Malware. Computersecurity. Privacy. Canadianprivacylaw. 'Viral inviters' want your e-mail contact list. By Becky Waring Several firms have recently sprung up that provide tools to copy e-mail and social-network contact lists from Outlook, Gmail, Hotmail, AOL, MySpace, Friendster, and other sites. Web site operators who lure unsuspecting users into sharing their address lists can then send invitations to all the contacts in order to swipe even more private info. The names of some of the contact-scraping tools — Viralinviter.com, TrafficXplode.com, and TheTsunamiEffect.com —hide their true purpose. They present themselves as list-builders for site owners and e-mail marketers, and are indeed used by many legitimate companies.
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Get a real feel for Windows 8.1 with a wealth of tips in this step-by-step guide. You may have used an address-scraping tool already. Figure 1. Figure 2. Take Facebook. E-fense, the Developer of the Helix3 Suite of Security Software. Amazon Moves to Mitigate Threats to Cloud Service.
Wells Fargo exec shares insights on integration, innovation - Re. Skip to main content Browse All Briefs by Topic Wells Fargo exec shares insights on integration, innovation Forward to a friend 10/26/2009 | InformationWeek Information technology challenges at Wells Fargo include the usual topics of security, privacy and customer outreach, but the bank also must deal with integrating systems from acquired firms. Executive Vice President of Information Services Wayne Mekjian discusses these tasks and how his organization pursues innovation. View Full Article in: InformationWeek Business | Best Practices Series | Tech | Software & IT Services Published in Brief: SmartBrief on ExecTech SmartBrief Job Listings for Business View More Job Openings ©2014 SmartBrief.
Behind the Scenes of the Botnet Epidemic. Winter Olympic Search Results Exploited by Malware. Malicious Spam Jumps to 3 Billion Messages Per Day. Why the U.S. Is an Easy Mark for Hackers. In the wake of the attacks against Google, Adobe and other major high-tech companies, there was a lot of public shock and outrage that this kind of attack happened. But it was really just a small part of what's been going on for years. In a conversation with Dennis Fisher, Tom Kellermann of Core Security explains why the U.S. government and private companies are so unprepared for these attacks.
This is an edited transcript of the podcast with Kellermann . All right, welcome to the Digital Underground podcast. Very excited -- I've got Tom Kellermann, vice president of security awareness and strategic partnerships at Core Security on the line. Going to talk about a whole bunch of stuff: what's going on in Washington in terms of information security these days: the Google attacks, a few other things -- get Tom's thoughts on all of this. . : Doing well. . : Absolutely.
. : Relieved. {*style:<b> Dennis Fisher </b>*}: Is there a big contingent that believes that? : Exactly. . : I am, yep. : I hope. Home. SAN FRANCISCO – The Internet attacks that may end up driving Google Inc. out of China originated from two prominent schools in the country, according to a story published late Thursday. The New York Times reported security investigators have traced the hacking to computers at Shanghai Jiaotong University and Lanxiang Vocational School in China. The newspaper attributed the information to unnamed people involved in the investigation.
Google didn't immediately respond to requests for comment. The company revealed on Jan. 12 that digital thieves had stolen some of its computer code and tried to break into the accounts of human rights activists opposed to China's policies. The sophisticated theft also targeted the computers of more than 30 other companies, according to security experts. The digital assault was serious enough to prompt Google to confront China's government about censorship rules that weed out politically and culturally sensitive topics from search results in the country.
Home. (Reuters) – A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness. The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.
A botnet is an army of infected computers that hackers can control from a central machine. " The company said the attack was first discovered in January during a routine deployment of NetWitness software. Further investigation by the Herndon, Virginia-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.
Online Crime Easier, More Budget Friendly. Twitter Hit By Phishing Attack. Man in the Browser: Inside the Zeus Trojan. Report: Chinese programmer wrote code used against Google | InSe. A freelance security consultant in China wrote the exploit code targeting Internet Explorer 6 that was used in the attacks on Google and others, according to a published report. The unidentified programmer had posted pieces of the exploit to a hacking forum, and Chinese officials had "special access" to his work, the Financial Times reported on Sunday.
The programmer did not launch the attack, the report said, citing an anonymous researcher working for the U.S. government. Last week, The New York Times reported that researchers had traced the attacks to computers at Shanghai Jiaotong University and Lanxiang Vocational School, which has ties to the Chinese military. However, officials at the schools have denied those claims. Google announced January 12 that its network had been compromised and e-mail accounts belonging to human rights activists in China had been targeted. Military ban against USB drives partially lifted - SC Magazine U. February 19, 2010 After a more than yearlong ban, USB drives and other removable media devices may now be used on military networks under “very specific circumstances and guidelines,” according to the U.S. Strategic Command. “This is not a return to business as usual," Vice Adm. Carl Mauney, deputy commander of the U.S. Strategic Command, told SCMagazineUS.com in an email on Friday.
“There remain strict limitations on using these devices.” The U.S. Department of Defense (DoD) originally banned USB drives and other removable media devices in November 2008, after a worm infiltrated Army networks. The order to partially lift the ban came last week from Gen. Also, only government-procured and owned devices will be allowed. “After extensive testing of mitigation measures, DoD decided to make this technology available again on a strictly controlled basis on DoD computers,” Mauney said. They allow employees to be productive and to access the data they need, when they need it, he said. Firefox issues 3.5.8 to address security issues - SC Magazine US. Rootkit to blame for Windows fix resulting in blue screen - SC M. February 18, 2010 Users who experienced issues when installing a recent Windows patch likely are infected by the Alureon rootkit, the company announced late Wednesday.
"We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third-party applications and software," Mike Reavey, director of the Microsoft Security Response Center, said in a blog post. "The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state.
Microsoft began investigating the issue after some Windows XP SP2 and SP3 customers complained that after installing one of the patches the company released Feb. 9, the so-called blue screen of death resulted when they attempted to restart. The patch was bulletin MS10-015, which repairs privilege-escalation vulnerabilities in the Windows kernel. Widespread data breaches uncovered by FTC probe. Posted on 23 February 2010. The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud.
The agency also has opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks. To help businesses manage the security risks presented by file-sharing software, the FTC is releasing new education materials that present the risks and recommend ways to manage them. P2P technology can be used in many ways, such as to play games, make online telephone calls, and, through P2P file-sharing software, share music, video, and documents. Remove Desktop Defender 2010, removal instructions. Adobe patches critical bug in Flash, Reader download tool | Secu. News February 23, 2010 08:25 PM ET Computerworld - Adobe today patched a critical vulnerability in the Windows utility used to download the company's two most popular products, Adobe Reader and Flash Player.
It was the second time in the last six weeks that Adobe fixed a flaw in Download Manager, the program it installs on PCs when customers download Reader or Flash Player. The bug, Adobe acknowledged in an advisory, "potentially allow[s] an attacker to download and install unauthorized software onto a user's system. " Israeli security researcher Aviv Raff disclosed the vulnerability last week, when he said that attackers could use the Download Manager to forcibly download and install any executable file, including attack code. "If you go to Adobe's Web site to install a security update for Flash, you really expose yourself to a zero-day attack," Raff said. Among other things, the manager resumes interrupted downloads and queues up multiple files for download. Attack Combines Browser History & Social Net Groups. Adobe Patches Critical Hole in Download Manager.
Google's Blogger Targeted in Phishing Attack. Browsing Protection Portal. Zeus Trojan infected 2.5 thousands Corperate machine around the. February 18th, 2010 Mourad Ben Lakhoua Over the past 1,5 year more than 75 thousands machine worldwide have been infected by Zeus Trojan this is according to NetWitnes Company, all these infected computers were used to thief Banking account, Social Networking and email passwords. Among the victims we can find some of the major companies like Merck, Cardinal Health, Paramount Pictures and Juniper Networks. NetWitness informed that Cybercriminals might be from an Eastern European group countries and performed their activities over a server located in Germany, by spreading emails containing malicious software or redirecting victims to a malicious website. The observed hacking activities do not stop here but researchers noted that on 26 January they found a 76 Gigabytes of data stolen by this Trojan, this data contains information about 68 thousand corporate logins as well as online Banking credential, Facebook , Yahoo and Hotmail.
ZeuS consists of two main parts: 1. 2. </i>*} How Japanese ISPs Deal with Botnets. Wyndham Hotels Hit Again By Hackers. A Chat With Adobe's Brad Arkin. Microsoft Warns of New IE Code Execution Flaw. Energizer Battery Charger Contains Remote Access Backdoor | thre. As Memory Protections Advance, Exploits Stay a Step Ahead | thre. RSA 2010: Researchers Demo Mobile Botnet from Smartphone App | t. Malaysian Hacker Will Be Extradited to U.S. Opera Bug Can Crash Browser. Monoprice.com Goes Offline, Investigates Fraud. E-Mail Security Questions Easily Answered. Precisely how to go About Securing Your Personal computer System. Business Security Information » cPanel CSRF Security. Late last year it was announced by a couple of security researchers that cPanel was vulnerable to cross-site request forgery attacks (CSRF). If you manage your business’ website, you know that cPanel is an administration interface that allows you to perform many tasks related to running a website.
This includes accessing website stats, email accounts, and log files, submitting tickets to the support desk, and a variety of other tasks. Cross-site request forgery attacks allow attackers to exploit web-based services after the user has already logged into the web-based service. In a cPanel attack, once you are logged in, you must be lured by the attacker to visit a malicious website that the attacker runs or has compromised. Once you go to the malicious website, the attacker can execute unauthorized commands since you are already logged into cPanel, and no password would be necessary. Improving cPanel Security Against CSRF Attacks Make sure you are using cPanel version 11.25.0. Why Bob Maley's Firing is Bad for All of Us. Marc Maiffret at RSA 2010. Botnets Find New Internet Homes Quickly. 5 Points About Online Safety (For Parents) We were recently approached by a lovely lady from an NGO asking if we had any material – statistics, articles, etc – on how to deal with online grooming (the process of an adult using the Internet to prepare child victims for sexual abuse).
She was especially concerned about the explosion of online social networking services and how these services may facilitate abusers in reaching out and ensnaring more vulnerable children. Now, truthfully, we don’t have a lot of material on this topic. Our work focuses more on the tech side of the huge field that is online security. Still, as more children become Internet-connected at a younger age – whether on a computer at home, at school, or even via a smartphone – keeping them safe online is becoming more of a concern, especially for parents who struggle with technology. Point 1: Don’t feel overwhelmed. The many guidelines available give tons of helpful tips, suggestions, checklists and more, so it’s easy to feel flooded by too much advice. The Future of Botnets. Microsoft Issues Fix-It Workaround for IE Zero-Day. Online Fraud Loss Reaches $560 Mil in 2009. Zeus Kits Take Anti-Piracy Page from MS.
The Cadence of Microsoft Security Patches. Zeus Trojan Now Has Hardware Licensing Scheme. Microsoft Virtual PC Flaw Lets Hackers Bypass Windows Defenses | Mapping the Criminal-ISP Infrastructure. Real 'Mafia Wars': Facebook Helps Nab Actual Criminal | threatpo. Using Live Data In Development Is Risky. Sens. Rockefeller and Snowe debut new draft of federal cybersecu.
Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine) unveiled the latest draft of their cybersecurity bill on Wednesday, a 62-page set of instructions specifying how the federal government would respond to a massive network security breach. Among other provisions, the bill would establish a Senate-confirmed office to handle cybersecurity matters, replacing the ad hoc adviser President Barack Obama appointed in 2009. It would also enumerate the president's powers during national cybersecurity emergencies, establish new bridges for public-private security cooperation and set in place routine checks on the country's cybersecurity infrastructure, according to the legislation. The bill arrives on the heels of two high-profile cyberattacks this year that in part targeted numerous U.S. businesses, including Google. Chief among them is the bill's section on White House emergency powers at times of cyberattacks. Rockefeller's office later stressed those rules already exist in federal law.
Untitled. Social Networking Sites Pose Increasing Threat to Corporate Network Security SonicWALL hosted fast track events in Dubai and Abu Dhabi to discuss current threats and evolving security solutions with end-users Of the leading social networking sites, Facebook now poses the greatest security risk to companies, according to a new report published by Sophos. With the increasing use of this site and many others, it is becoming more and more important for companies to ensure that they have the right solutions and tools in place to protect their networks from rising threats.
Last month, the Information Security Forum released its list of the top 10 security threats facing companies in the next two years. Criminal attacks took the top spot, followed by infrastructure weaknesses. For most security threats, solutions are available online from Kaspersky Lab International Ltd. . SonicWALL’s aim is to deliver security solutions that evolve along with organizations and the threats they encounter.
Mozilla Acknowledges Critical Zero Day Flaw in Firefox | threatp. Which ISPs Are Hosting the Bad Guys? Former Pennsylvania CSO Maley Speaks. Mariposa Bot Found Pre-Loaded on Second Vodafone Handset | threa. Pwn2Own Predictions: Apple iPhone Will Fall. Flash drive cyber attacks. Campus mail not private: University can screen e-mails | The Red. How to Evade URL Filters With (Not-So) Fancy Math. Germany Warns Users Against Using Firefox. Google Releases Skipfish Application Security Scanner | threatpo. Opera 10.51 Closes HTTP Header Holes. Law Firms See Uptick As Cybercrime Targets. Feds Seek 25-Year Sentence for TJX Hacker.
TJX Accomplice Gets Probation for Selling Browser Exploit | Thre. Mozilla Fast-Tracks Fix For Critical Firefox Flaw. Revised Cybersecurity Act Reshapes Federal Compliance, Education. TJX Browser Exploit Accomplice Gets Probation. Majority of US, European Users Click on Spam.