Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel. SANS @Risk Consensus Security Alert Newsletter Week 32, 2012. Nepalese Government Sites Hacked, Serving Zegost Malware. Encyclopedia entry: Exploit:Java/CVE-2012-0507.OO - Learn more about malware - Microsoft Malware Protection Center. Openconstructor CMS 3.12.0 Cross Site Scripting. Zero Day Vulnerability in timthumb script - Announcements Discussions on Arras Community Forums. Attackers Go Phishing for Payroll Workers With Java CVE-2012-1723 Exploit. Strategies For Protecting Web-Facing Databases. FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014 1 Comment | Read | Post a Comment News Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.By Mathew J. Blizzard passwords could be theoretically reverse engineered. Blizzard Entertainment may not yet be in the clear of its latest breach, with the attackers potentially having enough information to reverse engineer weakly constructed passwords.
As Jeremy Spilman pointed out on his blog, the information stolen from Blizzard is likely to be the server-side database used as part of the Secure Remote Password (SRP) protocol. If Blizzard's implementation of SRP is standard, its stolen SRP database contains the username and salts for each account and their hashed password verifiers. Google, Salesforce were allegedly offered 'TrapWire' spy tool. Now approaching its 10th day of a distributed denial-of-service (DDoS) attack, WikiLeaks has released information about a video-surveillance program that is possibly being used by the US government and large organisations, such as Salesforce and Google.
The program, called TrapWire, was developed by US-based Abraxas Corporation, which is alleged to be staffed by many former US Central Intelligence Agency (CIA) agents. TrapWire is meant to identify terrorists who approach a facility multiple times as they conduct their surveillance. Juniper Networks banking on India rebound. India's telecommunications industry has been through tough times with steep competition and regulatory complications and uncertainty, but it will emerge from these challenges to recover and companies such as Juniper Networks is poised to benefit from the upturn.
Douglas Murray, senior vice president for Asia-Pacific at Juniper Networks, told ZDNet Asia in a recent interview that 2012 has been a particularly difficult year for India-based telcos because of steep industry competition and policy complications from the revoking of existing 2G spectrum licenses earlier in February. These were key reasons why there was a drop in the networking equipment maker's Asia-Pacific revenue in the second quarter, which slid 12 percent year-on-year. This dragged the wider group revenue down by 4 percent to US$1.07 billion for the three months ended June, Murray stated. FTC accuses Facebook of misleading developers over security.
An investigation by the U.S.
Federal Trade Commission (FTC) has suggested that the social networking site fell short in reviewing and verifying applications, and therefore "deceived" developers over security ratings. When developers passed along an application into the now-closed verified apps scheme, it is reported that the social networking site was paid up to $95,000 in order to give software green 'ticks' of approval.
By doing so, individual applications were given a "test for trustworthy user experiences" by Facebook. Bitdefender releases tool for removing Gauss financial malware. The security firm Bitdefender has released a clean-up tool for those who think their PCs might be infected with the Gauss malware.
Gauss, which was outed by Kaspersky last week, is financial espionage malware that bears some resemblance to the Flame trojan, discovered back in May. Gauss can steal login credentials and cookies, and targets e-banking, social network and email accounts. Israel tests missile attack warning system via SMS. The Israel Defense Force (IDF) Home Front Command commenced a week-long test of an alert system which sends a text message to mobile phones located in areas likely to be hit by missile strikes.
The "personal message" system which commenced on Sunday was developed in the past few years and is expected to be operational within a month, Xinhua news site reported Sunday. It will send area-specific warnings, based on projections of incoming trajectory of unguided rockets or ballistic missiles and aims to offer more specific guidelines to residents than existing air raid sirens. As part of the drill, messages wil be delivered to several geographic areas, reading "The Home Front Command, checking cellular system", followed by a serial number, and will be sent in Hebrew, Arabic, Russian and English. This comes on the heels of a possible Israeli attack on Iran to stop its nuclear program, which has spurred public concern on how to prepare on the home front.
Media sites brace for hacktivist attacks. Traditional news companies and other websites covering this year's presidential election are preparing for a flood of web traffic over the coming months, and not just from political junkies.
Politically motivated hacktivist attacks have become a top concern among companies providing election coverage online. RELATED: Senate delays, maybe kills, cybersecurity bill Bill Wheaton, senior vice president and general manager of Akamai's media division, says the 2012 election could generate roughly four-to-five times as much web traffic as it did in 2008. At peak hours, he estimates that as many as 4 million people could be streaming coverage of the election simultaneously, as a result of the increase in devices and social networks facilitating access to streamed content.
To continue reading, register here to become an Insider. While origin unclear, Gauss indicates malware tool boom. The computer security firm Kaspersky Lab announced this week that it had found a new cyber surveillance virus in the Middle East that is a descendent of the Stuxnet, Flame and Duqu malware.
But they are not calling it "Son of Stuxnet. " Stuxnet is the computer worm widely believed to have been used by the U.S. and Israel to attack Iran's nuclear centrifuges.