Security News: Archive: May 2010

Whisper Systems Intros Android Security Apps

The applications provide encrypted voice and text solutions for Android smartphones.

Five Indicted for Bank Security Breach

The charges are connected to a 2007 theft of almost $450,000.

Data Theft Puts NC Employees At Risk

A pair of unencrypted DVDs storing names and social security numbers of current and former Charlotte, NC city employees has vanished into thin air.

Adobe Considers Joining Patch Tuesday Schedule

The company may soon start matching Microsoft's monthly Patch Tuesday schedule.

SLC Cyber Attack Nets Over $100,000

The funds were stolen from Utah's Treasury Credit Union.

Hackers Target Phone Systems

Australian police say they've recently seen a dramatic increase in the amount of money being lost through the attacks.

Phishing Scam Targets Military Credit Unions

A pair of phishing sites masquerading as credit unions used by military servicemen and servicewomen has been stealing personal banking information for months.

Symantec Wants Security Everywhere

The company has introduced an intiative to offer security and backup solutions for everything from mobile phones to media hubs.

Clegg Says NASA Hacker Should Stay in UK

The UK's new deputy prime minister says it's morally the right thing to do to try Gary McKinnon in the UK.

Two Men Arrested for Hentai Malware

Japanese police have arrested two men suspect of imvolvement in a malware campaign.

Massive Gaming Data Theft Discovered

Symantec researchers have found a server hosting details on 44 million stolen gaming accounts.

Cisco Warns of Security Flaws in Building Systems

The company has warned of serious vulnerabilities in its Cisco Network Building Mediator products.

Researcher Infects Self with Malware

Mark Gasson says he's the first person in the world to be infected with a computer virus.

Adobe Patches Photoshop Security Holes

The company says the vulnerabilities could give an attacker complete control of the affected system.

AmEx Security Lapse Discovered

A computer engineer found that a supposedly secure portion of the company's web site isn't.

More Security Issues Found in LANrev Spyware

The vulnerabilities place any company using the software at risk.

British Researcher Offers Improved Data Security

Nigel Smart's solution could help improve the security of sensitive data.

Foxconn Web Site Hacked

The electronics manufacturer's site has been defaced with a 'help wanted' notice stating that the facility is a good place to commit suicide.

Lawmakers Ask Google for Answers on Wi-Fi Data Snare

Three prominent representatives ask Google for answers about the scope of its Street View operation, which mistakenly collected Internet transmissions over open Wi-Fi networks.

Symantec Eyes Cloud Security for Smartphones, Internet Devices

The world's largest security software maker invested an undisclosed amount in Mocana, a San Francisco security firm that specializes in protecting connected devices beyond the PC.

Clam Anti-Virus Updated

Version 0.96.1 patches a number of key vulnerabilities.

Wells Fargo Acknowledges Security Breaches

The bank has disclosed two recently security breaches involving company insiders.

Man Jailed for Scientology Cyber Attack

Brian Thomas Mettenbrink has been sentenced to a year in jail for a denial of service attack against the Church of Scientology.

Malware Infects VA Medical Devices

More than 122 medical devices have been infected over the past 14 months.

Web Host Shuttered by Cyber Attack

Media Temple was recently hit by a crippling DDoS attack.

McAfee to Acquire Mobile Security Provider

The company has announced plans to buy Trust Digital.

Twitter for iPhone Used as Malware Bait

Trending topics on Twitter are being used to fool victims into downloading malware.

New Meru Product Offerings Strengthen WLANs

This week, Meru announced four new Service Assurance applications, including its own WIPS.

New Phishing Tactic Discovered

The method, called tabnapping, takes advantage of the fact that most people leave multiple browser tabs open at once.

No Jail for Trudeau's Cyber Attack

An appeals court has overturned Kevin Trudeau's 30-day prison sentence.

Researchers Warn of Wireless Cyber Attack

University of Calgary researchers say public Wi-Fi connections could be used to bombard computers with adware.

Symantec Announces Protection Suite Advanced Business Edition

Aimed at small businesses, Symantec's new suite--due out next month--bridges the gap between classic endpoint security, and backup and recovery.

Examining the Eleonore Malware Kit

The kit is designed to probe the visitor's browser for known security vulnerabilities.

Security Firm Acquires Comdom Software

Eset recently purchased the anti-spam provider.

Alexander Takes Over U.S. Cyber Security

General Keith Alexander is now in charge of U.S. Cyber Command.

Google Home Page Prompts Security Fears

The addition of a playable Pac-Man game to the site made some users think they'd been hit by malware.

Ancient Safari Security Vulnerability Remains

The flaw was first disclosed in May of 2008.

Sourcefire Expands IPS App Awareness

IPS vendor re-engineers its core product to enable more rapid application awareness updates to better protect enterprise security.

Rent a Botnet for Cheap

According to VeriSign iDefense, bot herders are renting out botnets for £5.99 an hour.

New Malware Attack Hits Facebook

The speed of its spread has security experts worried.

Ex-Hacker Lamo Institutionalized

Adrian Lamo was recently hospitalized for Asperger's Disorder.

Security Comparison: Hotmail vs. Gmail

ZDNet's Dancho Danchev compares Hotmail's new security features with those of Gmail.

Google Enhances Search Security

The company has added the option of SSL encryption to its search offering.

Apache Derby Gets Security Update

The project has been updated to version 10.6.1.0.

Assessing Facebook Privacy

ReclaimPrivacy.org offers an online tool to help Facebook users check the privacy of their accounts.

PlainsCapital Agrees to Security Breach Settlement

More than $800,000 was stolen from a customer's online account in 2009.

Facebook Users On Lookout for 'Beach Babe' Malware

For the second weekend in a row, Facebook's 400 million-plus registered users are being targeted by a malware scam disguised as a video of attractive, scantily dressed women.

IBM Offers USB Drives Infected with Malware

The company gave out malware-ridden drives at the recent AUScert security conference.

Facebook CEO Admits Mistakes, Promises Improved Privacy

In his first public comments addressing the recent surge of criticism over changes to Facebook's privacy settings, Mark Zuckerberg says the company will release new controls.

Final Episode of Lost Used as Malware Bait

The episode is being used as bait to trick victims into downloading rogue anti-virus software.

MasterCard, Heartland Settle Over Security Breach

Under the terms of the settlement, Heartland will make up to $41.4 million available to eligible MasterCard card issuers.

Cybercrime-Friendly ISP Fined $1.1 Million

3FN's assets have been seized and will be sold.

FTC May Investigate Google over Wi-Fi 'Gaff'

U.S. Reps have asked for detailed information about the Internet traffic that Google inadvertently collected when it equipped the cars in its StreetView fleet with software designed to collect only basic, non-sensitive Wi-Fi data.

Oracle Acquiring Firewall Provider Secerno

Database security firm Secerno will be bought by Oracle.

Cybercrime Forum Hacked

A German forum for trading stolen financial data was recently hacked.

Oracle Buys Firewall Products Provider Secerno

Secerno makes a series of hardware and software products for database protection.

NASA Hacker Escapes Extradition for Now

The new UK home secretary has halted Gary McKinnon's extradition for review.

Trojan Poses as Office 2010 Beta

An email offers a beta of the software as an attached zip file, which contains malware.

Documentary on Hackers Leaked onto Pirate Bay

The documentary 'Hackers Wanted' had never been released.

Apple Releases Java Security Updates

The updates include Java 6 Update 20 from mid-April, as well as other previously missing Java 6 updates.

Facebook to Simplify Privacy Options

The company's head of public policy says the new privacy options will be available within the next few weeks.

Majority of Facebook Users May Quit over Privacy

A Sophos survey finds that 60 percent of users are considering quitting Facebook due to privacy issues.

Symantec to Acquire VeriSign's Security Division

The deal will cost Symantec approximately $1.28 billion.

LifeLock CEO Hit by Identity Theft 13 Times

Todd Davis has been a victim of identity theft far more frequently than had previously been reported.

Microsoft Plans Improved Security for Hotmail

Among the improvements will be the ability to link a specific computer to a user's account.

Facebook Privacy Bug Discovered

The flaw was uncovered by Alert Logic senior security analyst M.J. Keith.

Federal Agencies Plead For Cybersecurity Ideas

As the administration continues its efforts to overhaul the federal government's approach to cybersecurity, agencies are launching an online portal asking for research proposals.

Man Charged with Cyber Attack on Conservative Web Sites

Michael Frost has been accused of using his school's computer network to launch DDoS attacks.

Manchester United Phone System Hacked

Chelsea soccer fans recently changed the team's recorded message.

Phishing Site Targets Prepaid Debit Cards

Symantec researchers are warning of a site that specifically targets users of a leading prepaid debit card service.

Dutch Transit Web Site Hacked

The site was shut down after a hacker demonstrated that he could view 168,000 passengers' personal information.

FTC Investigates Copy Machine Privacy Issue

The Federal Trade Commission is trying to determine whether manufacturers and resellers are warning customers about privacy issues surrounding data stored on the machines' hard drives.

Smartphone Security Provider Gets $11 Million

Lookout has received $11 million in a funding round led by Accel Partners.

EFF Warns of Significant Browser Privacy Concerns

The Electronic Frontier Foundation says browsers provide Web sites with enough data to get a unique picture of their visitors about 94 percent of the time.

Microsoft to Disclose Security Vulnerabilities to Governments

The company will share vulnerabilities with governments worldwide before they're patched, in order to help secure critical infrastructure and assets.

Samba Update Patches Security Vulnerabilities

Version 3.4.8 of the file and print server patches two denial of services vulnerabilities.

The New Mobile Cyber Attack

Banker Trojans targeting smartphones have appeared in recent months.

Adware Attack Targets Facebook Users

According to Sophos security researchers, the attack is designed to infect users' PCs with revenue-generating adware.

Anti-Virus Update Declares War on WoW

A Symantec update recently identified a component of World of Warcraft as potentially malign.

PostgreSQL Updates Patch Security Vulnerabilities

Users of PostgreSQL 7 and 8 have been advised to update their installations.

P2P Networks Breach Health Care Data Security

Researchers at Dartmouth College's Tuck School of Business have found that health care organizations are still leaking significant amounts of private medical data over file sharing networks.

Germany Now Requires Wi-Fi Security

Internet users who leave their Wi-Fi networks unprotected can be fined up to 100 euros.

The Financial Rewards of Phishing

According to PhishLabs researchers, phishing can be a very lucrative way to make a living.

New Site Vividly Demonstrates Facebook Privacy Issues

The site is designed to expose the privacy risks inherent in using Facebook.

TJX Hacking Accomplice Arrested in India

Ukranian hacker Sergey Valeryevich Storchark allegedly helped Albert Gonzalez sell stolen credit card data.

MySQL Update to Patch Security Flaws

Version 5.1.47 is expected to patch three security vulnerabilities.

Laptop, Medicaid Patients' Data Disappear

Nearly 10,000 citizens enrolled in New Mexico's Medicaid Salud plan had their social security numbers and other personal data exposed after an unsecured laptop was stolen.

Google Apologizes for Snaring Wi-Fi Data

Under pressure from German data-collection authorities, search giant confesses that its Street View cars have been inadvertently collecting unsecured network information.

Google Intros Search Data Encryption

The company will start offering encrypted search this week.

Security Guard Hacked Employer's Computers

Jesse William McGraw broke into more than 14 computers at Dallas' North Central Medical Plaza.

Laptop Theft Results in Medicaid Privacy Breach

A laptop containing information on 9,600 patients was stolen in March.

Diffie Hired as ICANN Security Advisor

Whitfield 'Whit' Diffie is ICANN's new vice president for information security and cryptography.

Google Acknowledges Wi-Fi Privacy Breach

The company recently admitted that its Street View vehicles have been collecting samples of payload data from open Wi-Fi networks.

Verizon Business Rolls Out New Security-as-a-Service Portfolio

Verizon Business says SaaS will make it easier and cheaper for enterprise customers to log into corporate networks, share data from mobile devices and more.

Researchers Warn of Automobile Security Risks

Computer scientists recently determind that car computer systems were surprisingly easy to hack.

Cyber Attacks Bolstered by Phone Calls

Telephony denial of service attacks are being used as a diversionary tactic while hackers empty a victim's bank account.

Pidgin Update Patches Security Vulnerability

Version 2.7.0 of the instant messenger application addresses a denial of service issue.

Researchers Develop CPU that Warns of Security Flaws

Columbia University scientists have developed a chip design that checks for surreptitiously installed backdoors.

Malware Distributed via Google Groups

The attackers send e-mails to Google Groups members asking them to update their e-mail settings by clicking on a link.

Controlling a Botnet via Twitter

A Sunbelt Software researcher has discovered a tool that creates botnets controlled by Twitter accounts.

Scottish Univeristy Announces Security Degree

The final project for the degree will be an investigation into a new technique for examining digital data.

Security Breach Releases Data on 207,000 Army Reservists

A stolen laptop contained a significant amount of private data.

Hacker Selling 1.5 Million Facebook Accounts Identified

Facebook won't name the hacker, but says he's based out of Russia.

Facebook Tightens Login Security Features

Leading social network Facebook is taking steps to improve authentication by blocking suspicious logins and providing users with enhanced notifications.

Single Group Blamed for Most Phishing Attacks

The Anti-Phishing Working Group says the Avalanche phishing gang was responsible for two thirds of all phishing attacks in the second half of 2009.

New Cyber Attack Leverages Web Servers

Imperva researchers have discovered a botnet that uses Web servers to launch denial of service attacks.

New ATM Adds Biometric Security

Polish bank BPS is now using biometrics instead of PINs.

Microsoft Ends Security Support for Windows XP SP2

The company will stop issuing security updates for Windows XP Service Pack 2 and Windows 2000 as of July 13.

FBI Gets Access to Evidence in Webcam Privacy Lawsuit

A federal judge has given the FBI access to school computers and thousands of images taken of high school students.

Privacy-Friendly Google Search Returns

The not-for-profit Scroogle is back up and running.

Malware Emails Target HR Staffers

The emails include attached zip files containing malware.

Judge Rejects Identity Theft Plea Bargain

US District Judge Joan Lenard says the punishment does not match the magnitude of the crime.

Facebook Circles Wagons Amid Privacy Complaints

The world's biggest social network is calling an all-hands company meeting to discuss its growing image problem over its approach to privacy.

Mozilla Expands Plugin Checker for Rival Browsers

Effort to identify at-risk plugins moves beyond Firefox to include Internet Explorer and other browsers, but does it work?

Security Vulnerability Found in Yelp Personalization

The security hole could expose personal data on Facebook users who access Yelp.

Alexander Confirmed as Cyber Security Chief

The Senate has unanimously confirmed Keith Alexander as head of the US Cyber Command.

Adobe Patches Critical Security Vulnerabilities

According to the APSB10-12 security bulletin, 18 of the 21 flaws affect the Shockwave Player.

Wombat Intros Phishing Game

Anti-Phishing Phyllis is designed to teach players how to spot fraudulent emails.

Cyber Security Firm to Tweet Hacking Tips

Ligatt Security International has announced a Twitter campaign called 'How to Become a Hacker in 15 Minutes.'

PHP-Nuke.org Malware Removed

The attack appears to have been the work of the Eleonore exploit kit.

Security Firm Finds Gaps in Popular AV Software

Researchers at Matousec are warning that a kernel-level attack can be used by hackers to bypass leading security software applications for Windows-based PCs and devices.

PlayStation Site Hacker Fined $5,000

Sony had asked for a $33,200 fine, but the judge imposed a much reduced penalty.

Cost of Heartland Security Breach Reaches $140 Million

Heartland Payment Systems' quarterly financial results indicate that the company has accrued $139.4 million in breach-related expenses.

Safari Zero Day Vulnerability Discovered

The unpatched flaw is rated highly critical.

Trojan Poses as Windows Upgrade Advisor

The Trojan is disguised as a Microsoft Windows 7 compatibility tool.

Following Privacy Complaints, Facebook Hires Former FTC Chair

The company has hired Tim Muris in response to increased government scrutiny of its privacy policies.

How to Handle Cyberwar

The question of how a country should respond to cyber attacks has no easy answers.

Cyber Attack Hits Wrecking Firm

More than $70,000 was stolen from Jackson Demolition's online bank account.

Facebook Board Member Snared by Phishing Attack

Jim Breyer's account was recently hit by a scam called FBDigits.

WordPress Sites Hacked

The hacked Web pages have been infected with scripts that install malware on users' systems.

Romanian Police Question Phishing Gang

Investigators says the group stole approximately $1 million.

Verizon, Secret Service Partner on Security Breach Analysis

Verizon will soon start including data from the U.S. Secret Service in its Data Breach Investigations Report.

PHP-Nuke Site Hacked

Websense security researchers report that the phpnuke.org site has been compromised.

Yahoo! Messenger Malware Also Targets Skype Users

The worm now arrives via instant message through Yahoo! Messenger or Skype.

Astaro Issues Flawed Firewall, Anti-Virus Updates

The update can block all Internet connections.

Heartland Data Theft Settlement Approved

A federal court has given preliminary approval to a $4 million settlement.

Spammers Fined $2.6 Million

Asis Internet Service has won a lawsuit against a company that sent almost 25,000 spam emails in an 18-month period.

Researchers Warn of Anti-Virus-Proof Attack

Security researchers at matousec.com have developed an attack that sidesteps dozens of the most popular anti-virus solutions.

Twitter Bug Let Users Kidnap 'Followers'

Gadget site uncovers simple way to force other users to follow you, even big movie and TV stars, but Twitter staffers rush out a fix to the weakness in the system.

Visa Warns of Imminent Cyber Attack

Visa says it has received reliable intelligence warning that a criminal group will soon attempt to process large amounts of fraudulent payments.

Former MySpace CSO to Launch Security Company

The new company, SSP Blue, will focus on safety, security and privacy.

Xinhua News Agency Hacked

The 'news center' section of the site was recently found to be distributing malware.

Questioning Mac Security

ESET's David Harley says there's a large gap between the perceived threat to Apple products and the reality of how many potential exploits exist.

Microsoft to Fix Two Vulnerabilities on Patch Tuesday

The company will fix vulnerabilities in Windows and Office on May 11.

Phishers Target Apple Gift Cards

The emails offer to check the balance remaining on the recipient's Apple gift cards.

Security Researcher to Demo ATM Rootkit

Barnaby Jack will disclose the rootkit at July's Black Hat Las Vegas.

UK Privacy Watchdog to Investigate Security Lapse

The Information Commissioner's Office will investigate the recent loss of a USB drive containing data on patients and staff at a mental hospital.

Coast Guard IT Security Flaws Found

A recent audit found 20 IT deficiencies in the system.

Security Forecast 'Cloudy' at Interop LV 2010

Faster network infrastructure pushes more virtualized services into the cloud, reshaping security risks and strategies.

Microsoft Debuts New Forefront Security Tools

Microsoft rolls out two new products for protecting customers' enterprise data through the use of multiple malware engines on SharePoint collaboration servers.

Yahoo Messenger Users Targeted By Clever Worm

Instant messaging fans using Yahoo Messenger have been infected by a worm that's disguised as a photo link from a member of a user's contact list.

Facebook Privacy Flaw Exposes User Data

The flaw enabled Facebook users to view the live chats of other users.

Former Con Man Helps FBI Catch ATM Hacker

The hacker made the mistake of asking a reformed con man for help with the scheme.

Security Lapse Exposes Mental Hospital Data

A USB drive containing patient medical records was recently found in a parking lot near the hospital

Handheld Devices Fail at NYSE

The cause of the failures is still unknown.

Microsoft Secretly Patches Two Security Flaws

MS10-024 fixed two flaws that were never disclosed.

Congressmen Introduce Privacy Bill

The bill would require companies to disclose how they collect and share customers' personal information.

Sophos Warns of Active Twitter Pharma Spammers

Sophos researchers have filed complaints about the account, but nothing has been done.

Hackers Trading Facebook Accounts in Bulk

According to iDefense researchers, hackers are selling large volumes of both fake and stolen accounts.

Change in Tactics for Gumblar Botnet

A new version checks where a newly infected machine is located.

Foxit Patches Reader Security Vulnerability

The new version blocks some recently-disclosed attacks.

Air Force Unveils Cyber Security Badge

The new Cyberspace Badge features lightning-bolt wings extending from a central globe.

Mariposa Botnet Suspects Applied for Security Jobs

Two of the suspects recently approached the technical director of Panda Labs, looking for work.

UK Cyber Security Challenge Site Hacked

The site was recently found to have an XSS vulnerability, just days after launching.

Opera Discloses Severe Security Flaw

The flaw could expose users to remote code execution attacks.

Tiptoe Increases Mac Privacy

The application enables private browsing functionality for a wide range of applications.

Microsoft Calls for a Cybercrime Framework

Charged with improving Internet and software security, Microsoft's Scott Charney makes recommendations about how to better protect PCs and track down cyber criminals worldwide.

House Privacy Bill Arrives, Leaves Advocates Fuming

After more than a year of hearings and meetings, Reps. Rick Boucher and Cliff Stearns debut draft privacy legislation that would set parameters for online marketers.

FireEye Touts Next-Generation Malware Protection

New inline threat-prevention appliance incorporates integrated Malware-VM and Malware-Callback filters to inoculate networks.

Hospital Data Breach in Kentucky Affects Thousands

A flash drive storing patient names, birth dates, admission and discharge dates, as well as insurance information has gone missing from a Kentucky psychiatric hospital.

Consumer Groups Issue Online Privacy Warning

A coalition of 11 consumer and privacy groups has stated that the tracking and targeting of consumers online has reached alarming levels.

Treasury Department Sites Hacked

The web sites redirect visitors to pages that attempt to install malware.

Hackers Release Jailbreak Software for iPad, iPhone

The Spirit jailbreak software has been made available online.

Adobe Releases Photoshop CS4 Security Update

A vulnerability makes it possible for an attacker to gain control of a computer using manipulated TIFF files.

Trojan Targets Facebook Users

An email offering a Facebook toolbar actually delivers a Trojan.

PDF Viewer Could Increase Windows Security

An F-Secure researcher says Microsoft should create an application like Apple's Preview.

Malware Targets Yahoo! Messenger Users

The worm enables an attacker to take over the victim's machine.

Phishing Emails Target Amazon Customers

Fake Amazon.com newsletters are being used to lure visitors to malicious sites.

Imation Adds Encryption, Authentication

Imation's Defender collection of storage devices meets international standards for encryption, including FIPS 140-2 (Levels 1 or 3, depending on device type).

NIST to Lead Cyber Security Education Initiative

The National Institute of Standards and Technology will be in charge of the National Initiative for Cybersecurity Education.

Wiretapping Increases 26 Percent

Courts authorized 2,376 criminal wiretap orders in 2009 -- not one request for a wiretap was turned down.

Glype Proxy Script Fails to Conceal User Identity

A researcher has warned that Glype is frequently misconfigured, making logs available online.

Palin E-mail Hacker Convicted on Two Charges

David Kernell was convicted of obstruction of justice and misdemeanor computer intrusion.

How to Improve Anti-Virus Software

Kaspersky Lab researcher Yury Mashevsky offers guidance on improving security.

Study Questions Security of India's Voting Machines

Security researchers have warned that the machines are vulnerable to fraud, and have suggested using a paper trail to verify voting results.

Collaboration Seen as Missing Link in Cybersecurity

An international study highlights a weakness of business and government cybersecurity: the absence of strong communication between public and private sectors.

PCI Council Intros Internal Security Assessors Program

The program will help companies assess their compliance with the PCI DSS standard.

Researchers Breach BitTorrent User Privacy

Security researchers have developed a method of monitoring all content sent and received by BitTorrent users.

Opera Releases Security Update

Version 10.53 patches an 'extremely severe' vulnerability.