Obama, McCain get a lesson in cybersecurityNews Brief, 2008-11-05
Both the Obama and McCain campaigns' computer systems were breached over the summer, allegedly by a foreign attacker, Newsweek reports.
Foreign governments attack White House, Obama, McCain campaign systems
In the middle of summer, Obama campaign leaders were told in no uncertain terms by the Secret Service and FBI that they had suffered a serious breach:
“You have a problem way bigger than what you understand,” an agent told Obama’s team. “You have been compromised, and a serious amount of files have been loaded off your system."
Adobe Reader vulnerability exploited in the wild
– these PDF documents exploit the JavaScript buffer overflow vulnerability. This is not surprising, though, as a fully working PoC has been recently published as well, but it's interesting to see that the attackers modified the PoC a little bit, probably in order to evade anti-virus detection.
And indeed – at the time of writing this article, according to VirusTotal 0 (yes – ZERO) AV products detected this malicious PDF. Very, very bad.
The payload is in a JavaScript object embedded in the PDF document.
Instant Messaging: Friend or Foe?
by Ricky M. Magalhaes
Articles / Misc Network Security
Taking a look at the security fundamentals and IM risks associated with opening up the messaging client access to the world.
Virtual Worlds Riskier in Financial CrisisNov 05,2008
Criminals 'follow the money' to where virtual and real-world economies converge
Social Engineering: Eight Common Tactics
Stealing your company's 'hold' music, spoofing caller ID, pumping up penny stocks - social engineers blend old and new methods to grab passwords or profits. Being aware of their tricks is the first line of defense.
Read more
Apple leapfrogs RIM for #2 slot on smartphone sales list
Apple and RIM both made gains in smartphone market share at the expense of market leader Nokia. Microsoft has dropped to number four.
November 07, 2008 - 11:48AM CT - by Chris Foresman
November 2008 Advanced NotificationPosted Thursday, November 06, 2008 10:07 AM by MSRCTEAM
Hello, Bill here.
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Nov. 11, 2008 around 10 a.m. Pacific Standard Time.
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of our regularly scheduled bulletin release, we’re currently planning to release two security bulletins:
· One Microsoft Security Bulletin affecting Microsoft Windows/Microsoft Office rated as Critical, and one affecting Windows rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
Extortionists Target Major Pharmacy Processor
One of the nation's largest processors of pharmacy prescriptions said Thursday that extortionists are threatening to disclose personal and medical information on millions of Americans if the company fails to meet payment demands.
St. Louis-based Express Scripts said that in early October it received a letter that included the names, birth dates, Social Security numbers and in some cases prescription data on 75 of its customers. The authors threatened to expose millions of consumer records if the company declined to pay up, Express Scripts said in a statement.
Hackers launch PDF attacks, exploit just-patched Reader bug A security researcher at the SANS Institute's Internet Storm Center warned Adobe Reader users to update their software as soon as possible now that attackers are exploiting a vulnerability in the software patched earlier this week. Read more...
FBI probes data theft blackmail scheme
Researcher: Android may not need antivirus software
Text Messaging, Facebook Can Get You in Legal Trouble
Politics: Obama Launches Change.gov
James Bond would like this:
20 Megapixel Cameras on Mobile Phones from Ericsson
Craigslist Tries To CloseMajor Security Breaches
SAN JOSE (CN) - Craigslist claims 12 copyright violators are selling illegal software with which users can bypass its security to post thousands of repetitive ads, maliciously interfering with Craigslist's business. The defendants advertise with statements such as, "I have unlimited phone numbers to verified craigslist accounts! Once you become my member, I will give you the discount to support your posting work!" according to the federal complaint.
http://www.avertlabs.com/research/blog/
Following on from Pedro’s blog yesterday [Election day is over] and the recent news that the computers of both Campaigners were hacked during the summer [Security focus blog], I wanted to give you a short overview of the different Malware we saw here at McAfee Avert Labs during the US Presidential race.
Due to the high media attention which Barack Obama received, it seems that the Malware Authors specifically targeted him instead of John McCain as a means of luring users into clicking on the Malware.
One of the first pieces of malware we saw which exploited the campaign was in August. This was a spammed email which contained a link to get_flash_updates.exe . The email contained the subject “Obama bribes countrymen to win votes”, if the user followed the link it would download Get_Flash_updates.exe which was a BackDoor-DNM Trojan.
Sinowal Trojan Keylogger Grabs Half Million Bank Credit Accounts From Microsoft PC Users By Grey McKenzie 10/31/2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment