Security News: Archive: August 2010

Aging QuickTime Code Poses Security Risk

Wintercore security researcher Ruben Santamarta has identified a vulnerability in a QuickTime plug-in.

3M Buys Biometric Security Firm Cogent Systems

Cogent markets biometric systems to government, law enforcement and business customers.

Indian Security Researcher Released on Bail

Hari Prasad had been arrested on August 21st for the alleged theft of an electronic voting machine.

Hackers Steal $600,000 from Catholic Diocese

The fraud occurred after criminals had stolen the diocese's online banking credentials.

CA Buys Arcot Systems for Cloud Security

Arcot offers both on-premise and cloud-based identity and access management software.

Scammer Indicted for Identity Theft

Iguosade Osahon is accused of stealing more than $500,000 over a three-year period.

Camino Update Patches Security Vulnerabilities

Specific details about the vulnerabilities were not provided.

Pushdo Botnet Disrupted

LastLine researchers recently worked with hosting providers to take down almost 20 servers.

DARPA Targets Insider Security Threats

The new Cyber Insider Threat (CINDER) Program is aimed at improving insider threat detection.

VLC Media Player Gets Security Update

The latest maintenance and security update addresses a Windows issue.

Sophos Warns of Fake Anti-Virus Spam Campaign

The emails contain malicious HTML attachments identified as Troj/JSRedir-CH and Mal/FakeAV-EI.

White House Targets Pharma Spammers

The Obama administration plans to meet with leading domain name registrars to look for ways to crack down on sites selling counterfeit prescription medications.

CA Snares Arcot for Identity Management

The software developer bolsters its security portfolio with the acquisition of Arcot, a provider of cloud-based advanced authentication and fraud prevention applications.

Major Cybercrime Ring Busted in Taiwan and China

A joint operation between the two countries recently busted a major fraud ring.

Hackers Target the Cloud

A recent survey found that 96 percent of IT professionals and hackers polled said the cloud will provide for more hacking opportunities.

Symantec Warns of Internet Security Issues at Airports

A company senior software engineer recently found scareware on an Internet terminal at a UK airport.

One in Four Malware Infections Arrives via USB

According to PandaLabs, 27 percent of all malware infections in the past year came from infected USB hardware.

Top 5 Riskiest Places to Go Online

Traveling for business? Thinking of outsourcing to Russia? AVG compiled data for 144 countries and ranked the safest--and the most dangerous--destinations from which to go online.

Pro-Palestinian Hackers Deface UK Government Site

The front page of the National Skills Academy web site was recently replaced by hacker JaCKal.

Spammers Increasingly Attaching Infected Zip Files

According to IBM's X-Force, there has been a significant increase in malware hidden in .zip files over the past few weeks.

New 64-Bit Windows Rootkit Already 'In The Wild'

An updated rootkit already floating around the Internet may be a new milestone in how to break into Windows.

Security Breach Exposes UConn Applicants Personal Information

More than 10,000 applicants at the University of Connecticut are being notified by school officials that their personal data was exposed earlier this month when a university laptop was stolen.

Adobe Patches Shockwave Security Vulnerabilities

A recently released update repairs 20 flaws.

Thoma Bravo Buys Endpoint Security Firm LANDesk

The transaction is expected to close by late September.

IBM Intros Compliance Management Software

The BigFix Unified Management Software Platform can monitor up to 500,000 machines.

Phishing Attacks Target Car Sales Companies

Symantec is warning of a flood of phishing emails claiming to come from legitimate auto sales brands.

Visa Updates Best Practices for Payment Security

The new guidelines include a mix of technology and process-related advice.

Devastating Military Security Breach Exposed Combat Data

U.S. official confirms a 2008 cyber attack that infected computers used to monitor U.S. combat troops and activities in Iraq and Afghanistan.

Pentagon Acknowledges Security Breach

In 2008, a flash drive was used to infect several a large number of military computers.

Security Vendor Avast Gets $100 Million

The anti-virus firm recently received funding from private equity firm Summit Partners.

Rustock Botnet Blamed for 40 Percent of All Spam

About 1.3 million computers are now infected with Rustock.

Apple Releases Mac OS Security Update

The update patches several vulnerabilities that could lead to arbitrary code execution.

Multiple Security Flaws Remain in UN Web Site

Errata Security's Robert Graham says the site still contains several SQL injection bugs.

Zurich Insurance Fined �2.275 Million for Security Breach

The fine is the largest ever for a data loss.

IBM: Security Vulnerabilities, Unpatched Flaws on the Rise

Big Blue's X-Force security research group paints a bleak picture, noting growth in both reports of vulnerabilities and flaws that lack a vendor-supplied patch.

Malware Targeted South Korean Military Secrets

Files containing military secrets were stolen earlier this year from infected computers.

Spammers Threaten Murder

UK software engineer Charles Anderson recently received spam claiming that the sender had been hired to kill him.

Microsoft Was Warned of DLL Vulnerability a Year Ago

A security hole in the internals of many Windows applications could lead to an unprecedented rewrite of many popular programs.

Baidu Sues Security Firm

The search engine provider is suing 360 for unfair competition.

phpMyAdmin Gets Security Updates

Versions 3.3.5.1 and 2.11.10.1 were recently released, patching several vulnerabilities.

Indian Security Researcher Arrested

Hari Prasad was arrested for refusing to reveal the source of a voting machine on which he exposed several security vulnerabilities.

Hackers Play Pac-Man on Voting Machine

Researchers at the University of Michigan and Princeton University recently hacked a Sequoia AVC Edge voting machine.

ATM Manufacturers Patch Security Flaw

Recent firmware updates patch a vulnerability that was demonstrated at Black Hat Las Vegas.

Security Product Watch, August 24, 2010

Security vendors fare well as Inc. magazine releases its Inc 500/5000 list, which identifies companies across many industries with significant growth.

Security Breach Bill Returns to Schwarzenegger

The bill is a reintroduction of the same measure the California governor vetoed last year.

Cameron Diaz Leads Malware Threats

A search for Diaz's name has a one-in-ten chance of leading to an infected site.

Facebook Defends Privacy Features in New Places Service

Responding to criticism over the privacy settings of its new Places product, Facebook is looking to debunk myths about its foray into location-based services.

Scareware Seeks to Uninstall Anti-Virus Software

AnVi Antivirus tries to trick users into uninstalling legitimate security applications.

Malware May Have Been Involved in Spanair Crash

The airline's central computer system was infected by Trojans, which may have resulted in a failure to raise an alarm.

PS3 Hacked?

OzModChips.com has posted three videos that claim to show a jailbroken PlayStation 3 console.

AVG, MokaFive Partner on Enterprise Security

The companies plan to integrate AVG anti-virus into the MokaFive virtual desktop management suite.

Surge in Chrome, Safari Security Flaws

Cenzic, Inc. reports that both browser exhibited far more vulnerabilities in Q1-Q2 2010 than they did in Q3-Q4 2009.

Moore Warns of Windows Security Flaw

The vulnerability exposes more than 40 Windows applications to remote code execution attacks.

Adobe Releases Acrobat, Reader Security Update

The update addresses a flaw that was recently demonstrated at the Black Hat security conference.

Google Patches Chrome for 11 Flaws and $10K

Google's Chrome browser gets fixes for memory corruption risks as the company's bug bounty program reaps more results.

Genetics Commission Web Site Hacked

The site was recently defaced by Iranian activists.

Military Threat from Hacked Smartphones

Malicious software on smartphones could disclose troop locations and movements.

VLC Media Player Gets Security Update

Version 1.1.3 patches a critical security vulnerability.

Linux Kernel Security Flaw Patched

The critical vulnerability was discovered by ITL researcher Rafal Wojtczuk.

FBI Outsources Cyber Security

The agency recently awarded a five-year cyber security contract to ManTech International Corporation.

Facebook Privacy Flaw Persists

A different response is given to a member's email address with an incorrect password than to an address that's not in Facebook's system.

Justin Bieber Used as Malware Bait

PandaLabs has found more than 200 spoof web addresses using the singer's name to lure victims.

Hackers Launch Attacks via Pirate Bay Clones

A fake site at piratebay.com tries to download malware to users' PCs.

Forsyth Says US Spies Hacked Wife's Laptop

The author of The Day of the Jackal and The Odessa File says his computer was hacked in an attempt to access a story he was writing.

Intel Buys McAfee for $7.7 Billion

Intel acquires security vendor McAfee in an effort to put security wherever Intel silicon is sold.

Clam Anti-Virus for Windows Updated

Version 2.0 is designed to incorporate all the standard AV features expected in any commercial package.

HP to Buy Security Vendor Fortify Software

Terms of the deal were not disclosed.

Disney Sued for Privacy Violations

The company's Internet subsidiary and several of its partners are being sued for using Flash cookies to track user data.

Gartner: Security Software Market to Exceed $16.5 Billion

The research firm says the revenues will represent an 11.3 percent increase from 2009.

Zenprise Adds iPhone, iPad Security Functionality

A MobileManager update adds selective wipe, remote lifeline and profile features.

DOJ Won't File Charges in Webcam Privacy Case

An investigation by the FBI, the local district attorney and local police failed to find criminal intent.

DIY Facebook Malware Kit Digs for Login Credentials

A new do-it-yourself malware kit called Facebook Hacker is extremely easy to use and, according to security experts, particularly adept at snaring passwords for Facebook, as well as other sites.

PacketMotion Eases the Pain of Internal Firewalling

PacketSentry 4.0, the latest version of PacketMotion's flagship product, delivers PCI segmentation capabilities with an agentless, non-line platform.

HP's New Acquisition Aims to 'Fortify' App Development Security

HP buys static analysis vendor Fortify, bolstering its development analysis portfolio and raising the stakes against IBM.

Kaspersky Updates Security Suites

The update adds a tool for cleaning already-infected computers.

Underground Credit Card Processor Hacked

The hackers (and their motive) remain unidentified.

Ruby Update Patches XSS Security Flaw

Version 1.9.1-p430 of the programming language was recently released.

Millions of Network Solutions Sites Hacked

Armorize Technologies says the sites have been serving up malware for months.

Symantec Warns of Android App Privacy Issue

An Android game called Tapsnake can track its users' locations in real time.

Virgin Media to Issue Malware Warnings

The ISP will start encouraging subscribers with infected computers to download free security software.

Five Facebook Privacy Tips

Computerworld's Sharon Gaudin offers five suggestions on how to protect your personal information on Facebook.

QuickTime for Windows Update Patches Security Flaw

Version 7.6.7 resolves a critical vulnerability.

AT&T iPad Hackers Still Being Questioned

Andrew Auernheimer says the group has undergone more than a month of grand jury proceedings so far.

UK's HMRC Warns of Phishing Surge

The department is warning of an increase in tax scam phishing emails.

Researcher Warns of NTLM Security Vulnerability

A 15-year-old vulnerability in NTLM and NTLMv2 is continuing to put organizations at risk.

Spamhaus vs. Latvia

The anti-spam organization and Latvia's top-level domain registry just aren't getting along.

PCI Security Standard to Be Revised

The new version of the PCI DSS will take effect on January 1, 2011.

UK MoD Warns of Threats to Cyber Security

The Ministry of Defense's accounting officer says the department's infrastructure is vulnerable to virtual attacks.

Opera Update Patches Security Flaw

Version 10.61 of the browser patches a high severity vulnerability.

Botnet Targets SSH Servers

The dd_ssh bot is responsible for an increase in targeted SSH attacks.

Nine Steps to Secure Your VoIP

Properly securing your Voice over IP system is a complex process because VoIP is the integration of data and voice into a single network. These tips will help secure your connection.

Android Touchscreen Smudges Weaken Device Security

Researchers have determined that the graphical password system is susceptible to hacking.

Hackers Infiltrate Red Cross Website - Again

For the second time this year, hackers have compromised one of the humanitarian organization's websites with malware that can capture visitors' personal information.

Leading Spammer Jailed in Russia

Leonid "Leo" Aleksandorovich Kuvayev has been imprisoned on multiple child molestation charges.

Demand Media Accused of Hosting Malware

HostExploit ranks the ISP as the worst in the world.

Free Android Anti-Virus App Reaches 2.5 Million Downloads

The product currently includes just 200 signatures, mostly targeting spyware and phishing threats.

Healthcare Industry Leads in Security Breaches

Experts say the high numbers are due to lax handling of data in healthcare databases.

Serious Palm, Android Security Flaws Found

The flaws were discovered by MWR InfoSecurity.

Carder Arrested for Identity Theft, Device Fraud

Horohorin is currently being held in France pending extradition to the US.

Facebook Privacy Flaw Discovered

The bug could give spammers access to every Facebook member's user name and photograph.

Breach Exposes 126K Florida Students' Info

Officials at six community colleges in Florida are notifying more than 126,000 students that their personal information was exposed online after something went amiss during a software upgrade.

Mozilla Looks Ahead to More Secure Firefox

As browsers handle increasingly sophisticated Web apps, Mozilla is taking a hard look at the security and privacy features in its popular Firefox browser.

UK, Kuwait to Collaborate on Cybercrime

The two countries will cooperate on areas including e-crime, human trafficking and drug smuggling.

Germany Bans BlackBerry, iPhone for Security Reasons

German government ministers are being told to use Simko2 devices instead.

Android Trojan Discovered

The first SMS-based Trojan targeting Android devices has been detected in the wild.

Avira Acknowledges Trojan False Alarm

The German security company has admitted that it incorrectly warned of a Trojan in an upcoming security package from competitor BitDefender.

Good Cybersecurity Requires Common Sense

At the USENIX security conference, a vulnerability expert warns against artificial approaches to shoring up information systems, urging firms to put smart security at the core of any IT deployment.

Browser Privacy Modes Lack Privacy

Researchers have found that privacy settings in popular browsers can expose sensitive data.

Malware Attack Steals �675,000 from UK Bank

M86 Security says the attack is still ongoing.

Universities Endanger Students' Privacy

The Privacy Rights Clearinghouse says college students are particularly vulnerable to identity theft.

Privacy Concerns Raised over Tire Pressure Monitors

Unencrypted wireless communications from tire pressure monitoring systems can be intercepted by third parties.

St. Bernard Buys Email Security Firm Red Condor

The deal gives St. Bernard all of Red Condor's assets, along with more than 1,900 customers.

LinuxCon: Exploits Show Why Linux Is Vulnerable

Think Linux is secure? If you're not locking it down properly, you're in for a surprise.

Fighting Insider Fraud

Attachmate Luminet is one of a growing number of enterprise threat management solutions designed specifically to target insider fraud.

Microsoft Tracks Another Zero-Day Vulnerability

Microsoft just patched one zero-day hole in Windows and now it's got a new one to contend with--a buffer overflow flaw in the kernel of all supported versions.

Comcast.net Hacker Gets Jail Time

James Robert Black Jr. was sentenced to four months in prison.

Firefox 4.0 to Add Silent Security Updates

All security updates will be downloaded automatically without requiring a confirmation.

Tektronix Buys Security Software Provider Arbor Networks

The acquisition is expected to close in September.

Accused RBS WorldPay Hacker Extradited to US

Sergei Tsurikov faces a variety of fraud and hacking charges.

Fake Firefox 4.0 Beta Delivers Trojan

Since Mozilla already offers the download for free, something's gotta be wrong.

Teen Cybercrime Forum Admins Arrested

Nicholas Webber and Ryan Thomas are accused of running GhostMarket.net.

VxWorks Security Flaws Found

Two critical vulnerabilities have been uncovered in the operating system.

Phishing Attacks Target UK Mobile Users

The emails ask recipients to confirm their billing information via a compromised web page.

Hackers Infect Google Image Search

Victims are told to update their Adobe PDF viewing software in order to view an image.

Senate Dems Push Data Breach Bill

Latest effort would require enterprises and nonprofits that store sensitive information to tighten security requirements and notify consumers in the event of a data breach.

Hackers Target Payroll Processing Systems

Corporate payroll systems are becoming an increasingly popular target for cyber attacks.

Facebook Adds Mobile Privacy Controls

Users can now adjust their privacy settings from any browser-enabled mobile device.

Japanese Malware Writer Arrested

Masato Nakatsuji is alleged to have created the 'ika-tako' virus.

Elcomsoft Intros iPhone Password Breaker

The software is designed to enable users to access encrypted iPhone data backups.

Cisco Warns of Security Vulnerabilities

Several vulnerabilities have been found in the Firewall Service Module for the Catalyst 6500 Series Switches and 7600 Series Routers.

Alexander Discusses US Cyber Security Threats

The head of the US Cyber Command recently detailed the key threats to US military networks.

Apple Warns of iPhone, iPad, iPod Security Flaw

The company says users shouldn't open PDFs until a patch is released.

UK Police Announce Phishing Arrests

Six people were arrested for running a phishing operation that compromised more than 20,000 bank accounts and credit cards.

Trusteer Uncovers Large UK Botnet

The Zeus 2 botnet currently controls approximately 100,000 PCs.

Sasfis Botnet Prospering

Eight of the top 10 malware variants over the past month were related to the Safsis botnet.

Phishing Attacks Increasingly Target US Banks

Fully 68 percent of all phishing attacks in the finance sector targeted large nationwide banks during the month of June.

DHS Tests Power Plant Security

The Department of Homeland Security is dispatching teams to test power plants for cyber security weaknesses.

Data Breach at Philly Hospital Impacts Thousands

More than 21,000 patients' names, social security numbers and other personal information were compromised after a laptop was stolen at Thomas Jefferson University Hospital in Philadelphia.

Inside Mozilla's Firefox 4 Security

Firefox 4 will include new security features that Mozilla says will help to make it the most secure browser it's ever released.

TippingPoint Announces Zero Day Deadline

Software vendors will now have six months to patch vulnerabilities disclosed by the Zero Day Initiative.

Google Fixes Audio CAPTCHA Security Flaw

The flaw enabled anyone to pass a CAPTCHA test by typing in any 10 words as a response.

DOE Warns of Energy Grid Security Issues

A Department of Energy report says the US is leaving its energy infrastructure open to attack.

GPGMail Email Security Updated

Version 1.3.0 adds support for Mac OS X 10.6.

Forrester OKs iPhone, iPad Security

The research firm says the iPhone's operating system is now secure enough for enterprise deployments.

Centrify Intros Free Security Apps

The new Centrify Express offering provides a subset of the functionality of the company's Centrify Suite.

What's Next for Metasploit?

Metasploit founder HD Moore details where the open source vulnerability framework is headed and why maintaining the open source base in Linux is tougher than Windows.

TCS Acknowledges Security Breach

A laptop containing sensitive data was lost in an airport on June 10, 2010.

Hackers Demo Android Rootkit

The rootkit can gain access to Android devices either through unpatched vulnerabilities or by masquerading as a legitimate app.

Mumba Botnet Discovered

The new botnet has already collected at least 60 GB of data from 55,000 computers.

Fake 'Salt' Delivers Malware

Malicious files posing as the recent Angelina Jolie film are now available on file sharing networks.

Texas Bank Blamed for Security Breach

Hi-Line Supply says Community Bank should have noticed that something was wrong.

Project Vigilant: Hackers Wanted

The organization currently has around 600 members, including CTOs and former spies.

Should Vendors Offer Rewards for Security Research?

The debate rages on as software and hardware vendors take different stances on whether to pay cash rewards to security researchers who uncover vulnerabilities.

Most Think Cyber Espionage Is Acceptable: Security Report

Security software vendor Sophos' midyear Security Threat Report uncovers users' cavalier attitude about cyber warfare.

Roesch Attacks Suricata Security Tool

Although the Snort developer first welcomed the arrival of Suricata, he's since changed his tune.

Firefox 4.0 Promises Improved Security

A wide range of security enhancements are planned for the latest version of the browser.

UK Announces Cyber Security Challenge's First Winner

Paul Mutton was the first to crack the code.

Security Vulnerability Award Winners Announced

The winners of the 2010 Pwnie Awards were recently announced at the Black Hat conference.

Companies Fail DefCon Social Engineering Security Test

DefCon contest proves your company's greatest security weakness is likely loose-lipped employees who can be scammed into revealing sensitive data more easily than you might think.

McAfee Buys Mobile Security Company tenCube

The acquisition follows McAfee's recent purchase of Trust Digital.

Free Starcraft 2 Delivers Malware

Webroot's Andrew Brandt says many pirated version of the game come with 'a side dish of malware.'