Security Hero Rotating Header Image

Google

September

Huge uptick in spam-borne malware since mid-September

The amount of the amount of spam containing malware increased ninefold during September over the previous month, according to Symantec.

URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/jKwGl-9DyV0/

Cyber Wiki page planned

Cyber Wiki page planned

The U.S. Department of Homeland Security intends to contract with WiiKno, a Texas-based knowledge management solutions provider, to create a Wiki page for the agency that will be used to share information among the National Cyber Security Center and its six federal cybersecurity centers, according to a notice posted this week on the Federal Business Opportunities website. The Wiki page will offer a “development platform for improved situational awareness” for communication and collaboration related to national cybersecurity plans. ˇX DK

URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/vOtdnYeB8xA/

A rise in cybercrime hits SMBs

A rise in cybercrime hits SMBs

Forty four percent of U.S. SMBs have been hit by some form of cybercrime and 10 percent were hit so bad that they had to stop production, according to a survey from Panda Security.

URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/94koVN-33Lg/

cross site scripting the browser google “chrome”

Bugtraq: cross site scripting the browser google “chrome”

cross site scripting the browser google "chrome"

URL: http://www.securityfocus.com/archive/1/505290

EMC Documentum IRM

EMC Documentum IRM

EMC Documentum Information Rights Management (IRM) encrypts and persistently protects documents from unauthorized viewing, copying and printing, regardless of where the document physically resides.

URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/u3LKnkRqVIk/

I wouldn’t trust Google with my personal info

I wouldnˇ¦t trust Google with my personal info

David Davis, Conservative MP for Haltemprice & Howden, has an op-ed in The Times that begins:

When I read in the pages of this newspaper this month that the Conservative Party was planning to transfer peopleˇ¦s health data to Google, my heart sank. The policy described was so naive I …

URL: http://www.pogowasright.org/?p=2241

Major spam campaign abusing Yahoo Groups

Major spam campaign abusing Yahoo Groups

About one million spam emails per hour are being sent to Yahoo Groups and other free web services, including Google Groups and LiveJournal, containing bogus pharmaceutical advertising content.

URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/Hhgm3VDE7z4/

Protect yourself from business partners

Protect yourself from business partners

Corporate and public-sector organizations are working with more business partners than ever before — and the number will continue to grow. Outsourcing, offshoring, supply-chain management, workflow management, value chains and emerging markets: These each signal a warning to information security managers.

URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/EZNfbwSyfQ4/

The 5-step guide to fixing almost any PC problem

The 5-step guide to fixing almost any PC problem

Troubleshooting is curious skill. It’s part detective work, part methodical experimentation and part inspired guesswork, and part Zen Buddhism. That’s a lot of parts but you need them all to be able to sift through a list of symptoms, identify the fault, work out an appropriate remedy and not go barking mad in the process.

Knowing how computers work is also handy, but it isn’t enough by itself and it’s much less important than you may think, now that all human knowledge is just a Google search away. Knowing the answers is all very well but the real art is asking the right questions. See what I mean about the Zen?

So I’m not going to give you a fish. I’m not even going to teach you how to fish. I’m going to build you a stinking trawler. Theoretically this ought to put me out of a job but in practice, the well of human stupidity seems to replenish itself far faster than I can pump it out, so there’s no need to worry on my behalf.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31539

Why Karma Matters

Microsoft Silverlight vs Google Wave: Why Karma Matters

Inevitable comparisons are made between the hugely enthusiastic developer response (including from us at Zoho) to Google Wave yesterday with the relatively tepid reponse to Microsoft’s new search engine Bing. The real interesting contrast to us, as independent software developers, is the way developers responded to Silverlight as opposed to the reaction yesterday to Google Wave. Both Silverlight and Wave are aimed at taking the internet experience to the next level. To be perfectly honest, Silverlight is a great piece of technology. Google Wave, as yet, is not much more than a concept and an announcement.

It is easy to dismiss all this with “Oh, the press just loves to hype everything Google, and loves to hate Microsoft,” but that cannot explain why even competitors like us are willing to embrace Google’s innovations, but stay away from perfectly good innovations from Microsoft, such as Silverlight?

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31537

Mass Injection Compromises More than Twenty-Thousand Web Sites

Malicious Web Site / Malicious Code: Mass Injection Compromises More than Twenty-Thousand Web Sites

Websense Security Labs™ Threatseeker™ Network has detected that a large compromise of legitimate Web sites is currently taking place around the globe. Thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site. The active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com), which provides statistical services to Web sites.

This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.

Screeenshot of injected code in an injected site:

 

The exploit site is laden with various attacks. After successful exploitation, a malicious file is run on the exploited computer. The executed malware file has a very low AV detection rate.

Websense® Messaging and Websense Web Security customers are protected against this attack.

URL: http://securitylabs.websense.com/content/Alerts/3405.aspx

Its summer…Do you know what your kids are doing?, (Fri, May 29th)

Its summer…Do you know what your kids are doing?, (Fri, May 29th)

School is over or about to be over for many kids. With that comes many families whose parents work and kids will be left at home to relax and enjoy their summer vacation. This means alot of free time and an internet out there just waiting to be explored. Everyone is aware of the need to keep your kids safe while on the internet. But in some cases, there is a need to keep the internet and others safe from your kids. Let me explain that last comment. Kids with too much time on their hands get into trouble. You hear about it all the time on the news with kids getting into trouble with things such as vandalism, stealing,etc. What about kids getting into trouble on the internet?
Do a google search on the phrase teenage hacker and see what comes up. Kids are curious and learn fast. The internet can become a playground for them to explore and test out cool new programs and tools they find on the internet or write themselves. Chat rooms are available where kids can learn many things from others and want to try them for themselves. They can also get pulled into the wrong crowd on the internet and get in way over their heads fast. They may not even see anything wrong with it, its just computers after all.
Most of the filtering technology today focuses on web traffic. What are your kids looking at on the web. That is a good thing, but there are many other ports and protocols available and nothing watching them. Would you know if your child was running a botnet? Stealing credit card numbers? Hacking into websites? Its not a game and there are real consequences to it, even sometimes when the intent may have been to do good.Here are some recent examples:
Nineteen-year-old Dmitriy Guzner from New Jersey was part of an underground hacking group named ‘Anonymous’ that targeted the church with several attacks. He could face ten years in prison on computer hacking charges and is due to be sentenced on August 24. http://www.securecomputing.net.au/News/144850,teenage-hacker-pleads-guilty-to-church-of-scientology-cyber-attacks.aspx

Twitter has announced a review into four worm attacks on the site as a teenage hacker admits he could be jailed for his role in the stunt. http://news.sky.com/skynews/Home/Technology/Twitter-Worm-Attack-Biz-Stone-Announces-Review-As-Teenage-Hacker-Michael-Mooney-Speaks-Out/Article/200904215261579
A teenage hacker whose campaign to expose holes in Internet security sparked an FBI investigation was being sentenced in court today. http://www.independent.co.uk/news/business/news/teenage-hacker-to-be-sentenced-for-internet-crusade-676871.html

As parents, we need to also talk to our kids about the other dangers that are on the internet. Dangers such as hacking, virus making, botnet creation, stealing, etc. You may think your child is doing nothing but sitting on a computer playing. But keep in mind that computer on the internet is a portal to a whole nother world.

URL: http://isc.sans.org/diary.php?storyid=6490&rss

Nonprofit releases security configuration standards for iPhone

Nonprofit releases security configuration standards for iPhone

Organizations issuing iPhones to their employers can now apply security configuration best practices, which were introduced this week by the Center for Internet Security.


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/_97AOURFipo/

Nonprofit releases security configuration standards for iPhone

Nonprofit releases security configuration standards for iPhone

Organizations issuing iPhones to their employers can now apply security best practices, which were introduced this week by the Center for Internet Security.


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/_97AOURFipo/

VMware fixes security bugs

VMware fixes security bugs

VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based virtual machines. Another vulnerability identified by VMware could have enabled an attacker to execute arbitrary code. ˇX CAM


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/ExodS3v11PI/