Overflow
October 15, 2009, 8:53 AM

Six Years, 400 Bulletins, 745 Vulnerabilities

By Ryan Naraine

Since moving to a monthly schedule in October 2003, Microsoft has released about 400 security bulletins based on an informal count of releases in its bulletin archives. The bulletins address about 745 vulnerabilities across almost every Microsoft product.

About 230, or more than half of the bulletins, addressed security vulnerabilities that were described by Microsoft as "critical." This definition is what Microsoft typically uses for vulnerabilities that allow attackers to take full administrative control of a system from a remote location. Read the full story [Jaikumar Vijayan/Computerworld]   More »

  • Comment
October 15, 2009, 8:50 AM

Study: Only 4% of Corporate IT Users Stick to Password Rules

By Ryan Naraine

Just 4% of users of corporate systems abide by IT security policies, even when that system handles very sensitive private information according to an academic survey [pdf] that has revealed humans to be the main flaw in any security system.

Researchers at the University of Wisconsin-Madison and  IT University, Copenhagen found that just 4% of the people surveyed obey best practice rules for passwords. The rest use the same passwords for different systems or use words that appear in the dictionary or write their passwords down on post-it notes beside the computer.  Read the full story [out-law.com]   More »

  • Comment
October 15, 2009, 7:09 AM

Microsoft Finally Shuts Door on ATL Bugs

By Ryan Naraine

Computerworld's Gregg Keizer brings word that this week's record-setting batch of patches from Microsoft actually closed the book on the vexing ATL code library issues that first surfaced in July 2009.

Keizer quotes Ryan Smith, one of the hackers credited with discovering the flaw, as saying that the latest Microsoft Office updates shut the door on the last big attack vector for the ATL vulnerability.  Read the full story [computerworld.com]   More »

  • Comment
October 14, 2009, 1:48 PM

New Koobface Campaign Spoofs Adobe's Flash Updater

By Ryan Naraine

The botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake YouTube page.  Read the full story [zdnet.com/Dancho Danchev]   More »

  • Comment
October 14, 2009, 7:23 AM

Phishing Attacks Continue to Evolve

By Dennis Fisher

Antispam vendors, browser makers and Internet service providers have been on the front lines in the battle to contain phishing attacks, but the cybercriminals behind phishing campaigns are getting savvy at defeating technologies and tricking victims into giving up their credentials and other data. Read the full story [SearchSecurity.com].   More »

  • Comment
October 9, 2009, 9:18 AM

Comcast Alerts Customers to PC Infections

By Ryan Naraine

CNet's Elinor Mills has the scoop on a Comcast trial of a new automated service that will warn broadband customers of possible virus infections, if the computers are behaving as if they have been compromised by malware.

For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus taking control of the system and using it to send spam as part of a botnet.  Read the full story [CNet]  Also see this call by a Google executive for ISPs to take the lead on botnet cleanup.   More »

  • Comment
October 9, 2009, 8:37 AM

Analysis: Phishing Arrests Highlight Massive Problem

By Ryan Naraine

The massive phishing scam broken up by federal authorities this week is only a hint at what many say is an insidious and growing problem on the Internet. The bust, dubbed Operation Phish Phry, was described by the FBI as the largest ever cyber-crime investigation and they held it up as a shining example of international cooperation in the realm of cybersecurity.

But as important and impressive as it was, the arrests barely scratch the surface of the phishing problem, according to several who have been tracking the issue for years.  Read the full story [IDG News Service/Jaikumar Vijayan]   More »

  • Comment
October 9, 2009, 8:31 AM

Botnet Caught Red Handed Stealing From Google

By Ryan Naraine

A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks.

According to researchers at Click Forensics, computers that are part of the so-called Bahama Botnet are infected with malware that sends them to counterfeit search pages instead of the real thing. They look authentic, and with the help of DNS poisoning routines, they even display google.com yahoo.com or bing.com in the address bar.  Read the full story [The Register/Dan Goodin]   More »

  • Comment
October 9, 2009, 8:20 AM

The Malware Cash Factory

By Ryan Naraine

Over on our sister site Viruslist.com, researchers Sergey Golovanov and Igor Soumenkov have published an article that studies a single spam e-mail and  illustrates the methods used by cyber criminals to create botnets and conduct mass spam mailings. The methods and techniques used are clearly illegal in nature and have a single aim: to make cyber criminals rich.  Read the full story [viruslist.com]
   More »

  • Comment
October 9, 2009, 6:34 AM

Cyberthieves Find Workplace Networks Are Easy Pickings

By Ryan Naraine

In a feature article in USAToday, Byron Acohido writes about porous and difficult to defend workplace networks that provide a haven for professional cybercrimals.

Acohido writes: "Overly complex IT systems are producing endless opportunities for cyberthieves, who need only to master simple hacking techniques to get their hands on sensitive data. The result: Data breaches continue to plague companies, hospitals, universities and government agencies — any entity that collects data and conducts business on a digital network."  Read the full story.   More »

  • Comment
October 9, 2009, 6:22 AM

Fake AV (Scareware) Overwhelming Security Scanners

By Ryan Naraine

Fake antivirus programs are multiplying at such a rate they could start to overwhelm the detection capabilities of signature-based scanners, the latest figures [pdf] from the Anti-Phishing Working Group (APWG) have hinted.

Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008.  Read the full story [Techworld/John Dunn]   More »

  • Comment
October 8, 2009, 7:48 AM

Operation Phish Phry Nets 100 Cyber Criminals

By Ryan Naraine

The largest number of defendants ever charged in a cyber-crime case have been indicted in a multinational investigation conducted in the United States and Egypt that uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was used to defraud American banks.

Authorities in several United States cities arrested 33 of 53 defendants named in an indictment returned last week by a federal grand jury in Los Angeles. Several defendants charged in the indictment are being sought this morning by law enforcement. Additionally, authorities in Egypt have charged 47 defendants linked to the phishing scheme.  Read the full FBI statement [fbi.gov]   More »

  • Comment

Blogger Bio

About Overflow

A mix of news and aggregation about hackers and crackers from the Threatpost staff.

 

more

Stay Connected