Saturday, December 26, 2009

Internet Security News: December 26th

This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 

Visit them at or email for more information on their available services.

Kaspersky Predicts Online Threats for 2010

(from spamfighter at 26-12-2009)

According to the security experts from Kaspersky Labs, in the next year (2010) the form of cyber assaults against users will change from assaults launched through applications and websites to those launched via file-sharing or P2P networks. The firm observed that attackers were popularly using the services due to their important role in distributing a large number of malicious infections, including for a very famous malware code for OS X.... read more»

F-Secure Predicts E-Threats for 2010

(from spamfighter at 26-12-2009)

Internet security firm F-Secure, during the third week of December 2009, released a list of probable e-threats for 2010. The list reveals that the market share of Windows 7 will increase in 2010. Conversely, the overall market share of Windows XP will fall below 50%. Consequently, security will be enhanced and easy assaults in wealthy nations will get reduced. However, malicious assaults will shift to countries still using XP, especially developing countries.... read more»

SQL Injections Looming on Private and Public Websites

(from spamfighter at 26-12-2009)

According to the X-Force security team of IBM, recent months have seen online assaults against databases, using the technique of SQL injection. An SQL injection attack involves the insertion of malware into an application to make the program issue illegitimate SQL commands so that the attacker can gain control over it for carrying out his sinister operations.... read more»

Hackers' attacks rise in volume, sophistication

(from SFGate at 26-12-2009)

Security experts describe the typical hacker of 2009 as more sophisticated, prolific and craftier than ever. If anything, criminals will be remembered by the sheer number of attacks they unleashed upon the Web. While the year didn't see many technological leaps in the techniques hackers employ, they continued to expand their reach to every corner of the Internet by leveraging social media, infiltrating trusted Web sites, and crafting more convincing and tailored scams.... read more»

Pre-Christmas DoS attack hits UltraDNS

(from thetechherald at 26-12-2009)

Limited to Northern California, earlier this evening, late last night for some of you, UltraDNS was hit with a Denial-of-Service attack that lasted for about an hour, which was felt by thousands of last minute shoppers online. The reach of the one hour outage is unknown as to its scale, but Amazon, as well as sites using Amazon’s EC2 and S3 services, experienced slowdowns or outright outages. While there was no real statement, Jeff Barr, the Lead Web Services Evangelist at, noted d... read more»

Top 10 most read news articles of 2009

(from at 26-12-2009)

The biggest news story of 2009 with readers concerned the Conficker worm, which managed to infect a whopping nine million Windows PCs in just seven days in January. This was despite the fact that Microsoft had patched the vulnerability four months previously. It's a perfect example of why we should all keep our systems up to date with the latest fixes. The second most popular story was about Google pouring cold water on a theory that lines on the ocean floor revealed by its mapping t... read more»

NIST Ready to Take On New Cybersecurity Tasks Cybersecurity

(from govinfosecurity at 26-12-2009)

Among the biggest fans of the National Institute of Standards and Technology are members of Congress familiar with safeguarding government IT systems who are sponsoring legislation to give NIST even more responsibilities in developing cybersecurity metrics. One measure increases NIST's role in developing international cybersecurity technical standards. It also charges NIST with creating IT security awareness and education campaigns for the public, improving inoperability of identity managemen... read more»

Inmate gets 18 months for thin client prison hack

(from The Register at 26-12-2009)

A former prison inmate has been ordered to serve 18 months for hacking the facility's computer network, stealing personal details of more than 1,100 of its employees and making them available to other inmates. Francis G. Janosko, 44, received the sentence earlier this week in federal court in Boston after pleading guilty to the hacking offenses in September.... read more»

More on Troj/JSRedir-AK - Large numbers of sites affected

(from Sophos at 26-12-2009)

Since first releasing detection (2 days ago) for Troj/JSRedir-AK SophosLabs have seen thousands of websites affected by it. Since blogging yesterday we have seen a few minor variants and have had to update the our detection. One of the updates has been to detect the malicious script when appended to HTML files within script tags as well as being appended to JavaScript files.... read more»

Top 10 scams, ripoffs

(from sanmarcosrecord at 25-12-2009)

• Weight Loss Pill Free Trial Offers • Mystery Shopping • Lottery Scam • Friend/Family in Distress • Rescue/Debt Assistance • Phishing E-Mails/Spam • Job Hunter Scams • Memorabilia • Robocalls • Google Work from Home Scams... read more»

Watch your cyber steps this festive season

(from Indiatimes at 25-12-2009)

This festive season can bring some unpleasant gifts for online shoppers. From fake Santa links, to Christmas themes on social networking sites that install botnets, to shopping websites that steal credit card details, hackers are on the prowl. There are already reports that computers in India also have been compromised.... read more»

Top 10 highs and lows of 2009

(from v3 at 25-12-2009)

HIGHS 1. Windows 7 2. Apple defying the market 3. Android 4. Spam host shutdowns 5. Software-as-a-service LOWS 1. Job cuts 2. Digital Economy Bill 3. Budget cuts 4. Network neutrality 5. Botnets menace the web... read more»

Top 10 Nessus Plugins For 2009

(from tenablesecurity at 25-12-2009)

1. Enhanced Web Application Testing Plugins. 2. Microsoft Windows SMB Shares Access. 3. Backported Security Patches (HTTP) 4. Conficker Detection (uncredentialed check) 5. Dell Remote Access Controller Default Password (calvin) for 'root' Account 6. Malware Infected Host 7. USB Drives Enumeration 8. PCI Test Requirements 9. Windows Remote Registry Enable/Disable 10. DD-WRT HTTP Daemon Metacharacter Injection Remote Code Execution.... read more»

In and Out bound Protection of Data in Motion

(from gssamericainfo at 25-12-2009)

Reliable data security from leading products and expertise – clients rely on the GSS America advantages, proven in many real-world client implementations, to protect against attack. Business continuity preserved – users are safe and the network remains available. Incoming threats are blocked, including viruses, trojans, spyware, DOS attacks, and exploits of browser vulnerabilities.... read more»

Social and SEO attacks, DDoS key vectors in 2010

(from securityvibes at 25-12-2009)

Next year will see rising IT budgets, massive politically-motivated DDoS attacks and continued social media hijacking, according to security experts. While the UK remains in recession according to the latest Office for National Statistics data, the US is expecting a financial lift for IT next year, claim analysts.... read more»

Hacker Breaks Kindle's Proprietary E-Book Protection

(from enterprise-security-today at 25-12-2009)

Internet retailer had all the luck in getting its family of proprietary Kindle e-book readers into the hands of consumers while its rivals were faced with delays, but its luck may have turned. The Kindle's copyright protection has been hacked. An Israeli hacker who goes by the name Labba says he has been able to break the Kindle's digital-rights management protection, allowing its electronic books to be viewed on non-Kindle devices.... read more»

Global Spam King Fined in Australia

(from enterprise-security-today at 24-12-2009)

A New Zealander was fined by an Australian court Tuesday after a guilty plea over his part in a syndicate capable of sending 10 billion spam e-mails a day. Lance Atkinson, was fined 210,000 Australian dollars (189,000 US dollars) for breaching the Spam Act 2003 in a case brought by the Australian Communications and Media Authority.... read more»

6 security trends to watch in 2010

(from Government Computer News at 24-12-2009)

Security became a watchword for the nation during the first decade of the new millennium. The events of Sept. 11, 2001, exposed, in a single day, our many vulnerabilities and focused the nation like never before on securing the homeland from threats on many fronts. The quest for security continues as we enter 2010 facing persistent as well as emerging threats and risks, which include increasingly sophisticated and difficult-to-detect cyber attacks and new vulnerabilities and challenges relat... read more»

I had a data breach, Now What?

(from Spaces.Live at 24-12-2009)

Hopefully you won’t have to answer this question, but more than likely you will. The headlines are full of stolen documents or hacked databases, but most of the data breaches never see the light of day. Why not? Because no one wants to talk about their failures and vulnerabilities. If I tell you that your confidential information is now making its way around the Internet, you will lose confidence in me.... read more»

OSCON 2010 - O'Reilly Conferences, July 19-23, 2010 at the Oregon Convention Center in Portland, Oregon

(from Oreilly at 24-12-2009)

OSCON brings together over 2,500 experts, visionaries, and hackers in the trenches to explore all that open source has to offer. OSCON is the premier gathering place to gain exposure to and evaluate the new projects, tools, services, platforms, languages, software, and standards sweeping through the open source community. Whether you want to make it faster, more effective, or more efficient, open source helps you make it happen for the long term.... read more»

Credit card provider suffers breach, personal data lost

(from Net-Security at 24-12-2009)

MBNA, the UK’s largest credit card provider, has confirmed that a laptop containing the personal details of its customers has been stolen from one of its third party contractors – NCO Europe Ltd – earlier this month. The information is said to include personal details, however, no PIN numbers were reported to be contained in the stolen data.... read more»

2010 Threat Predictions: Staying Ahead of the Threat Curve

(from lumension at 24-12-2009)

For those who are determined to stay with the status quo regardless of the documented historical results, let’s take a look at what lies ahead for you in 2010: 1. Web 2.0 tools will become a hacker’s best friend. 2. Traditional IT security approaches are not enough. 3. The scope of data sold on the black market will widen. 4. Believe it not, people will continue to “not get” patch management.... read more»

Web staggers under pre-Christmas DDoS attack

(from CNet at 24-12-2009)

Updated 6:10 p.m. PST: A customer support representative for Neustar, the company that provides the UltraDNS service to several e-commerce sites, confirmed that its network was hit by a DDOS attack targeting their California network in Palo Alto and San Jose. As of 6:15 p.m. PST, things seemed back to normal. The Internet Health Report also showed an improvement on the Qwest-Savvis line noted earlier, and Amazon's Web Services dashboard confirmed that while there were problems resolving DNS ... read more»

Warning Out About Scammers Posing as Census Workers

(from newson6 at 24-12-2009)

U.S. Census workers will begin gathering information about you within the next few weeks. Someone from the bureau is likely to show up on your doorstep and speak with you face to face.But now scammers are posing as government workers to try to get access to your bank and credit card accounts. This has become such a problem that the Better Business Bureau put out an alert warning people not to give any information bank or credit card account to anyone claiming to be Census workers.... read more»

Major security myths of 2009

(from TechRepublic at 24-12-2009)

To help prepare readers for the future, I’ll share my thoughts on ten major security myths I have encountered in 2009. Each of these is chosen for its prevalence, its perniciousness, or its publicity this year. They may even have been chosen for other reasons that begin with P. 1. Myth: Doing something right means you’re doing nothing wrong. 2. Myth: Anonymity and verification are mutually exclusive. 3. Myth: The GPL is needed to encourage project success. 4. Myth: Ubuntu Linux is the most... read more»

Malware makers colocate servers, grab IPv4 address blocks

(from Arstechnica at 24-12-2009)

Malware distributors, apparently tired of facing the constant threats of disconnection, are taking advantage of lax background checks in the system for distributing IP address blocks and buying them directly. Address blocks, which cover a contiguous range of IP addresses, are typically reserved for legitimate institutions and businesses that can demonstrate a need for that sort of allocation. But, at the top level, there are only five regional registries, most of which cover large and cultur... read more»

FBI Estimates Consumer Losses of over $150 Million to Rogue Anti-Virus

(from TechWhack at 24-12-2009)

In its press release last week, the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center (NW3C) reported that “the FBI is aware of an estimated loss to victims in excess of $150 million” from “Rogue” Anti-Virus. As part of his Internet Security Insider video blog series, Comodo CEO Melih Abdulhayoglu offers his unique, insider viewpoint on this type of threat and what to do about it.... read more»

Lawyers scared of computers - Fear of own incompetence kills trees

(from The Register at 24-12-2009)

A Crown Court judge has blasted a lawyer's excuse for printing huge bundles of documents rather than delivering them on disc. The telling tale arrives via The Mirror's crime correspondent Jon Clements, who reports that at Wood Green Crown Court on Monday, Judge Francis Sheridan inquired as to why a pile of documents for a jury couldn't be delivered digitally. The paper version was said to be several inches thick.The CPS counsel told him: "We can't put that amount of personal data on a disc in... read more»

Crown Prosecution Service too scared to use computers now

(from Mirror at 24-12-2009)

Insight into how pathetically risk averse and weedy some of our institutions have become yesterday at Wood Green Crown Court. Prosecutors were discussing with Judge Francis Sheridan the arrangements for a trial involving a huge amount of information, facts and figures which the jury would have to refer to during evidence. His Honour was staggered to learn the Crown Prosecution Service planned to print off all the pages and give them in a traditional "bundle" which would have been several inch... read more»

Publisher asks Google, AT&T to unmask network intruder

(from The Register at 24-12-2009)

A federal judge has cleared the way for the publisher of GQ magazine to subpoena Google and AT&T in an attempt to learn the identity of a computer intruder who stole unpublished editorial content and posted it online. Sometime in September, an unknown thief accessed the computer network of Conde Nast and made off with more than 1,100 files containing pictures and editorial content for the December issue of GQ, Vogue and Lucky magazines, according to papers filed in US District Court in Manhat... read more»

2010 data security trends: External attacks from the inside

(from Net-Security at 24-12-2009)

Generally, companies have viewed attacks as either coming from outside the network perimeter or from internal users abusing privileges. However, the line between internal and external is blurring as a result of several new attack vectors: Organized crime targeting specific companies by inserting “sleepers” to infiltrate the organization as employees or contractors, solely for the purpose of gaining access to sensitive data ... read more»

Greatest security threats to education

(from Net-Security at 24-12-2009)

With education-related cyber-security threats expected to rise in 2010, WatchGuard is predicting the top threats facing schools, colleges and universities. Top threats include: Social Networks The number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing and more. Adding to this, socia... read more»

The 5 essential patches of 2009

(from NetworkWorld at 24-12-2009)

Fact: Everyone who patches is safer. Fact: Not everyone patches. The gap between the two facts is too deep for even security experts to explain, although they try, with theories running from the conspiratorial -- pirates hate to patch, they say, because they're afraid vendors, Microsoft mostly, will spy them out -- to the prosaic ... that people are, by nature, just lazy.... read more»

Smartphone Attacks, Rogue Antivirus, Cloud Breaches Top 2010 Security Concerns

(from CIO at 24-12-2009)

The rise of the Conficker worm and Heartland Payment Systems' enormous data breach were two defining security events in 2009. What's in store for 2010? "It's going to get worse," says Patrik Runald, senior manager of security and research at Websense, who argues there has not yet been a year when things got better in terms of security and the wider Internet. Criminals have been mastering botnets, phishing scams and fake antivirus software sales, and 2010 will bring new waves of attacks that e... read more»

Pharma link spammers invade Live Space

(from The Register at 24-12-2009)

Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targetting Microsoft's web properties. Search engine poisoners are actively making use of Microsoft’s Windows Live Spaces blog hosting environment, net security firm eSoft reports. Miscreants are creating accounts which they use only to push links to the pharma-fraud sites. As a result the search engine ranking of these spamvertised ... read more»

Briton faces fraud charges over international debit card scam

(from Timesonline at 24-12-2009)

A British man has appeared in an Australian court to face charges over a multi-million dollar scam which police allege is the country’s largest debit card-skimming operation. British national Elangovan Ganeshamoorthy was extradited across the country from Sydney to Perth, in Western Australia, where the 36-year-old appeared in court on Wednesday. He faces charges of conspiracy to defraud following an international police investigation.... read more»

Verizon Enlists Top E-threats for 2009

(from spamfighter at 24-12-2009)

Verizon Business in its latest security report highlights 15 most prevalent malicious attacks for 2009. These were spyware, SQL injection and remote control program attacks that targeted a large number of businesses. The report states that spyware and keyloggers were responsible for 19% the total data hacks during 2009. On the other hand, SQL injection and remote control program attacks accounted for 18% of the total incidences. Other attacks, though with very low impacts, were brute-force ha... read more»

Know What Data is Being Collected, and Why

(from Cisco at 24-12-2009)

Privacy and information leakage has become one of my favorite topics on the Security blog. It seems that an enormous amount of information is being willingly plastered all over the Internet, from which significant value can be extracted (especially when combined with other public, or more likely private, datasets). The results are mind-boggling, and the implications are not fully comprehensible.... read more»

Basic Laptop Security Prevents Identity Theft

(from information-security-resources at 24-12-2009)

In 2003, an estimated 1.5 million laptops were stolen worldwide. Today, that number has climbed to 2.6 million. That’s a 70% increase in just a few years. That’s one stolen laptop every 12 seconds. Laptop computers have been the source of some of the biggest data breaches of all time. 800,000 doctors were recently put at risk for identity theft when a laptop containing their personal data went missing from the Chicago-based Blue Cross and Blue Shield Association.... read more»

Inmate Gets 18 Months for Hacking Prison Computer

(from CIO at 24-12-2009)

A former Massachusetts prison inmate has been given an 18-month prison sentence for hacking prison computers while he was incarcerated. Francis "Frank" Janosko, 44, was sentenced Tuesday in Federal court in Boston for abusing a computer provided by the Plymouth County Correctional Facility. The computer had been set up to help inmates with their legal research. In 2006, Janosko managed to circumvent computer controls and use the machine to send e-mail and cull data on more than 1,100 Plymo... read more»

Top 10 Countries Sending Spam (Dec 14-Dec 20)

(from icsalabs at 23-12-2009)

As spam originating in other countries in the top 10 fell last week, spam from India, China, Colombia, and Argentina increased. Most notable were the large jump in spam originating in India and the drop in spam originating from Vietnam compared to the week before.... read more»

Northern Ireland DFP rapped over data loss

(from ZDNet at 23-12-2009)

Northern Ireland's Department of Finance and Personnel has been penalised by the Information Commissioner's Office for a major loss of people's personal data. The department has been made to sign a formal undertaking to improve data security after it had 12 laptops stolen, two of which contained personal data on approximately 37,000 people. This included payroll, employment and health data, although not all records contained these categories.... read more»

Keep children safe on social-networking sites

(from computeractive at 23-12-2009)

If chatter about social-networking sites and instant messaging (IM) bewilders you or leaves you cold, don’t worry. Opinion tends to be pretty equally divided as to their worth. At best, many detractors dismiss sites such as Facebook or Twitter or tools such as Aim and Windows Live Messenger as a waste of time. At worst they are perceived as a grievous threat to society and to our and our children’s safety. Social-networking sites are websites that enable people to publish and share informatio... read more»

China outlines new web site regulations

(from v3 at 23-12-2009)

The Chinese Ministry of Industry and Information Technology (MIIT) has issued new internet regulations which could mean that many overseas web sites will be unavailable to Chinese readers. MIIT now demands that all domain management companies and internet service providers (ISPs) tighten controls over domain registration as part of the government's anti-pornography campaign.... read more»

Beware of Christmas presents with non-volatile memory

(from h-online at 23-12-2009)

While everyone likes Christmas presents, recipients are well advised to supplement their joy with a small measure of distrust if they receive USB flash drives, MP3 players or digital photo frames. This applies to home as well as business users. These devices may contain malware – whether this was intended by the sender or not. Although applications on USB flash drives can normally only be started by the user, connecting any external flash memory device to a Windows PC can potentially lead to ... read more»

Decline in Web, increase in P2P attacks predicted for 2010

(from Arstechnica at 23-12-2009)

Cybercriminals have already begun shifting their focus from websites to file-sharing networks when it comes to dispensing malware, and will continue with this trend throughout 2010. Security researchers at Kaspersky Labs predict that malicious applications, such as fake antivirus programs, will be on the decline next year as attacks over P2P go up, while more criminals look to target victims via mobile platforms. In its 2010 Cyberthreat Forecast, Kaspersky Lab said that it expects an increase... read more»

Companies never safe from cybercrime: Symantec boss

(from Sydney Morning Herald at 23-12-2009)

IT managers who believe they are protected against cybercrime should think again, according to the boss of the world's largest security company. Enrique Salem, president and CEO of Symantec, owner of Norton and Message Labs, said in an interview the business of cybercrime had become so professional, no implemented solution was protected from future advances in criminal attacks. “We have countries attacking countries, criminals attacking individuals," he said.... read more»

The Top 10 tech trends of 2009

(from CNN at 23-12-2009)

Engineers didn't make huge improvements to technology in 2009. The year's big tech names -- Twitter, Facebook, Google, Apple, Amazon -- all existed before January. Instead, this is the year technology changed us. At year's end, we're connected to each other and to the Internet like never before. In 2009, we carried tiny computers in our pockets, through which we fed the Internet constant real-time info about where we were and what we were doing.... read more»

Mobile networks line up to bash net snooping plan

(from The Register at 23-12-2009)

Every UK mobile network has serious objections to plans to intercept and store details of every communication via the internet, Home Office documents reveal. Submissions to a government consultation from 3, O2, Orange, T-Mobile and Vodafone highlight the strength of industry concern over the Interception Modernisation Programme (IMP), which aims to capture lists of online contacts and log all website visits and VoIP calls.... read more»

China moves closer to a smut-free internet

(from The Register at 23-12-2009)

China, which last week effectively ended its citizens' right to register a .cn web address, will now only allow access to websites which have been fully registered with the authorities. Individuals will now need a business licence to register a web address. The Ministry of Industry and Information released more details of measures it says are designed to remove pxxxographic content from China's version of the internet. The reality is that changes are likely to remove a lot more than just smut... read more»

Marcus Ranum: The Biggest Security Threats Getting the Least Attention

(from Bankinfosecurity at 23-12-2009)

Marcus Ranum has a unique take on the biggest information security threats to organizations and individuals. A renowned expert in secure systems and design, Ranum, currently the CSO of Tenable Network Security, offers a new look at topics such as the risks of cloud computing and what he calls the myth of cyber warfare.... read more»

BlackBerry Service Hit by Second Outage in a Week

(from PC World at 23-12-2009)

An outage hit BlackBerry smartphone service in the Americas on Tuesday night, operator Research In Motion confirmed via its support service. The outage is the second to affect users in less than a week. "Some BlackBerry customers in the Americas are currently experiencing delays in message delivery," said a recorded message on the BlackBerry support phone line. "Our technical teams are actively working to resolve this issue for those impacted. We apologize for any inconvenience."... read more»

Intel Breach Reveals Passport Information

(from praetorianprefect at 23-12-2009)

Unu, has demonstrated an attack on an Intel web property. This site handles online registrations for channel partner events and that has been demonstrated to have a SQL injection vulnerability that outputs a database table appearing to contain personally identifiable information (PII). It is unclear whether Intel has been notified ahead of the blog post, but the affected web site has been taken down.This web site has been the subject of a previous attack... read more»

Cyber criminals become their own ISPs

(from Help Net Security at 23-12-2009)

Hounded by law enforcement agencies and security experts, cyber criminals have been witnessing the ISPs and hosting providers of their botnets being shut down at a greater pace then ever. But, where there's a will, there's a way, and the answer to this problem seemed obvious - they would set up their own data centers, be their own ISPs. While this is difficult to achieve in the U.S. region.... read more»

As attacks increase, U.S. struggles to recruit computer security experts

(from Washington Post at 23-12-2009)

The federal government is struggling to fill a growing demand for skilled computer-security workers, from technicians to policymakers, at a time when network attacks are rising in frequency and sophistication. Demand is so intense that it has sparked a bidding war among agencies and contractors for a small pool of special talent: skilled technicians with security clearances. Their scarcity is driving up salaries, depriving agencies of skills, and in some cases affecting project quality, indus... read more»

Hackers break Amazon's Kindle DRM

(from The Register at 23-12-2009)

An Israeli hacker says he has broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices. The hack began as an open challenge in this (translated) forum for participants to come up with a way to make ebooks published in Amazon's proprietary format display on competing readers. Eight days later, a user going by the handle Labba had a working program that did just that.... read more»

Ten 2010 IT Security Predictions, Part 2: Schmidt and ICSA Labs

(from CSOonline at 23-12-2009)

As 2009 draws to a close and a new decade dawns, CSOonline has reached out to some of the industry's best known security pros in search of insight on what the next 12 months and beyond have in store for our IT and cyber infrastructure. We started last week with Mark Weatherford, chief information security officer for the State of California, and Dan Kaminsky, network security specialist, director of pen testing at IOActive and discoverer of last year's massive DNS flaw.... read more»

ENISA Quarterly Review, 4th Quarter 2009 - Resilience, Incident Reporting and Exercises - Awareness Raising and Security Status

(from Enisa at 22-12-2009)

This edition includes articles following an open call for contributions. Here is a quick sample of the articles you will find in this issue organised in thematic areas: * A Letter from the Executive Director * A Word from the Editor * Resilience - Measuring Resilience - the Next Challenge - ENISA's Good Practice Guide on National Incident Reporting Schemes - Good Practice Guide on National Exercises - The ENISA Virtual Working Group on Providers' Measures for Resilience * Awa... read more»

The Effectiveness of Antivirus on New Malware Samples

(from Cisco at 22-12-2009)

During the course of security research we often acquire new malware samples. We typically first try to determine what we have acquired and if it is a new or otherwise unknown malware sample or if it is a mutation of something that we have already seen. There are several ways in which a sample can be tested, but the simplest way is to compare the MD5 checksum of the malware sample against other known checksums—several services exist where you can look up the hash of a sample, such as Malware Hash... read more»

PennDOT computer heist remains unsolved

(from Citizensvoice at 22-12-2009)

Three years after a mysterious heist of computer equipment from a state driver's license center, police are still unsure why the crooks targeted the state Department of Transportation building. The motive behind the sophisticated November 2006 burglary at the Wilkes-Barre Driver's License Center baffled police. They wondered whether the motive was to access personal information for identity theft, or maybe use the equipment to produce fake identification cards.... read more»

FISMA compliance for federal cloud computing on the horizon in 2010

(from TechTarget at 22-12-2009)

At the end of 2009, cloud computing isn't a bright, shiny toy on the horizon for the enterprise or government. IT professionals, by and large, know what cloud computing is, though they are still skeptical. They just aren't sure if they want to adopt the public cloud, especially for sensitive data or mission-critical applications. Inc. has completed a Statement on Auditing Standards (SAS) No. 70 Type II compliance audit of its Amazon Web Services cloud computing service, but enterpr... read more»

Community colleges' library server hacked

(from fayobserver at 22-12-2009)

Nearly 51,000 people in North Carolina are finding out that about four months ago someone hacked into a library server containing their personal information. Megen Hoenk, a spokeswoman for the state Community College System, said the hacker did not access Social Security numbers or driver's license numbers, which were stored on the server.... read more»

Calling on Leakers to Help Document Local Misdeeds

(from nytimes at 22-12-2009)

The organization has applied for a $532,000 two-year grant from the Knight Foundation to expand the use of its secure, anonymous submission system by local newspapers. The foundation’s News Challenge will give as much as $5 million this year to projects that use digital technology to transform community news.... read more»

Best and worst of 2009: Internet finds

(from washingtonpost at 22-12-2009)

1. Neda Proof that memes can be meaningful, the video and Twitter tributes to a young Iranian woman's death galvanized a movement -- online and in real life. JK Wedding Entrance Dance 33 million YouTube viewers might disagree, but something as stunty as a choreographed wedding march should have been either a whole lot better or a whole lot worse.... read more»

Security: Cybercrime Vulnerabilities and Targets in 2010

(from channelinsider at 22-12-2009)

Cloud computing and virtualization may promise big business benefits, but a new future threat report from security vendor Trend Micro says these very technologies may increase cybercrime by criminals looking to exploit them. And that’s just the beginning. Channel Insider takes a deeper look at the report’s biggest threat predictions for enterprises and end users.... read more»

International School Safety Convention to be held in Denver, April 22-23, 2010

(from School Safety Partners at 22-12-2009)

Organized and moderated by international school safety leader Michael Dorn, in association with the Denver-based groups, School Safety Partners and the Foundation for the Prevention of School Violence. Designed for decision-makers and influencers: * Lawmakers * Foundation Executives * Federal Agency Executives * State Education Leaders * Superintendents * Private Sector Executives * Grant Project Managers * School Safety Center Executives * Inter... read more»

Five Myths About Cybersecurity

(from executivebiz at 22-12-2009)

The Internet is the global communications and information infrastructure that provides the medium for communication and computation that facilitates the provisioning of numerous applications and infrastructure services, including e-mail, on-line banking, data storage, and quantum computing power. It brings with it promises of economic development and prosperity, scientific discovery, increased political participation, and ever changing social networks through which we are connected in ways once... read more»

Kaspersky issues 2010 cyberthreat predictions

(from iTWire at 22-12-2009)

According to security vendor Kaspersky Lab, 2010 will see several changes in the nature of malware and how it spreads, including new attacks on mobile platforms. Kaspersky has released its "2010 Cyberthreat Forecast," making six predictions about the nature of the security landscape next year. First, Kaspersky predicts "a rise in attacks originating from file sharing networks" accompanied by a shift away from attacks via websites and applications.... read more»

Top 8 Security Threats of 2010

(from Bankinfosecurity at 22-12-2009)

Over the past several years, law enforcement investigations into cyber crime have uncovered global networks of organized crime groups, including overseas criminal organizations (many based in Eastern Europe) that hire and direct hackers. Rob Lee, senior forensics investigator at Mandiant, a risk assessment firm, says the battle between "us and them" increasingly pits the financial services industry against organized crime organizations. "The days of the Maginot line of information security ar... read more»

Top 10 Identity Theft Predictions For 2010

(from information-security-resources at 22-12-2009)

More Scams: The recession will lead to more scams. Whenever our nation has faced a difficult time, thieves have found a way to use the problem to their advantage. In my adult life, I’ve never seen more variations of old scams and the degree of sophistication in newer scams. 2. Job Scams: Criminals will take advantage of increasing unemployment rates by tricking desperate people searching for job listings. These fake job listings and work-at-home scams will eventually end with the job seeker p... read more»

White House Picks New Cyber Coordinator

(from The New York Times at 22-12-2009)

The White House has tapped a corporate cyber security expert and former Bush administration official to lead the effort to shore up the country's computer networks and better coordinate with companies that operate 80 percent of those critical systems. Howard A. Schmidt, a former eBay and Microsoft executive, will become the government's cyber security coordinator, weathering a rocky selection process that dragged on for months, as others turned the job down.... read more»

O2’s network crashes again

(from IT Pro at 22-12-2009)

O2 has again left its customers with data problems across its network and has yet to indicate when things will be up and running. The mobile provider confirmed via Twitter yesterday that some of its customers were having data problems and said the services would be back up that night. Today, the company tweeted just after midday saying the problem was still affecting customers, but this time offered no deadline for a fully functional service.... read more»

auDA: No govt request to kill Conroy site

(from ZDNet at 22-12-2009)

Australian Domain Name Administrator (auDA) decided to place newly registered domain on the pending deletion list using its own procedures, not because of a request from the Communications Minister, the administrator said today. "We were not contacted by anyone in the government," auDA CEO Chris Disspain told "This was picked up by our normal checks and balances." The site was being used to lambast Stephen Conroy's internet service provider level filteri... read more»

Microsoft's 'whitelist' helps hackers, says Trend Micro

(from ComputerWorld at 22-12-2009)

By recommending that users exclude some file extensions and folders from antivirus scans, Microsoft may put users at risk, a security company said today. In a document published on its support site, Microsoft suggests that users do not scan some files and folders for malware as a way to improve performance in Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008 and Server 2008 R2. "These files are not at risk of infection. If you scan these files, serious performance problems may occu... read more»

Brittany Murphy death exploited by hackers

(from Webuser at 22-12-2009)

Cybercriminals are already exploiting the news of actress Brittany Murphy's death in 'scareware' scams, experts have reported. Cybercriminals pushing 'scareware' or fake anti-virus software are exploiting the news of Brittany Murphy's death. Murphy is thought to have suffered a cardiac arrest at around 0800 Pacific Time (1600GMT) on Sunday, with the first reports appearing on celebrity news site Just hours later, researchers at Finnish security firm F-Secure reported that cyber... read more»

Santa's Naughty-Nice Database Hacked

(from PCmag at 22-12-2009)

A spokes-elf for Santa Claus has acknowledged that the database posted recently at WikiLeaks was indeed the comprehensive 2009 list of which kids have been naughty and which were nice, according to this report. Speculation of the source for the leak runs from East-European hackers to a renegade reindeer. North Pole sources said that future access to the database would be restricted based on a "need to know." For more Information click the following URL: read more»

UK retail Wi-Fi security still patchy

(from The Register at 22-12-2009)

Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist. The cybercrooks, who lifted more than 21 million credit card records, leapfrogged onto the retailer's credit card database after first breaking into the wireless network of a regional store, a subsequent investigation ahead of upcoming US trials revealed. The incident ought to have acted as a wake-up call to retailers worldwide, ... read more»

Secret neo-Nazi documents published - 11 membership lists about to go online

(from The Register at 22-12-2009)

Wikileaks is in the process of making a cache of documents and files from eleven different neo-Nazi organisations readable, and readily available, online. The membership records and private messages are currently being formatted to make them easy for non-techies to read and will be released on the Wikileaks site shortly. The raw data is already available but needs formatting so: "your grandmother can read them and google can find them... Journalists won't write about it otherwise." The site i... read more»

Scareware scammers exploit Brittany Murphy's death

(from The Register at 22-12-2009)

Actress Brittany Murphy's sudden death, just like Michael Jackson's untimely demise before her, has quickly been exploited by scareware scammers. A spike in searches on Murphy's death has been taken as a theme for Black Hat SEO attacks, designed to push sites that have been hacked to redirect surfers to scareware portals into prominence in search engine results.Windows users who click on links to poisoned search results get exposed to a fake anti-virus scan, designed to frighten users into bu... read more»

The 12 scams of Christmas

(from viruslist at 22-12-2009)

My colleague Tanya has just posted over on our Russian site about losses caused by Internet fraudsters in England and Wales. If you want to practice your Russian, hop over there, and take a look! Even though we're a Russian company, we know that most people in the UK (including me!) prefer to get their news in English. So here's a few facts and figures: In a recent statement, the Office of Fair Trading estimated that losses caused by Internet fraud amounted to £14 billion per year. That's ... read more»

Cybercrime methods continue to evolve to lure business and users alike

(from SecurityPark at 22-12-2009)

In 2010, further adoption of cloud, social media and virtualisation technologies will continue to blur the network parameter, while new cybercriminal methods such as ransomware and crime as a service will lure in unsuspecting users and threaten the enterprise at large. Security postures must move from a container-centric approach that is tied to a physical locale to a data and information-centric security design. To do this, organisations – large and small – should consider a layered, central... read more»

Drop in .CN Spam after NIC Changes Registration Policy

(from Softpedia at 22-12-2009)

Security researchers point out that spam containing links to abusive .cn domains is on the decline. This trend seems to be related to new domain registration requirements recently introduced by China's Internet Network Information Center (CNNIC). On December 11, CNNIC announced that a stricter registration procedure would be introduced for .cn domains. The new regulation states that "Domain name applicants need to submit the formal paper based application material when making the online appli... read more»

Rogue AV Scams Result in US$150M in Losses

(from TrendMicro at 22-12-2009)

Tricking users into downloading rogue AV is an age-old cybercriminal tactic that still works. Hence the continuous rise in the number of rogue AV pushed to unwitting scam victims up to this day. In fact, the FBI just recently warned the public about the threat that rogue AV software poses, saying this has resulted in more than US$150 million in losses to victims. The earliest rogue AV ploys relied on scareware tactics that resorted to warning users of supposed infections. The shift toward a m... read more»

Microsoft Virus Scanning Recommendations Bring Risks

(from TrendMicro at 22-12-2009)

We have recently received queries from customers about the official exclusion list recommendations from Microsoft. It seems that they have published a Knowledge Base entry that lists down recommendations to improve performance in Windows when running antivirus scanners. This list recommends customers to exclude certain extensions and folders from antivirus scanning. Now, although it actually makes sense to stop checking Windows Update and some Group Policy-related files if you really want to ... read more»

Ten 2010 IT Security Predictions, Part 2

(from Network World at 22-12-2009)

As 2009 draws to a close and a new decade dawns, CSOonline has reached out to some of the industry's best known security pros in search of insight on what the next 12 months and beyond have in store for our IT and cyber infrastructure. Today we continue with predictions from Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and ICSA Labs, a vendor-neutral testing and certification lab for hundreds of security companies.... read more»

Cybercriminals Go to the Cloud?

(from TrendMicro at 22-12-2009)

In an article by Dancho Danchev, he illustrated Trend Micro’s prediction that cloud hosting services such as Amazon EC2M can be easily used for fail-over command and control (C&C) botnet services. Just recently, Trend Micro had an issue with some IP ranges from the Amazon EC2 data centers. Based on the procedures of our email reputation database, active spamming IP addresses are automatically blocked.... read more»

Hacker Taps Into College Library Server

(from esecurityplanet at 21-12-2009)

Officials for a community college system in North Carolina this week acknowledged that someone managed to hack his or her way into a server housing the Social Security and driver's license numbers of more than 51,000 library patrons. The data breach affected students and local residents who used computers in the libraries at 25 separate campuses throughout the Tar Heel State in the past year. A spokeswoman for the community college system said officials are in the process of notifying all ... read more»

Episode 30 of the Who and Why Show - Episode 30: Routing Security

(from YouTube at 21-12-2009)

In the 30th episode of Team Cymru's 'The Who and Why Show', we're joined once again by John Kristoff to talk about Router and Routing Security. We'll cover some common mistakes folks make, quick wins plus some longer term fixes you might want to implement to secure your networks. More Information : read more»

Cyber Challenge tests nation's top hackers

(from CNN at 21-12-2009)

With the coolness of a card shark at the final table of the World Series of Poker, Matt Bergin pulls the hood of his brown sweatshirt over his head and concentrates on the task at hand. The task: hacking into as many target computers as he can and then defending those computers from attacks by other skilled hackers. Other skilled hackers like Michael Coppola, 17, a high school senior who, at this very moment, is hunched over a keyboard in his Connecticut home.... read more»

Register for Security Log Secrets - Los Angeles, January 25-27, 2010

(from Randy F. Smith at 21-12-2009)

My Security Log Secrets training seminar in Los Angeles is approaching fast. Here's a chance to save if you register before the end of the year. Use coupon code 2009 and my eStore will take off $200. Here's the full detail about the upcoming training event: Many of you have expressed interest in my Security Log Secrets in-person training if I ever scheduled a seminar at a public venue and date. Choosing the right date and venue makes all the difference in getting enough attendees in orde... read more»

The 2010 Government Information Technology Executive Council (GITEC) Summit

(from gitecsummit at 21-12-2009)

The GITEC Summit (formerly Information Processing Interagency Conference) is the premier forum for government leaders, industry and academia to share ideas, challenges and successes surrounding the implementation, management and use of Information Technology. The theme of the conference is IT Innovations Solving Complex Business Challenges. Key focus areas for the conference include: What are the biggest challenges for the largest upcoming projects What New Technologies can be helpful What... read more»

The 5th International Conference for Internet Technology and Secured Transactions (ICITST-2010)

(from icitst at 21-12-2009)

The 5th International Conference for Internet Technology and Secured Transactions (ICITST-2010) is Technical Co-sponsored by IEEE UK/RI Communications Chapter. The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution. The ICITST aims to provide a highly professional and comparative academic research forum that promotes collaborative e... read more»

31st IEEE Symposium on Security & Privacy

(from oakland31 at 21-12-2009)

The 2010 symposium marks the 31st annual meeting of this flagship conference. Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The symposium will be held May 16-19 at the Claremont Resort in Oakland, California.... read more»

InfoSec World Conference & Expo 2010

(from Misti at 21-12-2009)

The event features over 70 sessions, dozens of case studies, 9 tracks (including a hands-on hacking techniques track), 12 in-depth workshops, 3 co-located summits and an exhibit hall showcasing the industry’s leading vendors. With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business!... read more»

Boston SecureWorld Expo 2010

(from secureworldexpo at 21-12-2009)

SecureWorld Expo provides security education and training with nearly 60 sessions including: Cloud Computing, End Point Security, Data Privacy, Risk Management, PCI Compliance, Cybercrime and much more. Exhibit floor featuring nearly 50 exhibitors with the latest products and services available to effectively secure your enterprise. Earn 12-16 CPE credits toward your CISSP certifications. SecureWorld regional conferences deliver the most affordable, highest quality security education, trai... read more»

Irish spam tides rise

(from Tech Central at 21-12-2009)

A rise in spam e-mails in Irish has been observed by Symantec, the world's largest security software company, in its recent State of Spam report. These e-mails are designed to get users to open them and then click on malicious links, which can leave a laptop, PC or mobile device open to viruses. The Irish spam messages can sometimes be identified by their suspicious phrasing and spelling by fluent speakers, a result of cybercriminals using free online translators which often produce spelling ... read more»

Cybercrooks Target File-Sharing Networks

(from PCWorld at 21-12-2009)

This year is on its way out and seemingly cybercriminals are also planning their year ahead. Secure content management solutions developer Kaspersky Lab has outlined the threats it expects to see in 2010 as a result of cybercriminal activity. Kaspersky Lab was expecting a rise in the number of global epidemics in 2009 but this year was marked by sophisticated malicious programs with rootkit functionality. Corporates and individuals struggled with the Kido worm (Conficker), Web attacks and bot... read more»

Malware Opens Door to Possible Information Exposure

(from gantdaily at 21-12-2009)

A computer in the Dickinson School of Law that contained 261 Social Security numbers from an archived class list was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. "Malware" is short for malicious software and refers to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, worm or other destructive program. ... read more»

Lack of laptop security leads to ID theft

(from Ciol at 21-12-2009)

In 2003, an estimated 1.5 million laptops were stolen worldwide. Today, that number has climbed to 2.6 million. That's a 70 per cent increase in just a few years. That's one stolen laptop every 12 seconds Laptop computers have been the source of some of the biggest data breaches of all time. 800,000 doctors were recently put at risk for identity theft when a laptop containing their personal data went missing from the Chicago-based Blue Cross and Blue Shield Association... read more»

'Pxxx' Among Top Search Terms for Kids

(from Mashable at 21-12-2009)

In a somewhat worrying piece of news, security firm Symantec has released the top search terms by kids in 2009. Topping the lists: “YouTube”, “Google”, “Facebook”, “sex” and “porn”. While that result set might not be surprising in the teen search rankings, it’s interesting to note that “porn” ranks 4th in the “7 and under” category, receiving more searches than “Club Penguin” and “Webkinz“. Meanwhile, “sex” is fourth for teens and tweens alike.... read more»

Lavasoft Lists Online Threats for 2010

(from spamfighter at 21-12-2009)

Lavasoft, a Sweden-based computer security purveyor, has recently come up with its list of top ten predictions and security trends for 2010. The list, released in the second week of December 2009, predicts that the top position will be occupied by malware assaults on Windows 7. With launch of the Microsoft's latest operating system (OS), the company aims to substitute Windows XP as the most preferred OS. With more and people installing Windows 7 on their systems, malware developers will also ... read more»

Russia, U.S. teaming up to prevent cybercrime

(from Times call at 21-12-2009)

The United States has begun to engage Russia in discussions about threats to national security from Internet-based computer attacks. The two nations look at this issue differently, but in the end, this issue needs discussion and resolution on an international scale. Our nation’s economic system is dependent - and more so by the day - upon computer networks that operate over the Internet. Banking, credit card processing, retail and wholesale order placement, sales transactions of all kinds, me... read more»

2010 cyberthreat forecast: Attack vectors

(from Net-Security at 21-12-2009)

2009 was dominated by sophisticated malicious programs with rootkit functionality, Conficker, web attacks and botnets, SMS fraud and attacks on social networks. With the start of 2010 quickly approaching, researchers and analysts from Kaspersky Lab have come up with a list of six predictions for what will be the New Year’s greatest threats and newest attack vectors. A rise in attacks originating from file sharing networks. In the coming year we will see a shift in the types of attacks on user... read more»

Film review site hacked

(from Certifiedbug at 21-12-2009)

The Register reports that hackers exploited a vulnerable PHP script on the movie review site, ‘Ain’t It Cool’, which redirected visitors over a 90-minute period on Thursday morning to a server containing a malicious Adobe Reader file. The booby-trapped PDF, according an analysis by researchers at Praetorian Prefect, exploited two vulnerabilities in Adobe Reader that the company has already fixed. When the file is opened by unpatched versions of Reader, it launches malicious shell code that hi... read more»

Rackspace Outage Has Limited Impact

(from Yahoo News at 21-12-2009)

Rackspace experienced an outage yesterday--a recurring issue this year for the hosted data center provider--which took down a number of high profile sites including the popular blog site TechCrunch. No network is impervious to outages, but a company like Rackspace needs to provide consistent and reliable service.... read more»

Plan to meter traffic called 'bad for Internet'

(from chinapost at 21-12-2009)

China wants to meter all Internet traffic that passes through its borders, it has emerged. The move, which would allow countries that currently receive no payment for use of their lines to generate income, would require international agreement. It is being discussed by the United Nations (U.N.) body in charge of Internet standards, reported BBC News.But a European Union cyber security expert has warned that the plan could threaten the stability of the entire Internet, said the report.... read more»

1st European Workshop on Internet Early Warning and Network Intelligence

(from Europa at 21-12-2009)

Today a larger scope has to be taken into account when assessing the security of networks. However, large scale, collaborative detection efforts have been difficult. Internet Early Warning Systems (EWS) started addressing this a couple of years ago. They enable piecing together information from different parts of the Internet in order to get the big picture - while ideally leaving contributors in control of their data. EWS still require a lot of research efforts and improvements in order to keep... read more»

Key DHB computers back on line after virus

(from 3news at 21-12-2009)

Computers in key clinical areas of Waikato District Health Board (DHB) are today up and running after being hit by a virus this week. About 3000 computers across the DHB's network were infected with the Conficker virus, forcing a complete shutdown after the worm was spotted about 2am on Thursday.... read more»

Phishing attempts on the rise and growing

(from newsabahtimes at 21-12-2009)

The number of phishing attempts is on the rise and accelerating, according to an advisory released by the Cyber999 Help Centre of CyberSecurity Malaysia. The Cyber999 Help Centre has been receiving numerous reports from local internet users regarding phishing websites hosted overseas. These look exactly like that of some of the well-known local bank’s, e-banking websites.... read more»

Cybercrooks Target File-Sharing Networks

(from PCWorld at 21-12-2009)

This year is on its way out and seemingly cybercriminals are also planning their year ahead. Secure content management solutions developer Kaspersky Lab has outlined the threats it expects to see in 2010 as a result of cybercriminal activity. Kaspersky Lab was expecting a rise in the number of global epidemics in 2009 but this year was marked by sophisticated malicious programs with rootkit functionality. Corporates and individuals struggled with the Kido worm (Conficker), Web attacks and bot... read more»

Online buyers need protection: security expert

(from CBC News at 21-12-2009)

Canadians hoping to avoid malls and buy their holiday gifts online should be aware that not all websites are using the latest security encryption, the head of an Ottawa technology firm says. Mike Borza, chief technology officer at Elliptic Technologies, a company that specializes in security design for devices such as cellphones and laptops, said the government should enact new laws to protect consumers. Borza said consumers should make sure their web browser shows a lock icon when they're... read more»

Internet cafes on police radar

(from Times of India at 21-12-2009)

The district police is planning to carry out an intensive checking of internet parlours as part of ensuring foolproof security arrangements ahead of the month-long Magh Mela. SP city Awadhesh Kumar Vijeta informed that though checking of internet cafes is a routine affair and action is initiated against erring owners for not following rules laid down by the police, the vigil is beefed up during festive or special occasions when the threat perception is higher.... read more»

Softpedia's Guide to Free Security – Part I

(from Softpedia at 20-12-2009)

The Internet is certainly one of the greatest inventions in the history of mankind. It helped open the road to unprecedented levels of innovation and communication between people. But, life on the Internet is by no means perfect. Numerous gangs of cyber-criminals lurk in the Internet's underground and plot their attacks against unsuspecting people. Because of this, Internet users have a very real and pressing need to protect their assets, be them online (accounts of all sorts) or offline (the... read more»

Iranian hackers take Twitter down

(from TGDaily at 20-12-2009)

Twitter was attacked by a group of Iranian hackers last night. A group, calling itself the Iranian Cyber Army, compromised DNS records and redirected visitors to a page showing the Iranian flag. The attack lasted over an hour, according to Twitter boss Biz Stone. "Twitter's DNS records were temporarily compromised tonight but have now been fixed. As some noticed, was redirected for a while but API and platform applications were working. We will update with more information and ... read more»

'Free trial' or Internet scam?

(from CNNMoney at 20-12-2009)

Free trials are not always free. And in some cases, they are very expensive. The FTC, Visa and the Better Business Bureau are warning today about deceptive advertising. You may have seen those "free trial ads" on the Internet for things like acai berry, teeth whiteners or colon cleansers. According to VISA, almost 30% of online consumers have been victimized by this deceptive marketing. One company that sells acai berry supplements received more complaints this year than BBB receives about th... read more»

Recycled .mp3 Spam for Cheap Pills

(from Symantec at 20-12-2009)

Spammers are recycling their old spamming methods after more than two years. Symantec reported an .mp3 version of pump-and-dump stock spam back in October 2007. In this recent spam attack, a small .mp3 file promoting a meds domain is attached in the email messages. These email messages contain no subject line or message body. The .mp3 file is a five-second message recorded in a female voice and promotes a particular meds domain. The file is approximately 11 KB in size and recorded at a 16 kbp... read more»

Cloud Based Vulnerability Management

(from information security resources at 20-12-2009)

Vulnerability and Compliance Management as Software as a Service (SaaS) are springing up like mushrooms. The SaaS model enabled companies which focused on vulnerability management to extend their reach, and offer the services to more and more potential clients. Most companies in this market name their SaaS service the “on-demand solutions for security risk and compliance management”.... read more»

Former owner of Chandler's Citrus Cafe arrested in Texas

(from Azcentral at 20-12-2009)

A self-proclaimed foodie and former owner of the posh Citrus CafĂ© in Chandler will likely be eating jail chow instead of escargot and chardonnay while he awaits trial on multiple theft and fraud charges. Andrew Paparella Jr., 36, was extradited to Chandler from Texas Thursday, said police spokesman David Ramer. He was indicted by a Maricopa County Grand Jury in October on 20 criminal charges including identity theft, credit card theft and fraudulent schemes and is accused of going on spending... read more»

Spoof Conroy website protests at internet filter plan

(from Sydney Morning Herald at 20-12-2009)

He wants to censor the internet but what will Communications Minister Stephen Conroy do about a spoof website that uses his own name to protest against the Government's internet filtering policy? A net prankster has taken advantage of Conroy's failure to reserve his own domain name by registering and turning it into an anti-censorship protest site.... read more»

Threat Bulletin: 'Tis the season to be spamming

(from goodgearguide at 20-12-2009)

With Christmas just around the corner, the Symantec Security Response Team has observed that spammers are hard at work generating Christmas-related spam, including gift shopping offers, greeting cards and courier services in an attempt to lure computer users to open these emails. Many of them have Christmas themed key words in the header to lure users to open emails.... read more»

Japan servers tied to huge cyberattack

(from Japan Times at 20-12-2009)

The National Police Agency said Thursday it suspects eight computer servers in Japan were involved in a wave of attacks in July on government and commercial Web sites in South Korea and the U.S. and a North Korean connection is suspected. Police found a program on the servers for issuing instructions to terminals outside of Japan to send large amounts of data.... read more»

Ex-Valley restaurateur convicted in identity fraud scheme

(from Azcentral at 20-12-2009)

A former Valley restaurateur recently was convicted in an identity fraud scheme. Judge James V. Selna of the Central District of California Court found Reha Soylular guilty and sentenced him on Nov. 30 for using unauthorized access to obtain money, a felony offense, according to court records. According to court documents, between 2002 and 2004 Soylular gained more than $1,000 by using other individuals' personal information, including names and Social Security information, to establish merch... read more»

Upper Darby man arrested, faces identity theft charges

(from delcotimes at 20-12-2009)

An alleged swindler involved in a sophisticated identity-theft ring involving personal information copied from hospital records is facing multiple identity theft and theft charges, police said. The defendant allegedly purchased almost $40,000 worth of merchandise with credit cards in other people’s names.... read more»

Autopsy reports altered in data breach at WDH: Frisbie says it will notify families of deceased

(from Fosters at 20-12-2009)

Frisbie Memorial Hospital says it will notify the families of two patients whose autopsy reports were altered when a Wentworth-Douglass Hospital employee made unauthorized changes to patients records' at WDH's pathology lab. The breach took place between May 2006 and June 2007 at the hands of a WDH employee who more than 1,800 times accessed patients' pathology lab records after she was transferred from the lab. An audit completed in May showed changes were made to patients records, and Dr. C... read more»

TSA Cannot Order Sites to Take Down Sensitive Manual

(from FAS at 20-12-2009)

After a Transportation Security Administration (TSA) manual containing “sensitive security information” was inadvertently disclosed on a government website, it was reposted on several non-governmental websites where it remains freely available. Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished th... read more»

Disqus for ePayment News