Monday, April 13, 2009

Monday 04/13/09

VMware Security Advisories
April 10, 2009 VMSA-2009-0006
VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
[more]

----------

Report: Security Tops IT Budget Priorities
New research from Robert Half International finds companies are still putting money into IT security projects, even when budgets are tight.
Read more

----------

Taking a Lesson in Federal Compliance from the Chemical Industry
Honeywell's Jon Harmon says the industry's response to CFATS provides a model for compliance with stringent federal security requirements
Read more

----------

Microsoft Security On Display at RSA
CSO Senior Editor Bill Brenner talks to Doug Leland, GM of Microsoft's security and identity business group, about what the software giant will roll out at next week's RSA conference.
Read more

----------

Twitter Worm(s)
Twitter worm copycats
...a Twitter worm exploiting an XSS vulnerability in Twitter's profile page. Besides the "original" worm that was supposedly written by a teenager Mike Mooney there are some copycats out.

Twitter wrestles with fourth worm attack Another worm attack early on Monday kept the Twitter micro-blogging Web service chasing down infected accounts and deleting rogue tweets. Read more...

----------

Conficker.E
We’ve seen some activity in the Conficker space in the past two days and this has caused some questions from customers. Specifically, there have been reports of two possible new variants of Conficker. Our colleagues over at the Microsoft Malware Protection Center (MMPC) have done a thorough analysis of both of these and have determined that there’s really only one new variant, which they’re calling Conficker.E. Most importantly, the signatures that protect against Conficker.A are also effective at protecting against Conficker.E. The other possible new variant is only a slightly modified version of Conficker.D and our Conficker.D signatures protect against it. Also, our virus encylopedia entry for Conficker.D has been updated to include information about this slightly modified version.

1 in 5 Windows PCs still hackable by Conficker

----------

The History of the !exploitable Crash Analyzer
At the CanSecWest conference earlier this month we made our first public release of the !exploitable Crash Analyzer. While an upcoming white paper and the CanSecWest slide deck go into detail on the technology involved, we thought it might be useful to explore the history of the tool.

----------

Eight updates for Microsoft's forthcoming April Patch Tuesday
The hole in Excel will probably be fixed, but PowerPoint remains vulnerable. Redmond gives most patches a critical rating more…

----------

Paul McCartney's website hacked to distribute malware

----------

Report: U.S. power grid hit by hackers
Foreign spies have penetrated the U.S. power grid, and left behind malicious software that could be activated at a later date to disrupt the nation's electric system, The Wall Street Journal reported Wednesday.

The intruders, believed to be from China and Russia, likely hacked into the power grid over the course of several years so they could learn more about how the critical infrastructure works, the paper said.

U.S. intelligence officials -- not utility companies connected to the grid -- detected many of the compromises, which did not do any damage. The officials cautioned that there was no immediate threat but that if there was a war, the hackers may try to "turn on" the malware left behind.

----------

Survey: Financial crisis fuels identity theft fears

----------

Cyber spying a threat, and everyone is in on it AP - Thu Apr 9, 11:18 PM ET
Ghost hackers infiltrating the computers of Tibetan exiles and the U.S. electric grid have pulled the curtain back on 21st-century espionage as nefarious as anything from the Cold War — and far more difficult to stop.

----------

No comments: