Wednesday, March 25, 2009

Wednesday 03/25/09

New ransomware holds Windows files hostage, demands $50 Cybercrooks have found a new way of marketing fake security software, and are duping users into downloading a file utility that holds users' data for ransom, security researchers warned today. Read more...

----------

Senate committee demands DHS explain alleged lack of support for cybersecurity office
The Senate Homeland Security Committee's senior-most Republican is asking DHS Secretary Janet Napolitano to explain why the National Cyber Security Center (NCSC), set up within the department last year, has seemingly been marginalized by the agency.

----------

Heartland warns rivals about 'baseless' claims on postbreach Visa action
Heartland Payment Systems Inc. is warning rivals of possible legal action if they don't stop trying to lure away its customers by hinting that continuing to do business with the breached payment processor could expose companies to fines by Visa Inc. for noncompliance with the PCI data security rules.

In a message posted on Heartland's Web site on Monday, CEO Robert Carr said the company plans to sue competitors that don't "immediately" stop making what he described as "baseless and unlawful" claims related to Visa's removal of Heartland from its list of service providers that comply with the PCI rules (download PDF).
...

----------

Microsoft updates WGA to hunt down counterfeit Windows XP Pro
March 25, 2009 (Computerworld) Microsoft Corp., tacitly acknowledging the continued popularity of Windows XP, said yesterday that it was updating the operating system's antipiracy technology to detect illegal copies installed with newlystolen or faked product keys, or with new activation cracks.

In an entry to a company blog, Alex Kochis, director of Microsoft's Genuine Windows group, spelled out the update to WGA Notifications. That's the antipiracy component that provides the messages and other on-screen prompts when the other half of WGA, dubbed Validations, detects an illegal copy of the operating system.

----------

Cisco security updates squash router bugs
Eight big, new advisories that came out Today (Wednesday): http://www.cisco.com/en/US/products/products_security_advisories_listing.html

The patches were released today, the day Cisco had previously scheduled for its twice-yearly IOS updates. None of the bugs have been publicly disclosed ahead of today's updates, but some of them were reported to Cisco by outside sources.

The eight updates fix 11 security vulnerabilities, according to Jean Reese, senior manager with Cisco's Product Security Incident Response Team.

----------

Adobe details secret PDF patches
Adobe Systems Inc. revealed today that it patched five critical vulnerabilities behind the scenes when it updated its Reader and Acrobat applications earlier this month to fix a bug already under attack.

According to a security bulletin issued today, the updates to Reader 9.1 and Acrobat 9.1 that Adobe delivered on March 10 included patches for not just one bug -- as Adobe indicated at the time -- but for five other vulnerabilities as well.

Foremost among the five were a quartet of bugs in Adobe's handling of JBIG2 compressed images, which was also at the root of the original vulnerability made public in February. When Adobe updated Reader and Acrobat to Version 9.1 two weeks ago, it fixed all five JBIG2 flaws, though it admitted only to the one at the time.

That bug has been used by hackers since at least early January, when they began sending malformed PDF files to users as e-mail attachments.

----------

China becoming the world's malware factory
With China's economy cooling down, some of the country's IT professionals are turning to cybercrime, according to a Beijing-based security expert.

Speaking at the CanSecWest security conference last week, Wei Zhao, CEO of Knownsec, a Beijing security company, said that while many Chinese workers may be feeling hard times, business is still booming in the country's cybercrime industry. "As the stock market dropped like a stone, a lot of IT professionals lost lots of money on the stock market," he said. "So sometimes they sell zero days," he said, referring to previously unknown software bugs.

"China is not only the world's factory, but also the world's malware factory," Zhao said.

----------

Nasty New Worm Targets Home Routers, Cable Modems
PC World - Wed Mar 25, 11:30 AM ET
A computer worm has been discovered that can infect 55 different home-based routers and DSL/cable modems including common brands like Linksys and Netgear.

----------

Teen hacker turns corporate cyber-crime consultant
AP - Wed Mar 25, 9:13 AM ET
WELLINGTON, New Zealand - A New Zealand teenager who helped a crime gang hack into more than 1 million computers worldwide and skim millions of dollars from bank accounts has a new job as a security consultant for a telecom company.

----------

Macs: Not as Secure as We Thought?
When it comes to technology, security is a relative term.

----------

Web Scam Nets Criminals $10,800 a Day
No crunch here, finds Finjan.

No comments: