FCC Fines 600 Carriers For Privacy Issues
Many didn't adhere to new anti-pretexting regulations....
The FCC this week levied more than $13.3 million in fines on some 660 small telecommunications companies for failing to adhere to new FCC guidelines regarding customer privacy. After complaints in recent years surfaced about data brokers illegally gleaning consumer information from many carriers (like in the HP scandal), the FCC crafted new regulations for carriers aimed at protecting this data, and a new reporting method aimed at ensuring carriers are protecting Customer Proprietary Network Information (CPNI).
----------
Adobe Acrobat pdf 0-day exploit, No JavaScript needed!
So there is a brief blog post linked below that highlights the fact that the new adobe PDF vulnerability can be exploited without the use of JavaScript. This is obviously really bad news for anyone who is responsible for protecting environments where PDF's are present. I think what a lot of people will find is just how prevalent JBIG2 streams are in "run of the mill" PDF files that are floating around their systems. This means that simply looking for JavaScript + JBig streams in PDF files is not going to do you much good moving forward.
All of the current observed samples are still utilizing JavaScript; this will NOT be the case moving forward!
Let me repeat again. YOU DO NOT NEED JS TO MAKE THIS EXPLOIT WORK. The JavaScript method employed by these attacks is "tried and true" when it comes to creating the right conditions for a reliable exploit.
----------
20 cynical project management tips
Michael Krigsman: Ever wonder why so many projects fail? Well, here's your guide to the seamy underbelly of IT project management.
----------
Pushdo's "Classmates" Invitation is a TrojanFebruary 27, 2009Fake Classmates video invitations are being spammed by Pushdo to spread infostealing Malware.
----------
ID Theft Is Top Consumer Complaint
WASHINGTON (CN) - Identity theft accounted for 26% of the consumer complaints sent to the Federal Trade Commission in 2008 - 313,982 of the 1,223,370 complaints the agency received - the FTC said in a report released Thursday.
----------
Spoofed Delta Airlines emails contain trojan
Angela Moscaritolo February 27, 2009
Emails spoofed to look like they are coming from Delta Airlines to confirm a ticket purchase are attempting to infect users with a trojan.
----------
Obama's budget proposal increases spending for cybersecurity
Chuck Miller February 26, 2009
President Obama is asking for $355 million in next year's budget to fund the Department of Homeland Security's cybersecurity work.
----------
Crooks use "trendy" tactic to poison Google search results
Angela Moscaritolo February 26, 2009
Many of the 100 most popular Google search terms now yield a malicious site serving fake anti-virus software in the highest search results, Craig Schmugar, threat research manager for McAfee Avert Labs told SCMagazineUS.com Thursday.
----------
Techies end-run feds on DNS security
Authentication alternatives proliferate as U.S. delays signing of Internet root zone.
----------
Despite patch by Cisco, Microsoft, others, DNS is not secure, researcher says
Permanent fix needed for DNS security issues, Kaminsky warns
VeriSign: We will support DNS security in 2011
----------
Parkingticket.com just announced new compatibility with the Safari web browser on Apple's iPhone, giving you new tools to immediately contest a parking ticket. The site is so confident in their service that if all steps are followed and the ticket is still not dismissed they will pay $10 towards your ticket.
----------
Clipped from another article:
"... last month's news about Microsoft laying off the entire Flight Simulator dev team..."
----------
25 February 2009
Microsoft fixes AutoRun disable option
Microsoft has announced an update to fix the option that allows administrators to disable AutoRun as a precaution against Conficker worm infection more…
----------
Several vulnerabilities in SHA-3 candidates
Experts have found buffer overflows and other security problems in some of the implementations of the candidates for the new hash standard more…
----------
The Cryptography Olympics : the hash algorithm contest
36 teams have qualified for the international competition for the best encryption algorithm more…
----------
More information about the new Excel vulnerability
This morning, we posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment.
Office 2007 being targeted
The current attacks we have seen target users of Office 2007 running an earlier version of Windows (Windows 2000, XP, 2003). The exploit technique used in these attacks would not work on Windows Vista or earlier versions of Microsoft Office without substantial improvements made by attackers.
We analyze a lot of Office content type exploits and this is the first time we have seen a working exploit in-the-wild that is able to run code on Office 2007.
----------
Hope for a New Cybersecurity Administration
----------
Report: More Than 500,000 Websites Hit By New Form Of SQL Injection In '08Feb 25,2009 New Web breach incident report finds the bad guys deploying more automated attacks, targeting customers rather than data on sites
----------
Obama's e-health plan: Three heavyweight health IT leaders weigh in
They say consumers, as well as their physicians, should have control of their health care records in a coordinated approach
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment