2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach," offers a look at the 15 most common security attacks and how they typically unfold. The data is extracted from Verizon Business' April 2009 study of its computer forensics service customers, all of whom have experienced a major d... read more» Hackers Find a Home in Amazon's EC2 Cloud (from CIO at 10-12-2009) Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure. This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to Don DeBolt, director of threat research with HCL Technologies, a contractor that does security research for CA. The hackers didn't do this with Amazon's permission, however. They got onto Amazon's infrastructure by fir... read more» Threats and threat technologies in 2010 (from Net-Security at 10-12-2009) Trend Micro released a report titled "The Future of Threats and Threat Technologies", in which they analyzed the current situation and made some predictions for 2010 and beyond. No global outbreaks, but localized and targeted attacks Over the past few years, the threat landscape has shifted, there are no longer any global outbreaks, as were previously experienced with Slammer or CodeRed. Even the much-covered Conficker incident of 2008 and early 2009 was not truly a global outbreak - rather ... read more» DHS releases cyber incident response draft plan (from Gcn at 10-12-2009) The Homeland Security Department has released a draft of a government plan to designate the roles and responsibilities of agencies and industry in responding to cyber incidents, according to people involved in the strategy’s development. The draft plan is the result of an ongoing collaboration between DHS and its federal, state and industry partners to develop a National Cyber Incident Response Plan, said Navy Rear Adm. Michael Brown, who serves as DHS’ deputy assistant secretary for cybersec... read more» Crooks pitch World Cup scams after group draw (from The Register at 10-12-2009) Cybercrooks have begun punting World Cup ticket and HD TV viewing scams as a successor to earlier lottery-based cons. The revision of earlier fraud follows the final draw for the 2010 World Cup last Friday. Now, in addition to the opportunity to "claim cash prizes" in a draw by South African Football Association they have never entered, prospective marks are also getting offers to "watch live games online".... read more» Lawyers claim Palin hack suspect's PC had spyware (from The Register at 10-12-2009) Lawyers for Sarah Palin webmail hack suspect David Kernell claim his PC was infected with spyware. The contention may be used at trial to support arguments that the 21-year-old student son of a Tennessee Democrat politician was not personally responsible for the hack on a Yahoo! account maintained by the former Alaskan governor, which was traced back to an IP address used by Kernell.... read more» Trend Micro 2010 Future Threat Report (from TrendMicro at 10-12-2009) Trend Micro released its annual threat report today. This year, our annual report focuses on the future of the threat landscape. Virtualization, cloud computing, and a shifting Internet infrastructure will widen the scope of cybercrime. With the growing popularity of cloud computing and virtualization among companies, we fully expect cybercriminals to find new methods by which to increase their profit margins.... read more» Phishers Add Web Hosting Sites to Their List of Targets (from TrendMicro at 10-12-2009) Trend Micro threat analysts come across a huge number of phishing cases that feature nearly identical domain names every day. In a Web reputation manual verification exercise, analysts found that three of the most popular phishing targets to date were Chase, the Internal Revenue Service (IRS), and, just recently, Web hosting sites. To launch such an attack, cybercriminals use the phishing URL format cpanel.{attacked_company}.{phishingdomain}/scripts/cpanel-ftp-confirmation.php. In this kin... read more» CARAFANO: Oh Canada! Quelling cybersecurity threats (from Washington Times at 10-12-2009) A terrorist group has breached the firewall of the SCADA, the Supervisory Control and Data Acquisition system that controls the flow of major oil and natural gas pipelines throughout North America. Frantically analyzing the situation, security experts are able to identify the origin of the attacks. The president declares the incidents an act of war and orders a retaliatory strike: The enemy - Canada. While the scenario above is fiction, it is anything but science fiction. And the likelihood ... read more» IT sector high on terror list, says Pillai (from The Economic Times at 10-12-2009) Confirming the terrorist outfits’ plans to hit at India’s economic well-being by aiming at high-value economic targets, Union Home Secretary GK Pillai on Wednesday said software companies, in particular, faced a “high” threat perception. “We are world leaders in software. But software industry is high on the threat list,” Mr Pillai said at a conference on the Challenge of Terrorism to India’s Infrastructure and Economy in New Delhi.... read more» Top 10 botnets and their impact (from Net-Security at 9-12-2009) Every day, approximately 89.5 billion unsolicited messages (i.e. spam) are sent by computers that have been compromised and are part of a botnet.Botnets - apart from inundating out inboxes with spam - can also be used for ulterior purposes such as executing DDoS attacks or hosting websites, so understanding the "modus operandi" and size behind the well-known names is a good idea.... read more» Carbon Credit fraud causes more than 5 billion euros damage for European Taxpayer (from Europa at 9-12-2009) The European Union (EU) Emission Trading System (ETS) has been the victim of fraudulent traders in the past 18 months. This resulted in losses of approximately 5 billion euros for several national tax revenues. It is estimated that in some countries, up to 90% of the whole market volume was caused by fraudulent activities. Indications of suspicious trading activities were noted in late 2008, when several market platforms saw an unprecedented increase in the trade volume of European Unit Allow... read more» AOL Time Warner splits after near 10-year marriage (from BBC at 9-12-2009) AOL and Time Warner have formally split after almost 10 years as one company. Under the terms of the deal, qualifying shareholders will receive one AOL share for each 11 Time Warner they own. AOL shares will begin trading on Thursday. They will even regain the market ticker symbol they used before the merger. But the company will be worth a tiny fraction of what it once was. Its market value is put at about $2.5bn - 10% of its value at the firm's height.... read more» Cisco security survey:Cybercrime taking a page from business schools (from NetworkWorld at 9-12-2009) Cybercriminals are getting more professional, adopting classic business structures in the development and deployment of malware that is increasingly designed to reap maximum profit, according to the annual Cisco security report. Crackers sell their wares in online marketplaces where they can also hire quality-assurance testers to strengthen their malicious code, as well as botnets for quick distribution of their exploits, the report says.... read more» Woman sues Burger King over spam texts (from CNet at 9-12-2009) Is there some etiquette one should follow when receiving a spam text? Should one at least read it before erasing it? Should one even attempt a polite reply, even if it is in the negative? Or should one sue the rotten behind off the ungracious crasher who deigns to invade one's cell phone? If your name is Elizabeth Espinal, you gravitate toward the latter option. According to the Miami New Times, Espinal was inconvenienced by that slightly creepy King texting her with what she describes in... read more» St Albans laptop saga 'gets worse and worse' (from stalbansreview at 9-12-2009) SENSITIVE data for a further 1,000 people was stored on a laptop thought to have been stolen from St Albans District Council, it has been revealed. A review of data stored on the council's missing electoral services computer revealed a file containing the confidential details of an additional 1,000 people, kept to verify postal votes in 2007 and 2008.... read more» Mikulski Named to Senate Cyber Security Task Force (from Senate at 9-12-2009) The Senate Select Committee on Intelligence announced today the formation of a bipartisan task force on cyber security. Senator Barbara Mikulski (D-Md.) and Senator Olympia Snowe (R-Maine) will serve as members of the task force, and Senator Sheldon Whitehouse (D-R.I.) will serve as task force chair. The task force will evaluate cyber threats to the United States and issue recommendations to the U.S. intelligence community as appropriate. The task force will complete its work by June 2010.... read more» Russian Cybercrook Gets 18 Months for IRS E-Filing Scam (from Wired at 9-12-2009) A Russian man was sentenced to 18 months in prison Monday for a phishing attack that diverted $100,000 in U.S. tax refunds to bank accounts under his control. Maxim Maltsev, 24, of the Siberian city of Novosibirsk, ran the caper while he was living in the sunnier climes of San Diego in 2006, according to court records. Maltsev used a spam campaign to trick people into submitting their tax returns to his fake e-filing site. Before re-submitting them to a real e-filing website, he modified the ... read more» Top 10 Countries Sending Spam (Nov 30-Dec 6) (from icsalabs at 9-12-2009) Brazil and Vietnam retained the top two positions in ICSA Labs' list of the top 10 nations where spam e-mail originates. Spam originating in South Korea fell sharply and, for the first time since tracking began, South Korea fell out of the top 3 positions. Russia took their place.... read more» Hackers Targeting Banks, Social Sites (from Redorbit at 9-12-2009) A yearly security report released Tuesday by technology company Cisco says that banks and online social networks are growing targets for cyber criminals. "Criminals have been taking note of the large crowds in social-networking sites," said Cisco security researcher Scott Olechowski to AFP. "They steal them with various techniques." Strategies used to hack into social-networking sites include grabbing passwords and then utilizing the fact that people only have one password for all their ac... read more» Internet Security Threats for 2010 (from CXOtoday at 9-12-2009) Year on year the growth of various online threats, including spam, phishing, botnet activity, and malware has been on the rise. AVG predicts the following Internet Security Threats for 2010 More diverse, automatically generated malware Cyber criminals still want your money, identity and/or resources Make your computer into a part of their botnet Cyber criminals in the cloud Highly transient web threats Exploitation of major events, news and gossip "Web two-point-uh-oh" Emerging nat... read more» Unisys Report: Security Methods Will Change In 2010 (from ChannelWeb at 9-12-2009) A new study from solution provider Unisys predicts that organizations will take a more proactive approach to security, implementing new measures to verify identity and protect confidential information. Financial institutions and defense agencies will lead the charge. Here are four ways Unisys sees organizations battening down their hatches. 1. Data Protection Is The Order Of The Day 2. Going Beyond A Crystal Ball 3. Biometrics Will Play A Larger Role 4. You Can't Protect Everything... read more» Security fears holding back cloud computing (from v3 at 9-12-2009) Cloud computing is being held back by corporate concerns about security, according to Cisco's 2009 Annual Security Report, which found that data security and the control companies have over their information are the key factors holding back full-scale adoption of the model. "The interest in cloud computing is enormous, but fear over security is very real," Scott Olechowski, Cisco security research manager, told V3.co.uk. "It's holding back a move. Security and control are the top two things w... read more» Industrialized hacking tops five data security trends for 2010 (from Techjournalsouth at 9-12-2009) Imperva , predicts five key security trends for 2010: • The industrialisation of hacking with clear definition of roles developing within the hacking community forming a supply chain that starkly resembles that of drug cartels. The weapons of choice will be automated tools such as malware distributed via botnets. • A move from application to data security as cyber-criminals look for new ways to bypass existing security measures and focus on obtaining information. ... read more» Billion are lost every year from cyber criminals (from broadband-expert at 9-12-2009) A recent report by the Australian Strategic Policy Institute has advised that the Rudd government should set up an Internet crime centre for broadband users to report data loss, web fraud, online scams and spam. Tighter control and on enforceable code of conduct should be imposed on what are known as ‘backyard’ internet by the government according to a report from the cyber security expert, Alastair MacGibbon.... read more» Conficker Working Group: a template for countering future worm outbreaks? (from SunbeltBlog at 9-12-2009) SC Magazine has published a great feature story on the Conficker Working Group, an industry task force that has made major strides damaging the command and control channels of the worm that has infected 6.5 million computers worldwide since 2008. The feature quotes Sunbelt Chief Technical Officer Eric Sites: “The Conficker Working Group is the greatest collaboration of top level security experts for specific malware research in industry history. The collaborative efforts of the Conficker Wor... read more» AVG Predicts Internet Security Threats for 2010 (from pluggd at 9-12-2009) The year gone by has seen a significant rise in the incidence of spam, phishing, botnet activity, and malware. Each year cyber-criminals who have largely succeeded in duping the unsuspecting user, are investing in sophisticated and automated ways to run their operations. It can be safely predicted that in 2010 the threat environment will witness higher volumes of web-threats and be even more transient, agile and organised! Internet security threats that AVG expects to have significant impact on ... read more» Hacked email climate scientists receive death threats (from Guardian at 9-12-2009) Two of the scientists involved in "Climategate" – the e-mail hacking incident at the Climatic Research Unit (CRU) of the University of East Anglia, UK – have been emailed death threats since the contents of their private e-mails were leaked to the world. No further information can be revealed about these particular threats at present because they are currently under investigation with the FBI in the United States.... read more» Scientists promise an end to web attacks (from v3 at 9-12-2009) Research published by academics at the University of Bristol's Department of Computer Science suggests that a new technology could render cyber attacks " computationally impossible". The experts will present their research at the ASIACRYPT 2009 security and cryptology conference being held in Japan this week. Paul Morrissey, Nigel Smart and Bogdan Warinschi will discuss how a new technique could be applied that makes web site attacks impossible.... read more» Hackers take advantage of Microsoft security bulletins to spread malware (from MXLOGIC at 9-12-2009) In the wake of highly publicized security alerts from software giant Microsoft, online criminals have used the wave of public interest to push malicious software on an unsuspecting public. The malicious emails take the usual form: A message from an authoritative source - in this case, Microsoft director of security assurance Steve Lipner - warns that security updates must be installed to ensure the security of the targeted PCs. The "updates" turn out to be malware.... read more» Report finds most data breaches are 'utterly preventable' (from ITNews at 9-12-2009) Most security breaches are caused by malware, an SQL injection attack or the exposure of remote access credentials such as a VPN password, according to a report by Verizon Business. Verizon's 2009 Supplemental Data Breach Investigations Report, released today, said that malware such as keyloggers and spyware were responsible for the majority of data breaches.... read more» 2009 Data Breach Investigations Supplemental Report (from verizonbusiness at 9-12-2009) The Data Breach Investigations Report (DBIR) is an annual publication based on cybercrime cases worked by Verizon’s Investigative Response team. Following the release of the original DBIR in June of 2008, many readers requested industryspecific results. In response, we published a supplemental report comparing statistics along four industries in October of that same year. After releasing the 2009 DBIR (April 2009), it was unclear as to whether a supplemental would be forthcoming. The decision w... read more» Web attacks are financial boon for crooks, Cisco finds (from scmagazineus at 9-12-2009) Cybercriminals still are making large sums of money by pushing spyware and pharmaceutical spam, but internet fraudsters will leverage banking trojans and other web exploits, particularly on social networking sites, for far greater returns in the future, according to a new report from Cisco. Cisco's 2009 Annual Security Report, released Tuesday, details the top cybersecurity trends of 2009 and examines what is expected for 2010. Spyware, scareware and pharmaceutical spam have been the biggest ... read more» Cyber Attacks Take On A New Hue (from DarkReading at 9-12-2009) Lovers and haters of the color-coded Department of Homeland Security Advisory System can now extend their passions toward Cisco's Global ARMS Race Index, the networking giant's attempt to convey the state of cybersecurity using the color spectrum. On a scale of green -- cyber attacks are barely noticeable -- to red -- the bad guys own the Internet and no connection can be trusted, Cisco's 2009 Annual Security Report paints the current online environment in a light orange hue. That's 7.2 on a ... read more» 5 key security trends for the next decade (from Net-Security at 9-12-2009) 1. The industrialisation of hacking There is a clear definition of roles within the hacking community developing, forming a supply chain that starkly resembles that of drug cartels: * Botnet growers / cultivators whose sole concern is maintaining and increasing botnet communities * Attackers who purchase botnets for attacks aimed at extracting sensitive information (or other more specialized tasks) * Cyber criminals who acquire sensitive information for the sole purpose of comm... read more» Advances in surveillance, more attacks on the horizon (from Net-Security at 9-12-2009) Slashed budgets and reduced staffing numbers delayed many security initiatives in 2009, but the vulnerabilities didn’t retreat and will only intensify in 2010, Unisys security experts predict. Looking ahead to 2010, government and commercial organizations will take a more proactive approach to security, implementing new measures to verify identity and protect confidential information. Financial institutions and defense agencies will lead the charge, with ports and other organizations quickly ... read more» 2009 is the year of the botnet (from v3 at 9-12-2009) Malicious web sites and botnet activity continued to dominate the cyber securiy landscape over the past 12 months, with 10 major botnets now controlling at least five million computers, according to Symantec's MessageLabs Intelligence division. The firm's MessageLabs Intelligence 2009 Security Report launched today reported that the average number of new malicious web sites blocked each day rose 7.6 per cent from 2008 to 2,465. It also found an overwhelming majority of the blocked domains – 8... read more» US No Longer Leading the World In Spam (from Slashdot at 9-12-2009) "America is no longer the spam king. According to Cisco, US-originated spam dropped by over two trillion messages — American-based IP addresses sent about 6.2 trillion spam messages. The new world leader is Brazil at 7.7 trillion messages. 'I'm not completely surprised to see US falling to number two in the spam stats, but I didn't expect it to happen yet,' said Cisco Fellow Patrick Peterson. 'I was really gratified to see the actual spam volume decrease, not just ranking, but we [also] decr... read more» Brown launches 'Zip it, Block it, Flag it' net code for children (from The Register at 9-12-2009) Prime Minister Gordon Brown will today be launching a new internet safety strategy for children and young people, drawn up by an unprecedented coalition of Government, industry and charities at the first the UK Council for Child Internet Safety (UKCCIS) Summit in London today. As Children’s Secretary Ed Balls commented today, taken as a whole, this set of initiatives make up an integrated bundle that "mark a watershed in government and industry cooperation".... read more» Russian Cybercrook Gets 18 Months for IRS E-Filing Scam (from Wired at 9-12-2009) A Russian man was sentenced to 18 months in prison Monday for a phishing attack that diverted $100,000 in U.S. tax refunds to bank accounts under his control. Maxim Maltsev, 24, of the Siberian city of Novosibirsk, ran the caper while he was living in the sunnier climes of San Diego in 2006, according to court records. Maltsev used a spam campaign to trick people into submitting their tax returns to his fake e-filing site. Before re-submitting them to a real e-filing website, he modified the ... read more» Why the Public and Private Clouds Don’t Mix (from loglogic at 9-12-2009) Cloud computing tops Gartner's “Top 10 Strategic Technologies for 2010.” They define a strategic technology as “one with the potential for significant impact on the enterprise in the next three years.” Gartner is somewhat right here. The fundamental problem I have is that the industry has bucketed anything that can be loosely defined as cloud, virtual, consolidatory, or anything on the network in the same term being cloud. All of us loosely interchange public, private and cloud services to our w... read more» Why No Cybersecurity Coordinator, Yet (from govinfosecurity at 9-12-2009) The need to have experience in not only cyber and national security but a deep understanding of economics sharply limits the pool of candidates qualified to be the White House cybersecurity coordinator, and could explain why the job remain vacant more than a half year after President Obama proposed it. "There are just not that many people who have that kind of resume and have the experience within government and within the private sector that is going to be necessary to help really lead both ... read more» Using Fake Documents to Get a Valid U.S. Passport - U.S. passports using fake names and fraudulent documents (from Schneier at 9-12-2009) Since 2007, the U.S. State Department has been issuing high-tech "e-passports," which contain computer chips carrying biometric data to prevent forgery. Unfortunately, according to a March report from the Government Accountability Office (GAO), getting one of these supersecure passports under false pretenses isn't particularly difficult for anyone with even basic forgery skills.... read more» Adware touts $1 bribe to prospective zombies (from The Register at 9-12-2009) An adware distributor is offering to pay punters $1 to install their crud. The bribe comes attached to malware, specifically an application bundle that includes adware and agents that change browser home pages, detected by Sunbelt Software as C4DLMedia and classified as a medium risk threat. The offer of payment is buried in the application's terms and conditions. Even if the adware slingers come through on this offer to pay via PayPal, the amount of the bribe is probably a problem. "In place... read more» The Top 10 Stories You Missed in 2009 (from Foreign policy at 9-12-2009) Sometimes it's the page A14 stories -- the ones that never see the light of cable news or take a second life in the blogosphere -- that tell you the most about what happened during any given year. From a naval alliance that could shift the military balance of power on two continents to a troubling security gap in the U.S. passport system to a brand-new way to circle the globe, these are the stories that never got the attention they deserved in 2009 but could dominate the conversation in 2010.... read more» Ruggedised botnets pushing out even more spam (from The Register at 9-12-2009) Cybercrooks have adapted to the takedown of rogue ISPs by building more resilient botnets. An annual security survey by MessageLabs found that the already high level of spam reached 87.7 per cent of email traffic during 2009, with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. Junk volumes increased still further compared to the 81.2 per cent spam rate recorded by MessageLabs in 2008.... read more» Koobface worm dons tinsel to snag seasonally-affected marks (from The Register at 9-12-2009) Festive miscreants have begun using Xmas-themed lures to push the Koobface worm. The attack starts off with post from fake or pwned Facebook profiles that point to supposed video clips. Following these links takes users to a fake YouTube site that claims users need to install a Flash Player update to watch these "movie clips". In reality this supposed codec is the download component of the Koobface worm, an approach seen several times over recent months with previous versions of the worm.... read more» Google sues work-from-home scammers (from The Age - Australia at 9-12-2009) The Google-branded ads promised “up to $978 a day working from home”, but all job seekers got in return for their application was a recurring bill on their credit cards. Now Google is suing Pacific WebWorks, the company alleged to have created the scam ads that have fooled thousands of job hunters into thinking they were applying for work with the internet giant.... read more» An internet Green Cross Code for kids (from Sophos at 9-12-2009) English primary schoolchildren (5-11 years old) will be taught about how to stay safe on the internet from 2011, as part of a Government awareness strategy being unveiled today called "Click Clever, Click Safe". Echoing the "Green Cross Code" which is used to remind children how to cross the road safely, kids will be taught to "Zip it, Block it, Flag it".Prime Minister Gordon Brown has said that he hopes that "'Zip it, Block it, Flag it' will become as familiar to this generation as 'stop, lo... read more» The nature of cybercrime is changing (from federalnewsradio at 9-12-2009) Phishing, instant messaging malware, DDoS attacks and 419 scams have been replaced by slicker, more menacing forms of cybercrime over the past year. That, according to Cisco's 2009 Annual Security Report, due to be released today. Cisco also finds that the U.S. lost its traditional position as the world's number-one source of spam. Brazil now holds the world title.... read more» Cisco: U.S. No Longer the Spam Leader (from esecurityplanet at 8-12-2009) Was the Internet a safer place in 2009 than it was in 2008? It all depends on how you look at the data. According to Cisco Systems, 2009 was a good year for at least one key reason: the U.S. is no longer the spam capital of the world. Now it's only number two.... read more» Corporate Information Security Comes Under Attack From Organised Crime as Risks and Vulnerabilities Continue to Grow (from Taragana at 8-12-2009) More than ever, information is regarded by business and corporations as a highly valuable, tangible asset. Unfortunately, this value is also recognised by sophisticated groups able to mount attacks at any time and from anywhere, making organisations even more reliant on their information security team for effective defence. Until recently, the threats to corporate information security came from individual hackers acting alone and largely for the peer prestige they earned but this threat has n... read more» Conficker worm to become a bigger threat in 2010 (from Net-Security at 8-12-2009) Although Microsoft offered a $250,000 reward for information leading to the identities of the cybercriminals behind Conficker, the worm continues to wreak havoc.Since its inception, there have been numerous variants of the Conficker worm. Some variants use the exploitation of the Autorun function for removable drives and media (such as USB portable storage devices) to spread, while others take advantage of weak passwords to infiltrate networks.... read more» Fewer data breaches but more records exposed (from FCW at 8-12-2009) Data breaches are down, but the number of personal records potentially exposed to identify thieves soared this year. There were 444 data beaches this year as of Nov. 24, down from 656 in 2008, according to the Identity Theft Resource Center. If the numbers hold, 2009 will be the first time the group has reported a drop in data beaches since it began counting them in 2005. But the number of personal records exposed has risen to more than 220 million records so far, a sharp increase from 35 mil... read more» Security Fix author named 'cybercrime hero' (from Washington Post at 8-12-2009) Networking equipment maker Cisco Systems Inc this week bestowed a generous honor on the Security Fix author. In its 2009 annual security report released Tuesday, Cisco names Yours Truly as a "cybercrime hero," citing an ongoing investigative series detailing the plight of small businesses that have lost hundreds of thousands of dollars at the hands of malicious software.... read more» Cybercriminals invest in social networking attacks (from SearchSecurity at 8-12-2009) If cybercriminals are now using sound business principles, seeking the best return on investment, where should the malicious entrepreneur sink their money to get the most bang for their buck? The 2009 Cisco Systems Annual Security Report takes a stab at predicting next year's most profitable, least profitable, most promising and most dependable cybercrime investment areas.... read more» True Security Requires Extensive End-User Training (from NetworkWorld at 8-12-2009) I am writing this column on my company-owned laptop while sitting on (mighty uncomfortable) bleachers in a middle-school gym waiting for my daughter’s basketball game to start. This is nothing unusual in this era of the virtual workplace. But it got me thinking about something extremely important: To what extent do I know all of our security policies governing my use of this laptop while working away from the comfortable confines of my office? Or, even in the office—what applications can I in... read more» Is Ankit Fadia selling Viagra? - Someone has hacked India's famous geek's website (from Mid-Day at 8-12-2009) It's a case of a protector turning a victim. The cyber world is buzzing with the news that India's renowned cyber security guru Ankit Fadia's business website been hacked by spammers, who have linked it to a site promoting Viagra.... read more» Copenhagen climate change conference: "Fourteen days to seal history's judgment on this generation" (from BusinessGreen at 8-12-2009) Today 56 newspapers in 45 countries take the unprecedented step of speaking with one voice through a common editorial. We do so because humanity faces a profound emergency. Unless we combine to take decisive action, climate change will ravage our planet, and with it our prosperity and security. The dangers have been becoming apparent for a generation. Now the facts have started to speak: 11 of the past 14 years have been the warmest on record, the Arctic ice-cap is melting and last year's inf... read more» How ICANN Could Make Itself Useful (from internetevolution at 8-12-2009) ICANN has roused itself on the topic of Internet security with a comment that the practice of “redirecting” a failed request to decode a URL into an IP address is inherently insecure. Since redirecting failed DNS requests has been a longstanding ISP practice, it’s hard to see why ICANN has suddenly understood the risks, but it also raises a question of whether there’s more that technology -- and ICANN -- could do in other areas to help secure the Internet.... read more» Zuiker to solve 'Cyber Crimes' (from Variety at 8-12-2009) Ten years after tapping the burgeoning field of criminal forensics to create "CSI," Anthony Zuiker has set his sights on the world of cyber crime. The aptly named "Cyber Crimes" has been given a script plus penalty commitment by CBS. Project reps the first project to come from Zuiker's recently launched Dare to Pass shingle. Hourlong procedural drama centers on a newly formed government agency that fights the modern onslaught of Internet- and technology-driven offenses.... read more» Cyber terrorism a real threat (from ITweb at 8-12-2009) The ecosystem consisting of businesses, governments and end-users is under attack. Every connected person is a target. Every business is under cyber attack and every nation, and the global economy as a whole, is at risk. So says Eugene Kaspersky, CEO and co-founder of Internet security giant Kaspersky Lab, speaking at the New Horizons media tour, in Moscow, last week.... read more» Phishing losses add up (from h-online at 8-12-2009) It's a numbers game – although the number of banking customers who fall victim to phishing attacks is small, it all adds up to a lucrative business for cyber criminals, according to a study by security services provider Trusteer. According to the Trusteer report, in any one phishing attack on a US banking institute, around 13 out of every million customers visit a phishing website, as a result of actions such as clicking on a link in an email, and of these almost half enter their login details o... read more» World Cup 2010 cyber alert issued (from Mybroadband at 8-12-2009) The 2010 football World Cup is just around the corner and many are likely to get caught up in a scramble for tickets. The football fever, coupled with the increased availability of Internet connectivity in South Africa, has led Symantec to predict a rise in World Cup-related spam and phishing attacks as the groups and fixtures for the event are announced. “There will, without a doubt, be a dramatic upsurge in cybercrime once South Africa starts to experience faster broadband speeds and cheape... read more» CA man pleads guilty to Medicare scam, aggravated ID theft (from databreaches at 8-12-2009) The owner of Beltline Medical Supplies, Inc., formerly in Dallas, Texas, pleaded guilty last week to charges of aggravated identity theft. According to plea documents filed in the case, Rafayel Movsesyan, 38, a resident of Los Angeles, California, opened Beltline Medical Supplies, Inc. in Dallas in 2007 and submitted more than $1,028,000 in false claims to the Medicare program. According to an announcement of the plea by U.S. Attorney James T. Jacks of the Northern District of Texas, Movsesya... read more» Will 2010 bring a wake-up call for cybersecurity? (from Government Computer News at 8-12-2009) Protecting the nation’s networked systems from cyber threats is not going to get any easier in 2010, and the cybersecurity community will have to address issues that haven’t gotten a lot of attention in the past few years, according to security experts speaking at the Government Technology Research Alliance Council meeting.... read more» Call 4 papers - SecureCloud2010 (from Europa at 8-12-2009) The first ever international cloud computing security event (i.e. to focus only on state-of-the-art security practices) 'SecureCloud2010' will focus on security, privacy and trust within cloud computing services from technical, legal, (assurance) and governance perspectives. The call (abstracts) are due by 15 Jan 2010. The SecureCloud 2010 conference is organised by ENISA and the Cloud Security Alliance (CSA) in the collaboration of ISACA. It takes place in Barcelona, on 16-17 March, during ... read more» This Month in the Threat Webscape - Month of November 2009 (from Websense Security Labs at 8-12-2009) A fake blog campaign prompts users to install scareware and compromises over a million sites. The compromised sites use automatically generated content in hopes of appearing in search engine queries. When a user clicks on one of these links, he or she is redirected to a fake anti-virus site that displays fake results from a purported virus scan of the user's computer, prompting the user to run an executable. The scareware campaign is triggered only if the visitor is referred to by Google, Yahoo,... read more» Yahoo in legal spat over sensitive document (from v3 at 8-12-2009) Yahoo is in a legal dispute with web site Cryptome after discovering that private information regarding services provided by Yahoo to law enforcement bodies is being made publically available online. Represented by US law firm Steptoe & Johnson, Yahoo has written to Cryptome arguing that it has breached copyright laws by hosting the documents. Advertisement "We ask that Cryptome immediately remove all such infringing material on its web site.... read more» FBI warns law firms about hackers (from Wisconsin Law Journal at 8-12-2009) The FBI has some advice for law firms: Be careful. The agency recently issued a warning alerting firms that what may appear to be e-mails from clients or contacts could instead be from hackers trying to infiltrate law firm databases. The FBI says it has “high confidence” that hackers are targeting legal and public relations firms. “Opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain,” the warning read... read more» Computer Emergency Response Teams fight foreign hackers (from globally at 8-12-2009) A new report suggests that serious attacks on the government’s computers by countries such as Russia and China may be happening more than once a day. Computer Emergency Response Teams at GCHQ are being asked to deal with more that 300 cyber attacks by foreign hackers every year. Many of these hackers are suspected of being funded by foreign governments.... read more» Facebook users fall for rubber duck's friend request (from Computer World at 8-12-2009) Facebook users haven't learned to keep their personal information private, a security researcher said today after his company conducted a test that sent randomly-selected people a friend request from bogus accounts. One of the account profiles sported only an image of a yellow rubber duck, while the other was represented by a pair of cats. The test conducted by Sophos was similar to one the firm did two years ago, said Graham Cluley, a senior technical consultant at the U.K.-based security v... read more» Phishing Attacks Cost Millions Despite Low Success Rate (from EWeek at 8-12-2009) New research from Trusteer shows that while the majority of phishing attacks are unsuccessful, those that slip past security defenses are costing millions. With nearly half of those who click on links to phishing sites giving up their personal information, here are some tips on what you need to do to protect your enterprise. Ever wonder what percentage of people are clicking on those e-mails leading to fraudulent bank login pages? The answer is very little – more than enough for phishers to s... read more» Webmasters targeted in cPanel look-alike phish (from The Register at 8-12-2009) Fraudsters are targeting webmasters in a massive phishing campaign that attempts to trick marks into giving up credentials needed to administer their sites. The emails are sent to customers of some of the world's most widely used webhosts, including GoDaddy, Hostgator, Yahoo!, and 50Webs. Although the subject lines vary, they all purport to come from the hosting service. In all, admins from at least 90 different webhosts are being targeted.... read more» Hacker scalps NASA-run websites (from The Register at 8-12-2009) Miscreants took advantage of weak security to hack into two NASA-run websites over the weekend. The websites of NASA's Instrument Systems and Technology unit and Software Engineering division were broken into and screenshots illustrating the hack posted online. Hackers appear to have taken advantage of SQL Injection flaws and poor access controls in mounting the attack, reports Gunter Ollmann, an ex-IBM security expert who is now VP of Research at security firm Damballa. Obfuscated screens... read more» Google chief: only miscreants worry about net privacy (from The Register at 8-12-2009) If you're concerned about Google retaining your personal data, then you must be doing something you shouldn't be doing. At least that's the word from Google CEO Eric Schmidt. "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," Schmidt tells CNBC, sparking howls of incredulity from the likes of Gawker.But the bigger news may be that Schmidt has actually admitted there are cases where the search giant is forced to release your personal... read more» The Risks of Holiday Online Shopping (from TrendMicro at 8-12-2009) As the holidays kicks off, people are definitely going to be busy searching for the perfect gifts (with the greatest discounts) for their loved ones. However, the increase in number of shoppers during the holidays will most definitely be paralleled by the increase in cybercriminal attacks. In the past, Trend Micro has blogged about how cybercriminals used Google Trends and rigged search results pertaining to popular searches.... read more» Looking back at spam in 2009 (from Net-Security at 8-12-2009) At the end of last year, it was predicted spam volumes would rise slightly higher than 95 percent in 2009 because of a growing use of botnets. Let's see if the prediction came true. In January, France was the most spammed country in the world (83.3 percent of all emails), and virus activity was most pronounced in the UK (1 of every 165.6 emails).... read more» 4 Unreasonable Security Practices You're Probably Following (from Enterprise IT Planet at 8-12-2009) As the year closes out, it's time to look back at security and contemplate what it is we have been doing for so long. The idea of "reasonable" comes to mind in relation to securing the enterprise, and of course all the unreasonable ways we've approached it.... read more» HSBC Accidentally Exposes Bankruptcy Data (from esecurityplanet at 8-12-2009) HSBC Bank officials acknowledged late last week that a bug in its imaging software accidentally revealed the confidential personal information of an unknown number of customers going through bankruptcy proceedings. The data compromised by the bug in the imaging software included HSBC credit card account information as well as line-of-credit and mortgage information included in Chapter 13 bankruptcy proof-of-claims filed electronically.... read more» Episode 28 of the Who and Why Show: The Malware Oscars (from YouTube at 7-12-2009) In the 28th episode of Team Cymru's 'The Who and Why Show', we're joined by Team Cymru's Chas Tomlin for a very special treat! Team Cymru staff present at numerous conferences and closed meetings all over the world. We don't generally share the contents of these presentations until today. Today Chas will run through aceThe Malware Oscarsa, a presentation where he details the main new types of malware we haveve seen recently. This isa three part series due to the time restrictions on YouTub... read more» MK Loses Web Site In Mystery Attack (from themoscowtimes at 7-12-2009) Unidentified hackers have destroyed the web site of Moskovsky Komsomolets in a mysterious attack, said editors for the popular national tabloid. A virus coming from a server based in South Korea “erased” the contents of the web site in 10 minutes, MK web editor Albert Shchegrov said by telephone Friday.... read more» Spreadtweet : Elliott Kember dot Com (from elliottkember at 7-12-2009) So, you work at a big corporate, huh? And you're not allowed to use Twitter... Wouldn't it be awesome if there were a Twitter tool that looked just like Excel? It's Twitter, disguised as a spreadsheet. Choose between Office OSX, Office 2003, and Office 2007.... read more» Tessa Jowell urged to give details of inquiries into phone-hacking (from Guardian at 7-12-2009) The government is being asked to reveal details of cabinet minister Tessa Jowell's involvement in investigations into the News of the World phone-hacking scandal. Liberal Democrat MP Chris Huhne has tabled a question to Ben Bradshaw, the culture secretary, asking exactly what assistance his predecessor gave to the Metropolitan police during their investigation into phone-hacking by the newspaper's disgraced royal editor, Clive Goodman, and private investigator Glenn Mulcaire.... read more» Johnson condemns hacker to Xmas in a US jail (from individual at 7-12-2009) Computer hacker Gary McKinnon is facing Christmas in a US jail after the Home Secretary refused to block his extradition. Alan Johnson finally dashed hopes that the government would intervene in the case, insisting there was no evidence that the extradition would breach Mr McKinnon's human rights. Mr McKinnon's mother Janis Sharp said yesterday that ministers should "hang their heads in shame" for the "barbaric" decision. His legal team is to apply for a judicial review within days, but Ms S... read more» Cybercrime: youth arrested (from The Hindu at 7-12-2009) The Bangalore Cyber Police have arrested a 29-year-old youth hailing from Edava, near Varkala, on charges of misusing the SMS alert facility of ‘Mid Day’ newspaper and sending fake news through it. The Cyber Police team led by Deputy Superintendent of Police Savitha arrested B.F. Feroze on Sunday and produced him in a court at Varkala.... read more» Hacked e-mails to fuel scepticism: De Boer (from Indiatimes at 7-12-2009) The world is entering talks on a new climate pact with unprecedented unity and leaders must seize the moment to create a turning point in the battle against global warming, the UN’s top climate official said on Sunday. At a news conference, Yvo de Boer called on the 192 nations represented at the UN climate summit starting Monday “to deliver a strong and long-term response to the challenge of climate change.’’... read more» IT is most powerful weapon in climate change fight, says ITU (from ComputerWeekly at 7-12-2009) Information and communications technologies are the most powerful tools to stave off potential climate catastrophe, says the secretary general of the International Telecommunications Union, on the eve of the climate change talks that open today in Copenhagen. Hamadoun Toure called on the COP15 delegates not to dismiss how advanced technologies could cut emissions by many industries. He said studies showed that more effective use of ICT could deliver "tremendous" CO2 savings. Some had showe... read more» Seven skills for the future information security profession (from infosecurityadviser at 7-12-2009) 1. An understanding of psychology to plan interventions that can might actually have an impact on the behaviour of staff. 2. Social networking skills to influence and harness the support of large numbers of users and customers over social network. 3. Skills in marketing communications to design compelling, effective awareness campaigns and materials. 4. Strong commercial management skills to specify and manage security across business partnerships and outsourced supply chains. 5. Sop... read more» Technology and Cyber War (from threatchaos at 7-12-2009) A recent spate of news reports and scholarly publications have discussed the policy aspects of cyber war: offensive versus defensive, military buildup, and appropriate reactions. There have been no reports dealing with the technology of engaging in cyber war. There are eleven areas of development in offensive technology to be brought to bear on the problems of cyber war. 1. Vulnerability discovery and exploitation 2. Automation 3. Management 4. Malware 5. Rootkits 6. Backdoors 7. Analysi... read more» Iran Internet access down pre-protests, report says (from CNet at 7-12-2009) Two days ahead of a new round of planned protests against Iranian President Mahmoud Ahmadinejad, Internet access in the nation's capital is largely down, according to Agence France Presse. Sources close to Iran's technical services say the cut to Tehran's outside access was the result of "a decision by the authorities" and not a technical breakdown, the news agency reports. Telecommunications ministry officials were unavailable for comment.... read more» State launches inquiry into records breach (from statesmanjournal at 7-12-2009) A state inquiry is under way to determine whether two state agencies broke Oregon law by dumping records with people's names and Social Security numbers into an open recycling bin. The inquiry follows last Sunday's story in the Statesman Journal, which described mishandling of confidential records by Oregon Housing and Consumer Services and state Parks and Recreation.... read more» The internet's dirty carbon secret (from Guardian at 7-12-2009) We've been told about the environmental costs of motoring, industrial farming, long-haul flights, big oil, deforestation in the Amazon and buying sweat-shop produced, throwaway fashion. Some of us have taken this advice on board, cycling more, flying less, choosing renewable energy schemes, and seeking out ethical, organic products. We can make these choices because appliances and cars are rated according to their energy consumption, and Fairtrade or organic products have prominently displayed c... read more» World Cup to bring more crime (from Fin24 at 7-12-2009) The 2010 Fifa World Cup may bring more than a flood of tourists to South Africa; cyber crime and viruses are also likely to increase dramatically, experts at the international computer security firm Kaspersky Lab have said. "The 2010 World Cup poses a major threat," said Garry Kondakov, MD of Kaspersky Lab for Eastern Europe, the Middle East and Africa. "Computer or electronic attacks are about business - criminal business. All the malicious software that is created and distributed is beca... read more» Gangs staking out new turf on the web (from indiana gazette at 7-12-2009) For a while now, the Barrio Van Nuys street gang has been claiming a version of the New York Yankees' interlocked NY logo as its own. By trimming the tail off the 'Y,' the famous Major League Baseball trademark is turned into an interwoven VN, standing for Van Nuys. The gang is touting its Yankee-esque symbol on social networking Web sites and YouTube. It's just one example of what law enforcement says is an increasing trend among gangs to use cyberspace to broaden their appeal, boast of i... read more» The Hacker: Ease winter of discontent by kicking or throwing the ball (from Independent at 7-12-2009) Winter is the happiest time for hackers. If the course is closed, as many have been over the past few weeks, you can't make a fool of yourself; if it's open you can blame the wind or the rain for your shortcomings. More importantly, they don't play medals from November to March so you are spared that ritual humiliation of failing to break 100.... read more» NZ Privacy Commissioner annual report finds security gaps (from databreaches at 7-12-2009) The New Zealand Privacy Commissioner, Marie Schoff, has presented the annual privacy commissioner’s report for the period ending June 2009. The report indicates that privacy concerns are on the increase, particularly with respect to businesses and the Internet. From the report, the section on portable storage devices [PSDs] in the government sector: Our survey of the 42 main government agencies showed PSDs were widely used but that there were real gaps in security procedures and practices.... read more» Man Downloads Child Pxxx 'Accidentally', Faces Up To 20 Years in Prison (from Mashable at 7-12-2009) Downloading child pornography is not a crime to be taken lightly. While we’ve all seen the To Catch a Predator episodes, it may come as shock to find out that the mere presence of child pornography on your computer’s hard drive is enough to send you to prison for 20 years. Matthew White of Sacramento is learning this lesson the hard way. The 22 year-old man is facing hard time for downloading child porn, “accidentally.”... read more» HealthSec '10 Draft Call for Papers - 1st USENIX Workshop on Health Security and Privacy (from USENIX at 7-12-2009) USENIX HealthSec '10 will be co-located with the 19th USENIX Security Symposium (USENIX Security '10), which will take place August 11–13, 2010. There is an increasing trend toward moving medical information to digital systems. This trend has materialized in the form of medical information sharing—both within internal and federated medical systems and in cloud systems such as Google Health and Microsoft HealthVault. HealthSec is intended as a forum for lively discussion of aggressively inn... read more» UK Met Office to publish climate records (from CNN at 7-12-2009) The UK's weather service, the Met Office is to publish station temperature records that make up the global land surface temperature record. Professor John Mitchell, director of climate science at the Met Office told CNN: "We are releasing the data to reassure people that climate data is sound." The data includes information from more than 1000 stations worldwide and will be published online next week.... read more» Were Russian security services behind the leak of 'Climategate' emails? (from dailymail at 7-12-2009) Suspicions were growing last night that Russian security services were behind the leaking of the notorious British ‘Climategate’ emails which threaten to undermine tomorrow’s Copenhagen global warming summit. An investigation by The Mail on Sunday has discovered that the explosive hacked emails from the University of East Anglia were leaked via a small web server in the formerly closed city of Tomsk in Siberia.... read more» Hackers Attempt to Access Canadian Government Centre for Climate Modeling and Analysis (from dmnnewswire at 7-12-2009) On the heels of the controversial story about emails and data stolen by hackers from the Climate Research Unit at the University of East Anglia, it has now been revealed that individuals posing as network technicians attempted to infiltrate another climate data center operated by the Government of Canada. According to sources at the University of Victoria, two people claiming to be network computer technicians presented themselves at the headquarters of the Canadian Centre for Climate Modelin... read more» Top 10 Great Britons in IT history (from v3 at 6-12-2009) Never let it be said that we never listen to our readers. A previous Top 10 list attracted the comment that we were being too US-centric in our lists and to make up for it here's a list of the Top 10 British people in the history of IT. It's a diverse bunch of people. Britain has a long history of inventors and was in the vanguard of computer development, particularly in its early stages. Many people here have long since turned to dust, but that said half of those listed are still alive and I... read more» Anti-Israel Hacker Attacks Five Towns Jewish Times (from IsraelNationalNews at 6-12-2009) The website of the Five Towns Jewish Times newspaper was hacked on Saturday by a self-identified Turkish Muslim. When readers attempted to access the site on Saturday night they saw images of burning Israeli flags and a video demonizing former Prime Minister Ariel Sharon. The Five Towns Jewish Times is a weekly newspaper serving the Long Island, Brooklyn and Queens areas of New York. The Paper's Israel correspondent, Samuel Sokol, told Israel National News that “vandalism cannot stifle a fre... read more»