Digital Underground
October 15, 2009, 8:02 AM

Zeus Trojan Part of New Outlook Web Access Phishing Scam

By Dennis Fisher

The attackers behind the Zeus Trojan have unleashed a new phishing scam that is specifically targeted at users of the popular corporate webmail tool Outlook Web Access. The phishing emails include the recipient's actual email address and appear to be an update to the OWA application.   More »

  • Comment
October 14, 2009, 11:31 AM

Virginia Loses Records for 103,000 Adult Education Students

By Dennis Fisher

The parade of large-scale data losses is continuing unabated. The latest incident involves an unencrypted Flash drive containing the personal information of more than 100,000 adult education students in Virginia.   More »

  • Comment
October 14, 2009, 6:50 AM

Adobe Ships 29 Patches for Reader and Acrobat

By Dennis Fisher

On the same day that Microsoft unleashed a torrent of 34 patches on its customer base, Adobe on Tuesday published patches for 29 vulnerabilities in its Acrobat and Reader products as part of its new quarterly patch release program.   More »

  • Comment
October 13, 2009, 6:33 AM

Google to Provide Samples of Malicious Code to Webmasters

By Dennis Fisher

Google is making a significant change in the way that it handles legitimate sites that have been compromised and are serving up malware. The search giant announced Monday that it will now provide webmasters with specific examples of the malicious code that was used to compromise their sites.   More »

  • Comment
October 6, 2009, 1:06 PM

Malware Economy is Thriving

By Dennis Fisher

TORONTO -- The legitimate economy may be in rough shape right now, but the same cannot be said for the underground economy. Malware authors and botmasters are thriving, experts say, with some online criminals charging as much as $3,500 for their attack toolkits.   More »

  • Comment
October 6, 2009, 10:06 AM

The Reality Behind SQL Injection Attacks

By Dennis Fisher

TORONTO -- The frequency and scope of SQL injection attacks has exploded in the last year or two, with thousands of legitimate Web sites having been compromised and used to serve malware or further Web exploits. That's the bad news. The good news is that there are some remarkably effective techniques that security professionals can use to identify and recover from these attacks.   More »

  • Comment
October 2, 2009, 8:11 AM

DHS Wants You: 1,000 Security Jobs to Be Filled

By Dennis Fisher

The Department of Homeland Security is planning a major hiring spree, looking to fill as many as 1,000 cybersecurity positions over the course of the next three years. The department announced the new initiative Thursday, marking DHS's first real push to hire a large number of information security experts.   More »

  • Comment
October 1, 2009, 6:38 AM

Mozilla Releases Preview Builds of Firefox with Content Security Policy

By Dennis Fisher

Mozilla has released a preview build of Firefox that includes its new Content Security Policy specification, a framework that's designed to enable site owners to protect against common Web-based attacks.   More »

  • Comment
September 30, 2009, 10:24 AM

Researcher Publishes Valid Wildcard SSL Certificate

By Dennis Fisher

In the wake of Moxie Marlinspike's SSL talk at Black Hat this summer, another security researcher has used the technique described in the talk to create and publish a valid wildcard certificate and private key that could be used to fool browsers into believing a site is legitimate when it is in fact a fake.   More »

  • Comment
September 30, 2009, 8:02 AM

Hackers Using Custom Trojans to Hide Online Bank Thefts

By Dennis Fisher

Online criminal gangs have begun using special malware that enables them to hide the amount of money that they're stealing from victims' online banking accounts, helping them evade detection for longer periods of time and extend the effectiveness of their crime sprees.   More »

  • Comment
September 29, 2009, 11:22 AM

Researchers Show Break in Secure Data Storage System

By Dennis Fisher

A team of computer scientists from several universities has devised an attack that is capable of reconstructing the so-called vanishing data objects created by a system called Vanish, which was designed to create secure data objects that would expire after a set time and could never be recreated.   More »

  • Comment
September 29, 2009, 8:01 AM

SMBs, Non-Profits New Targets of Choice for Attackers

By Dennis Fisher

Large enterprises and consumers have been dealing with sophisticated phishing scams, online extortion plots and other assorted theft schemes for years, but now attackers are turning their attention to the huge population of small businesses and non-profits in the U.S. And they are finding a gold mine.   More »

  • Comment

Blogger Bio

About Digital Underground

Veteran security reporter Dennis Fisher writes the Digital Underground blog on Threatpost. He previously served as executive editor of the Security Media Group at TechTarget and news editor of eWeek magazine and has been covering security for nearly 10 years. On Digital Underground, Dennis delivers insightful analysis, fast-breaking industry news and in-depth features.
Contact Dennis

 

more

Stay Connected