PowerPoint zero-day / Phishers beat bank tokens / Networking helps hackers
New PowerPoint hole used in cyber attacksA previously unknown vulnerability in Microsoft's PowerPoint has been used in a an email attack, security firm Symantec reports. -
CNET News.comIT security rides offshore outsourcing waveA survey shows that the offshore outsourcing of IT security functions in U.S. corporations have increased significantly over the last year. -
CNET News.comMicrosoft confirms PowerPoint zero-day attackMicrosoft confirms reports from security firm Symantec about a zero-day exploit in PowerPoint that was used in an email attack. -
eWEEKMost CFOs harbor security concernsMost Chief Financial Officers rank IT security as their top concern, as they fear the humiliation of data theft incidents, survey shows. -
eWEEKMarkle suggests ways info sharing, security can coexistA U.S. report suggests that it is possible to increase information sharing between agencies and still protect civil liberties. -
Federal Computer WeekOMB tightens IT security incident rulesThe U.S. Office of Management and Budget now requires federal agencies to report incidents involving data theft much sooner than before. -
Government Computer NewsCisco discloses critical IPS vulnerabilityCisco having already disclosed two other vulnerabilities this week now adds a critical flaw in its Intrusion Prevention System. -
InformationWeekState Department releases detail of computer system attacksAccording to the U.S. State Department no sensitive information was compromised during the recent attacks against its computer systems. -
InformationWeek
Phishers try to best banks' authenticationSecurity experts have detected about 35 websites set up to circumvent the two-factor authentication with tokens used by some banks. -
InfoWorldOhio University CIO resigns in wake of data breachesThe CIO of Ohio University has resigned after a data breach that has compromised personal information of tens of thousands students and alumni. -
ComputerworldDHS finds RFID seriously flawed for border securityThe U.S. Department of Homeland Security has found serious flaws in the RFID system used in the US-VISIT system that could result in unauthorized access to a government database. -
InternetWeek.comCybercrooks turn to multipronged hacksApple may not be ready for the changes underway in computer attacks, where vulnerable software of all kinds and not just Windows is become a target. -
NewsFactorMan-in-the-middle attack on Citibank users concerns expertsThe use of man-in-the-middle tactics in a recent phishing attack against Citibank raises concerns among security experts. -
SC Magazine UK/USTrojans account for over half of all malwareAntivirus firma Panda Labs reports that more than 54 percent of all new malware in the last quarter was trojans. -
SC Magazine UK/USNetworking sites could help hackersPersonal information put on professional social networking sites could provide a hacker with enough for social engineering attacks. -
The RegisterPeer loses cybercrime fightAttempts have failed to amend a new british law to prevent IT professionals from also being hit with a ban on releasing tools that can be used for hacking. -
ZDNet UK
Israeli websites attacked / Excel still vulnerable / Two-factor under attack
IBM sued over hacked email serverA Washington D.C. lawfirm has sued IBM claiming that an IBM employed was behind an attack on the lawfirm's email server. -
CIO MagazineVeterans Affairs faulted in data theftA report from the inspector general points to a series of missteps within the Department of Veterans Affairs that led to the theft of data. -
CNET News.comAdobe fixes PDF Reader flawsAdobe has patched two security flaws in its Adobe Acrobat and Reader software. -
CNET News.com"Putin death" trojan unleashedA new trojan spreading through email attempts to lure users with a fake news story about the death of russian president Vladimir Putin. -
Computer WeeklySeven keys for complete message securityIt is not easy to implement encryption of all messages in a corporation, without doing some forethought. -
ComputerworldMicrosoft research automates hunt for search engine spamMicrosoft is readying its Strider software tool to help combat spamming of search engines and weblogs. -
eWEEKCritical Excel flaws remain unpatchedSecurity researchers warn that even after Microsofts patches for its Office suite earlier this week, at least two critical flaws remain unpatched in Excel. -
eWEEKA year later, still no DHS cybersecurity chiefThe position as cybersecurity chief at the U.S. Department of Homeland Security is still vacant after a year. -
Federal Computer Week
Army close to full PKI implementationThe U.S. Army is close to completing its implementation of a public key encryption infrastructure. -
Government Computer NewsState investigating cyberintrusionThe U.S. State Department is investigating what could turn out to have been a major attack against its network. -
Government Computer News
State Department hack escalates federal data insecurityThe attack against the U.S. State Department is worse than the theft of a laptop, Gartner analyst warns. -
InformationWeekVoice and VoIP phishing scams on the riseVoIP gives the scammers the anonymity they need to carry out their operations, security experts warn. -
InformationWeekResearcher to show code for 'wormable' Windows flawThe developer of the Metasploit hacking tool, HD Moore, claims to be just weeks away from demonstrating code that exploits a vulnerability in Windows that Microsoft fixed this week. -
InfoWorldSuper firewall aims to stop DDoSEuropean researchers are working on a firewall technology that could stop distributed denial of service attacks from causing damage. -
InfoWorldCisco details new VoIP, router vulnerabilitiesNetwork equipment giant Cisco has disclosed a number of vulnerabilities in CallManager and the web-based interface for its routers. -
InternetWeek.comSpam ratios on the riseThe ratio of spam to legitimate email is rising, warns security firm MessageLabs. -
NewsFactorIsraeli websites attackedThe fighting between Israel and Lebanon has apparently been taken into cyberspace leading to attacks against Israeli websites. -
Red HerringCSI/FBI: Security losses downThe FBI and the Cybersecurity Institute reports that the number of attacks and the losses from these attacks are down from last year. -
TechWebDebian organisation server hackedThe Debian Linux organisation's gluck server has been hacked resulting in a shut down of multiple services used by developers. -
The InquirerPhishers rip into two-factor authenticationA recent phishing attack using a man-in-the-middle strategy shows that two-factor authentication is no silver bullet against phishing. -
The RegisterPhishers crack two-factor authenticationSecurity researchers warns about an attack against Citibank's two-factor authentication system using man-in-the-middle tactics. -
Vnunet.comMobiles set for key role in card authenticationCellular phones are well suited to be used to authenticate financial transactions. -
Vnunet.comNew worm targets virus researchersA new piece of malware is targetting a popular reverse engineering tool used by security and virus researchers. -
Vnunet.com
Microsoft plugs wormhole / State Dept. hacked / Lax policy blamed in VA loss
Hacker to fight US extradictionGary McKinnon is prepared to take his case all the way to the European Court of Human Rights if necessary to fight the UK decision to extradite him to the US. -
BBC NewsTwo-factor too scarce at consumer banksFar too many online banking solutions targeted at consumers do not use adequate security measures. -
CIO MagazineMicrosoft plugs wormhole in WindowsMicrosoft has issued security patches for 18 vulnerabilities in Windows and Office, some of which could be exploited by a network worm. -
CNET News.com
State department investigating computer anomaliesThe U.S. State Department is investigating an anomalie that has been reported as a large scale break-in on its computer network. -
ReutersHackers target State Department computersHackers may have breached security at U.S. State Department's main office and regional offices, according to reports. - AP/
CNN.comPatchwork policy can't protect data: VA IGA security policy that was fragmented across different departments is partly to blame for the risk of compromising personal data that hit the Veterans Affairs Dept. last month. -
Government Computer NewsDefense: Government was out to get UBSThe defense for the former UBS system administrator, who is on trial for planting a logic bomb on the company's systems, said that his client has been framed by the government. -
InformationWeekHigh prison time for Shadowcrew culpritAnother member of the ID theft gang Shadowcrew has been sentenced to 90 months in prison. -
Internetnews.comSecurity experts Google for malicious sitesGoogle has begun indexing binary files on websites, and security experts have figured out how to use this feature to find websites containing malicious code. -
InternetWeek.comInvestigators faults VA, employee for data lossThe employee, who took the laptop containing personal information home, showed poor judgement, investigators say. His supervisors are also to blame for lax policies. - AP/
MSNBC
Mobile users face knotty security issuesThe recent incidents of data loss from lost mobile devices may indicate that network executives are using trial and error to find the best security for mobile users. -
Network World FusionGordon Brown sets up ID fraud taskforceA new U.K. taskforce is being set up to explore future identity management systems and their possible use in private and public sectors. -
Silicon.comEmails probed in 'Cash for honours' swoopForensic software is now being used to dig out deleted emails in the ongoing investigation about loans to members of the Labour Party in the U.K. -
Silicon.comAnti-Cyber Terrorism spending to reach $6.3bnFederal and corporate spending on measures against cyber terrorism will climb to $6.3 billion in 2011, market research firm estimates. -
TechWebOutsourced data must be protected, says privacy chiefEven if a data breach happens at a third party facility as part of an outsourcing deal, the company that has outsourced the task is still responsible. -
The RegisterSmall businesses risk data lossMany one person business do not backup vital financial or other business related information, even though this information resides on a single computer. -
Vnunet.comMalware writers turn to zero-hour virusesVirus writers are switching from large scale attacks to smaller attacks using zero-hour exploits to avoid detection. -
Vnunet.com
Hacker spawns a french WatergateA hacking into a bank in Luxembourg is becoming a central piece of a large scandal in France, as the bank records were apparently modified to implicate politicians, celebrities. -
Wired News
Support ends for Windows 98 / Vishing joins phishing / Boffins tackle DoS attacks
Microsoft shuts down Windows 98Microsoft is now ending its technical support for Windows 98, Windows 98 SE, and Windows ME. The software is still being used by an estimated 70 million people. See also:
Windows 98 offers history lessons -
BBC NewsCritical flaws found in Excel, Flash PlayerThe french security response team, FrSIRT, has issued a warning against flaws found in Excel and Macromedia Flash Player. -
Computer WeeklyMicrosoft to show off Vista at Hack in the Box conferenceThe asian hacker conference will get an inside look at the new security features of Windows Vista. -
Computerworld
Prosecutors: UBS sysadmin believed "he had created the perfect crime"In closing arguments the prosecution in the case against a former system administrator for UBS, who allegedly planted a logic bomb on the systems, said the man believed he had created the perfect crime. -
InformationWeekSecurity chiefs talk trends, risksThree heads of security businesses discuss why it is so hard to secure a laptop against theft. -
InfoWorldVishing joins phishing as security threatSecurity experts warns that internet criminals have picked up VoIP as a new tool to scam people of money or personal information. -
Internetnews.comZango adware found on MySpaceA developer at adware company Zango, formerly 180solutions, created profiles on MySpace with the intent to persuade users to install the Zango software. -
InternetWeek.comIT security spending to grow significantlyA survey conducted by
Accenture indicates that security professionals in U.S., India, and China expect to spend more on security technology than last year. -
SC Magazine UK/USSophos discovers PoC-virus targeting research toolAntivirus firm
Sophos warns that it has found a proof-of-concept virus that targets reverse engineering tool Interactive Disassembler Pro. -
SC Magazine UK/USPersonal info of 100k sailors, Marines posted to public siteDue to a programming error the personal information of 100.000 U.S. Navy personnel ended up on a publicly available website. -
SC Magazine UK/USRogue dialer crackdown targets network providersThe U.K. governing body Icstis that oversees premium phone services is to provide a strict set of guidelines for network operators to prevent rogue dialers and other scams. -
Silicon.com
MSSP Catbird battles pharming menaceThe managed security service provider has launched a network to detect pharming attacks against its customers' networks. -
CRNEuropean boffins tackle DoS attacksA team of european computer scientists and internet service providers have designed a new defense that may prevent broadband connections from being used in denial-of-service attacks. -
Vnunet.comPhishers target Google Gmail usersSecurity experts warn that phishers are targeting users of
Googles Gmail service, luring them with prizes in a fake lottery. -
Vnunet.comMobile security in poor healthCompanies are nervous about losing data from mobile devices which in turn hampers the rollout of mobile devices. -
Vnunet.comCrazy-long hacker sentence upheldA federal court has upheld a nine years prison sentence over a hacker who tried but failed to steal credit card information using a insecure wireless network at a local hardware store. -
Wired News
US Navy probes breach / ISPs to lock out file-sharers / Teens put PCs at risk
McAfee ready to take on MicrosoftAntivirus firm
McAfee believes that it will be able to stay ahead and not be threatened by
Microsoft entering the antivirus market. -
CIO MagazineFBI plans new net-tapping pushThe FBI is trying to pass legislation that will require Internet service providers (ISP) to create hubs for police surveillance and require makers of networking gear to create backdoors. -
CNET News.comGoogle search finds widespread malicious codeSecurity firm
Websense warns that searches for malicious executables on
Google has turned up a large number of results from forums and personal webpages. -
Computer WeeklyUS Navy probes data security breachThe US Navy is investigating how data containing personal information about 100.000 personnel was stolen and posted to a website recently. -
Computer WeeklyVisa, MasterCard to unveil new security rulesVisa and MasterCard will within the next two months unveil new security rules for all organisations that handles credit card data. -
ComputerworldADP gave shareholder data to 'unauthorized party'Payroll services provider ADP says that the company gave information about shareholders to an unauthorized party that impersonated numerous corporate offices. - Reuters/
ComputerworldDOD gets a handle on top-secret contentThe U.S. Department of Defense had to develop a new way to share top-secret information between various systems, this case study shows. -
eWEEKIG: U.S. Visist RFID needs better security controlsThe U.S. Department of Homeland Security have since New Year issued almost 150.000 I-94 forms to foreign visitors with embedded RFID-tags. The system needs better procetion, inspector general concludes. -
Government Computer NewsData brokers draw increased scrutinyLegislators wants to take a closer look at the fast-growing industry that deals in trading with consumer data. -
InformationWeekGuidelines to enable UK spam data sharingThe University of Cambridge has defined a set of guidelines for exchange of spam information between U.K. Internet service providers to combat spam based on traffic patterns. -
InfoWorldPhishers tap VoIP in new scamPhishers are using cheap VoIP telephone numbers to practice a new form of phishing, where the user is fooled into giving out sensitive information over the phone. -
InfoWorld
InformationWeek Global Security Survey 2006InformationWeek has conducted its ninth annual security survey. Among the findings is that 48 percent of it-managers say that security is their top challenge. -
InternetWeek.comRetailers fail to pass security testOne year after the deadline for compliance with the Payment Card Industry (PCI) standard, a large number of big merchants still fails to comply. -
Network World FusionISPs urged to lock out file-sharersThe british recording industry now urges Internet service providers (ISPs) to lock out alleged file-sharers. -
ReutersEuro teens put PCs at risk of viruses and hackingA survey by antivirus firm
McAfee indicates that european teenagers ignores the security risks when using file-sharing services like Kazaa. -
SC Magazine UK/USResearchers look to predict software flawsResearchers at
Colorado State University attempt to build models that will be able to predict possible flaws in new software based on historical data. -
The RegisterWhy do laptops schlep such data?There is no good business reason for carrying sensitive information around on laptops that is in risk of being stolen, but it still happens frequently. - AP/
Wired NewsFraud buck will stop with network operatorsFraudsters profiting from premium phone services by spreading rogue dialers are about to get a harder time making their schemes work. Regulators wish to force network operators to check contractors' backgrounds more throughly. -
ZDNet UK
