Attackers Targeting .Edu Sites in SEO Poisoning Campaigns

Having mastered the art of poisoning search engine results for .com sites, attackers are now turning their attention to .edu sites, linking their keyword campaigns to educational institutions as a way of lending their malicious sites more credence in the eyes of Google.

It’s The Adversaries Who Are Advanced And Persistent

By Scott Crawford & Nick SelbyThere has been much talk recently about the “Advanced Persistent Threat.” According to Richard Bejtlich [1] and others, the term originated with the US Air Force around 2006, which explains why Bejtlich and others with an Air Force pedigree, such as Mandiant founder Kevin Mandia, have made much of the term.

Lessons Learned From the Aurora Attacks

It’s been more than two weeks now since the cyber-end of the cyber-world caused by the cyber-attacks on the cyber-networks of Google, Adobe and several other high tech companies, and amid all of the noise and hand-wringing there has been precious little in the way of cool, logical analysis of what lessons might be drawn from the incidents.

At least three US oil companies were victims of highly targeted,
email-borne attacks designed to siphon valuable data from their
corporate networks and send it abroad, according to a published report
citing unnamed people and government documents. Read the full article. [The Register]

Microsoft’s Internet Explorer (IE) could inadvertently allow a hacker
to read files on a person’s computer, another problem for the company
just days after a serious vulnerability received an emergency patch. Read the full article. [Computerworld]

The cost of a data breach increased last year to $204 per compromised
customer record, according to the Ponemon Institute’s annual study. The
average total cost of a data breach rose from $6.65 million in 2008 to
$6.75 million in 2009. Read the full article. [IDG News]

The Internet Systems Consortium (ISC), the company behind the open source DNS BIND, software, has released security updates to resolve a DNSSEC-related vulnerability that could lead to Denial-of-Service (DoS) attacks. Read the full article. [The H Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.