China denies cyberattacks on U.S. power grid Malware attacks from China and Russia designed to shut down the U.S. electrical grid in a time of war did not occur, China said. Read more...
Power grid hackers probably got inside by attacking PCs, says researcher
The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said today.
----------
Microsoft warns of monster patch day next week
----------
Conficker cashes in, installs spam bots and scareware
The widespread worm finally reveals a money-making strategy and installs a fake security app.
Conficker, the Internet's No. 1 threat, gets an update
The Conficker worm is back in action and stumping security experts once again. One of the most craftily designed pieces of malware recently got an update and is finally starting to behave like other worms.
Conficker.E
We’ve seen some activity in the Conficker space in the past two days and this has caused some questions from customers. Specifically, there have been reports of two possible new variants of Conficker. Our colleagues over at the Microsoft Malware Protection Center (MMPC) have done a thorough analysis of both of these and have determined that there’s really only one new variant, which they’re calling Conficker.E.
----------
As expected, Facebook halts The Pirate Bay links
Facebook has ended its brief e-relationship with The Pirate Bay, the controversial BitTorrent search engine.
The Pirate Bay added a "Share on Facebook" button around two weeks ago to its site that allowed its users to post links to small information files, called torrents, on Facebook. The torrents are used to download audio, video and other content via the BitTorrent peer-to-peer (P2P) file-sharing network.
Facebook is now blocking those so-called bookmarklets as well as any links from The Pirate Bay, said Peter Sunde, of The Pirate Bay. The development was first reported by the file-sharing blog TorrentFreak.
...
----------
Making The Most Of Open Source Forensics Tools
Apr 10,2009
Emerging offerings can turn network forensics into a low-cost, do-it-yourself security project
Network forensic solutions products come in many different shapes, sizes, and price ranges, but it the end, they all have the same goal -- recording activity on the network. As IT budgets tighten with the economy, it might be time for your organization to take a closer look at a do-it-yourself approach to forensics that leverages free and open source tools.
----------
Wireshark 1.0.7 released
In case you hadn't noticed yet, they've updated one of our favorite tools, Wireshark. The new version includes some security fixes in several of the protocol dissectors (including LDAP). For the Mac fans, there is also an experimental package for MacOS X 10.5.5 and above.
----------
April 10, 2009
VMSA-2009-0006
VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
----------
Taliban, terrorists love Great Satan's great servers
about 4 hours ago - by Julian Sanchez Posted in: Law & Disorder
Here's an odd endorsement of US Internet infrastructure: American Web-hosting services are good enough and cheap enough that even the Taliban prefers them.
Read more
----------
Study: frequent IMs with your boss make you more productive
a day ago - by Jacqui Cheng Posted in: The Web
Workers who maintain online connections to their bosses produce more than those who don't, according to new research from MIT and IBM. This could be because those who don't "know" their bosses as well feel directionless, though people should be careful going overboard with those social communications.
Read more
----------
TSA Begins Checking Passengers for Secure Flight
The Transportation Security Administration within the Department of Homeland Security announced that it will now take over the responsibility for checking airline passenger information against government watch list. In October of last year, the Department of Homeland Security announced the Final Regulations for the Secure Flight program. All airlines were required to collect date of birth and gender from customers and provide this information to the TSA for watchlist verification.
TSA's Secure Flight Begins Vetting Passengers, DHS Press Release, March 31, 2009
----------
Sweden's tax authorities are cracking down on unreported webcam stripper income. They estimate that hundreds of Swedish women are dodging the law, resulting in a tax loss of about 40m Swedish kronor (£3.3m) annually. The search involves tax officials examining stripper websites, hours upon hours, for completely legitimate purposes. A slightly disheveled project leader said 200 Swedish strippers had been investigated so far, adding the total could be as much as 500. "They are young girls, we can see from the photos. We think that perhaps they are not well informed about the rules," he said.
Read More...
----------
Want To Get A Sense Of Just How Complex And Confusing Copyright Law Really Is?
Michael Scott points us to an article concerning the Library of Congress issuing a report on how copyright law applies to libraries who possess unpublished audio works recorded prior to 1972. The problem, you see, is that no one was exactly sure whether or not these recordings were actually covered by copyright law. The real problem, though, becomes pretty clear pretty quickly as you read through the article: copyright law is a house of cards. We just keep layering new rules on top of old rules, and figure the courts will sort out the places where they contradict, overlap or confuse. But that leaves a ton of uncertainty in a variety of situations -- including this particular one. It should be a simple question: if a library is in possession of an unpublished sound recording from before 1972, what's the copyright status? But the mess that is copyright law makes it such that it's hardly an easy question at all -- and actually requires an 85-page report from the Library of Congress to go through all of the nuances. And then your everday individual is expected to understand what is "right" and "wrong" in copyright law?
----------
A new report from Microsoft says that 97 percent of all email is spam, reflecting the degree to which email systems worldwide are swamped with the messages.
----------
Survey finds that SMBs often lack basic security
Angela Moscaritolo April 10, 2009
Despite being aware of the importance of security, small-to-medium-size businesses (SMBs) generally are not protecting their networks, according to a survey released Thursday by Symantec.
----------
Fix for Excel zero-day may be coming from Microsoft
Dan Kaplan April 09, 2009
Microsoft is planning to deliver eight patches -- including one that addresses a security threat in Excel -- to users next week.
----------
Microsoft report shows scareware, file-fomat bugs on rise
Dan Kaplan April 08, 2009
So-called scareware programs top the list of internet threats, according to Microsoft's sixth Security Intelligence Report.
----------
Cable Sabotage Cripples Internet for Parts of Silicon Valley
Deliberate sabotage is being blamed for a sizable internet and telephone service outage Thursday in Silicon Valley.
At 1:30 a.m., someone opened a manhole cover on a railroad right-of-way in San Jose, climbed down and cut four AT&T fiber optic cables. A second AT&T cable, and a Sprint cable, were cut in the same manner two hours later, farther north in San Carlos.
Service for Sprint, Verizon and AT&T customers in the southern San Francisco Bay Area has been lost, according to the San Francisco Chronicle. Police departments have put more units on the street, because nobody can call 9-1-1.
A much smaller Comcast outage affecting around 4,500 customers in San Jose began at around 1:00 p.m. Pacific time. Spokesman Andrew Johnson says the company is investigating the cause.
Update: AT&T is offering a $100,000 reward for information leading to the arrest and conviction of the vandal.
----------
Withered Rose…law done come and got him
I’m originally from down south and a local expression suddenly came back to me tonight. We had this crazy guy named George, lived a couple of houses down the road, always doing really strange things. I remember my uncle stopped by the house one day and said, “You know Ole George…law done come and got him.” Not a word, just nods. We all figured it was just a matter of time.
We’ve reported on Withered Rose here and here. Time Magazine has more on him here.
Well, for some reason, Withered Rose decided to start DDoS attacks on his fellow Chinese hackers at Hackbase, HackerXFiles and 3800hk. Speculation points toward website blackmail, which Rose and his gang have been notorious for in the past. Needless to say, the victims didn’t take very kindly to this sort of hacker-on-hacker violence.
What is kind of surprising, is that the hacker organizations he decided to attack turned over all of their evidence to the Public Security Department. According to the report from Hackbase, Withered Rose’s website has been shut down by authorities and he faces 7 1/2 years in jail…
----------
Computer Hackers Make Mega Millions From Mega Churches
http://www.nationalcybersecurity.com/blogs/881/Computer-Hackers-Make-Mega-Millions-From-Mega-Churches.html
...
In August 2008, the professionals at LIGATT Security International discovered a message that was posted by computer hackers in an unidentified hacker chat room referencing a Black Enterprise magazine article that detailed the affluence of African American mega churches and their Bishops. In this chat room, a hacker was quoted saying, “I’ve been hacking churches for years and have never been caught. I have full access to over one hundred churches and sell their members’ names and addresses to illegal Mexican immigrants for their identities at $10 a pop.”
Although the security guards and off duty police officers heavily monitor the physical property of most mega churches, these professionals often focus solely on securing cash donations. Rarely do they consider that once the debit and credit card information is entered into the computer, all a computer hacker must do is open their laptop and attack.
“One of the problems with mega churches is that they trust IT professionals to protect their computer systems, not realizing that they are not computer security professionals”, says Gregory Evans, CEO of LIGATT Security International and Certified Ethical Hacker. “Furthermore, what we have seen at many mega churches are IT professionals that began as volunteers. These individuals were usually computer enthusiasts who volunteered when the church was small and later inherited their position as the church continued to grow. Whatever the case may be, it is important for churches to understand that IT professionals are not equipped to handle computer security”, Evans reveals.
...
----------
Russian President warns of foreign threat to 'Net security
Foreign investors in Internet companies pose a potential threat to national security, Russian...
----------
W32/Winemmem - Know Your Enemy
Thursday April 9, 2009 at 4:25 pm CST
Do you remember what the first goal of file infector distribution is? It is demand. Without demand, infected files may never be downloaded by end users. What is the second goal? To stay undetected by most AV products. A week ago we found a new file infector that fits the bill.
Nowadays, instead of relying on mass mailing, malware authors are specifically attacking individual companies producing popular software. We’ve been contacted by several software development companies with a similar issue - suspected malware on their machines. Somebody noticed that hashes calculated for setup installers and packages distributed to million of customers were different from what they should have originally been.
...
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment