Wednesday, May 13, 2009

Friday 05/15/09

New Wave of "Gumblar" Hacked Sites Installs Google-targeting Malware
PC World - Thu May 14, 3:38 PM ET
A new round of Web sites hijacks is attempting to install malicious, Google-focused software on unpatched PCs, according to security company ScanSafe, further cementing the drive-by-download approach as a bad-guy tactic of choice.

----------

Court Rules for FBI Agent Who Made Sex Tapes
By ANNIE YOUDERIAN
(CN) - The FBI improperly removed a special agent for videotaping his off-duty sexual encounters with three women, including two FBI employees, the Federal Circuit ruled.

----------

Nearly half of IT security budgets deemed insufficient
Angela Moscaritolo May 13, 2009
It's no news that the current economic situation has put a strain on companies' finances, but a recent survey aimed to quantify the toll the recession has taken on IT budgets.


----------

Who will check the security of cloud providers?
The most basic facts about your data – like where it is exactly and how it is replicated – become...


----------


FakeAlert Trojan Holds Systems For Ransom

In March 2009, we notified our customers on a new variant of the infamous Vundo trojan family which we detected as Ransom-F and raised its risk assessment to a Low-Profiled threat. It was possibly the first indicators of a shift in the FakeAlert criminal model from instilling fear, to holding information technology resources for ransom but certainly not the last.


Last week, we came across to a new variant of a rogue security program branded by its creators as “System Security 2009″ and detected them as FakeAlert-CO, and some of its past similarly branded cousins as FakeAlert-SystemSecurity.


The updated variants were discovered from a web page hosted on trustedw{blocked}security.com.As most other rogue security programs to date, FakeAlert-CO displays spurious alerts and making fraudulent claims of infections that requires the user to pay a fee to “repair”. Following the trend of Ransom-F, we noticed “new features” in FakeAlert-COthat resembles some common characteristics of ransomware trojans.


Once installed, FakeAlert-CO may either terminates all running user process or prompts the user to reboot.


----------


Class Objects to 3-Way Gas Nozzles
By KARINA BROWN
LOS ANGELES (CN) - Big gas companies installed single-nozzle gas pumps that save them money but cheat consumers by mixing grades of gas they dispense, a class claims in Federal Court. Lead plaintiff Jonathan Alvarez says Chevron, Exxon-Mobile, BP, Shell, and Valero all replaced their three-nozzle system with a single nozzle that dispenses all three grades of gas.


----------

Consumer Class Action
Fry's Electronics refuses to refund the sales tax on returned items, a class action claims in Los Angeles Superior Court.


----------


Malware most potent on social networks
Chuck Miller May 12, 2009
Malware distributed via social networking sites is 10 times more effective than malware spread via email.


----------


Court Rules Breach Victims Not Entitled to Restitution
By Kim Zetter
May 13, 2009
A federal judge has ruled that victims whose bank card numbers were stolen in a data breach are not entitled to sue if their losses were already reimbursed. Only customers who weren’t reimbursed for fraudulent charges may sue.


----------


Most Claims Dismissed in Hannaford Data Breach Suit

All but one of the legal claims filed against Hannaford Bros., the Maine-based retailer that suffered a security breach exposing some four million credit cards, have been dismissed.


----------


Botnet War: The Story So Far
CSO has been running a series on the fight against botnet herders and will release the next chapter Monday. Need to get up to speed? Here's the story so far.
Read more



----------


Heartland Breach Blamed for Failed Membership Renewals

http://blogs.washingtonpost.com/securityfix/

In February, Bill Oesterle began seeing nearly twice the normal number of transactions being declined for customers who had set up auto-billing on their accounts. The co-founder of Angie's List -- a service that aggregates consumer reviews of local contractors and physicians -- said he originally assumed more customers were simply having trouble making ends meet in a down economy.


But as that trend continued into March and April, the company shifted its suspicions to another probable culprit: credit card processing giant Heartland Payment Systems.

The data breach last year at Heartland -- a company that processes roughly 100 million card transactions a month for more than 175,000 businesses, has forced at least 600 banks to re-issue untold thousands of new cards in a bid to stave off fraud.

No comments: