Webroot identifies presidential campaign malware.
Webroot, a U.S.-based IT security vendor, says it has spotted the widespread deployment of malware hidden inside campaign videos for the presidential candidates of both major political parties. The problem stems, the firm says, from widespread usage of the Gnutella file-sharing network to disseminate hi-resolution campaign videos by the two candidates. According to Webroot, a quick search of the FrostWire network - which uses the Gnutella network format, apparently - indicated that of the 34 search results for "Obama Speech" 14 contained active malware while five of the 19 results for "McCain Speech" were found to be harboring malware. Source: http://security.itproportal.com/articles/2008/09/30/webroot-identifies-presidential-campaign-malware/
Transpacific undersea cable completed.
A crucial undersea fiber-optic cable that will provide more Internet capacity between the U.S. and China was completed Monday, according to news reports. Six of the world’s largest phone companies have finished building an 18,000-kilometer "Trans-Pacific Express" cable that will link the U.S., China, South Korea, and Taiwan, according to the Dow Jones news service. The high-speed link will provide more capacity for the region, which is currently served by a single low-capacity cable that provides connectivity between mainland China and the U.S. Most web traffic between the U.S. and China goes through Hong Kong or Japan. These routes can often cause transmission delays. The project, which cost about $500 million, was prompted when an earthquake off Taiwan’s coast in December 2006 severed several undersea data cables, which resulted in disrupted communications throughout much of Asia. The world’s largest phone companies decided that something had to be done to provide more infrastructure to the region.
Source: http://news.cnet.com/8301-1001_3-10053949-92.html
Kevin Mitnick detained, released after Colombia trip
Famed social engineer-cum-hacker tells a cautionary tale about the dangers of traveling into the U.S. with a laptop, and sending packages back home from Bogota.
Wed, Oct 01 04:00:00 PDT 2008 Read full story
Apple selling unlocked iPhone 3G in Hong Kong
T-Mobile stops taking Android phone orders
IBM releasing iNotes for iPhone
Study: Routine Misbehavior by End Users Can Lead to Major Data Leaks
Many end users don't understand the risks associated with breaking company security policies, report says
Attackers Mix Online, Offline Exploits to Mask Financial Fraud
Cybercriminals split the attack cycle into pieces that may appear unrelated in order to evade detection
New DOS Attack Is a Killer
With a newly discovered denial-of-service attack against broadband Internet connections, machines don't come back
A Simple Sync Can 'Sink' Your PC
Researchers release proof-of-concept for attack on Windows' ActiveSync 4.0
Wall Street meltdown expected to drive risk management investments http://cwflyris.computerworld.com/t/3693514/6339517/142045/2/
Health hazards for IT workers -- how that desk job wears your body down http://cwflyris.computerworld.com/t/3693514/6339517/142043/2/
Microsoft: Bad things happen to firms that use unlicensed Windows http://cwflyris.computerworld.com/t/3691317/6339517/142001/2/
Identity theft victim wins right to sue county clerk over posting of personal data http://cwflyris.computerworld.com/t/3691317/6339517/142005/2/
Toshiba to ship 256GB solid-state drives in October http://cwflyris.computerworld.com/t/3691317/6339517/142011/2/
Stolen Hard Drives Hold Sensitive Data of 50,000 UK Ministry of Defence Staff (September 26 & 29, 2008)
Personally identifiable information of as many as 50,000 UK military staff has been compromised due to the theft of three portable hard drives from the RAF Innsworth base in Gloucestershire. The unencrypted data include addresses, bank account numbers and medical records. The theft is under investigation by Ministry of Defence (MoD) police and Gloucestershire police. The MoD plans to notify all individuals affected by the data security breach.
http://www.computerworlduk.com/management/government-law/public-sector/news/index.cfm?newsid=11244
http://www.mirror.co.uk/news/top-stories/2008/09/26/safety-fears-for-50-000-raf-staff-after-personal-files-are-stolen-115875-20754809/
http://www.theregister.co.uk/2008/09/29/raf_usb_drives_stolen/
[Editor's Note (Honan): The stolen hard drives were apparently not encrypted as they were located in a secure facility. I guess the RAF has learnt a lesson in defense in depth and that you need to ensure you include layers of defense in the physical, logical and personnel domains.]
Los Alamos Needs to Implement Stronger Security, Says GAO (September 25, 26 & 29, 2008) According to a report from the US Government Accountability Office (GAO), cyber security vulnerabilities at the Los Alamos National Laboratory (LANL) could expose sensitive data. Although LANL has begun implementing previously recommended measures to improve data security, there are still holes in its unclassified network, which holds information about export control and sensitive employee data. The network itself has strong authentication measures in place, but once access is granted, users can find their way around the other security measures to access the sensitive data. The report also found weaknesses in physical security at LANL. The GAO made several recommendations for improving LANL's cyber security posture, including "requir[ing] the Director of LANL to ... ensure that the risk assessment for the unclassified network evaluates all known vulnerabilities and is revised periodically and strengthen policies with a view toward ... reducing ...
foreign nationals' access to the unclassified network."
http://www.theregister.co.uk/2008/09/29/los_alamos_cyber_insecurity/
http://www.fcw.com/online/news/153921-1.html
http://www.nextgov.com/nextgov/ng_20080929_5288.php
http://www.gao.gov/new.items/d081180t.pdf
Secondhand VPN Router Connects to Previous Owners' Network
http://news.bbc.co.uk/2/hi/technology/7635622.stm
... Overall, pay for security certifications was up 0.4% during the last six months and 2% during the last year (through July 1, 2008), compared with the downward trend of all IT certifications, which lost 2.5% during the last six months and 3.5% during the past year.
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1331613,00.html
NEW DATA BREACH COMPLIANCE RULES FOR RETAILERS IN CALIFORNIA
An amended version of the Consumer Data Protection Act, or AB 1656, is sure to be signed by Governor Schwarzenegger after the California State Assembly approved it by a 74-1 margin.
...
For an inside look at the new rules, visit AB 1656. As more stringent legislation is enacted, businesses need to be prepared and know where their data risks reside.
CSRF Flaws Found on Major Websites
Princeton University researchers reveal four sites with cross-site request forgery flaws and unveil tools to protect against these attacks
The data center from hell, Part 1 Seen any good horror movies lately? Here's the script for a security geek's version of the classic slasher flick.
The data center from hell, Part 2 Buitron: One circuit breaker was in a garage bay where company trucks parked. Anyone from the street could walk in at any time and throw the switch on the breaker box, cutting off power instantly to all of the company's servers.
Google sets up government sales shop to preach gospel of cloud computing to federal agencies
Adobe vulnerability exploits are mounting
Chuck Miller September 26, 2008
A new and previously unknown exploit toolkit exclusively targets Adobe's PDF format, and large numbers of PDF attacks continue.
No comments:
Post a Comment