HSBC Warns of Exposed Customer Info

HSBC Bank says a bug in its imaging software inadvertently exposed
sensitive data about some of its customers going through bankruptcy
proceedings. Read the full article. [Computerworld]

Phishing Lands Big Paydays from Small Batches

Phishers actually land a tiny percentage of
victims, but the end result is big bucks — to the tune of $2.4 million
to $9.4 million a year, according to a new study that measured real
phishing attacks on banks. Read the full article. [Dark Reading]

New Mac OS Proof-of-Concept Attack Revealed

A security researcher has released a proof-of-concept attack that
exploits critical vulnerabilities that Apple patched on Thursday; The
vulns stem from bugs in the Java runtime environment that allow
attackers to remotely execute malicious code. Read the full article. [The Register]

An attacker with access to the target computer simply boots from a USB
flash drive and replaces the BitLocker bootloader with a substitute
bootloader which mimics the BitLocker PIN query process but saves the
PINs entered by the user to disk in unencrypted form. Read the full article. [The H Security]

Just two weeks after the release of exploit code
for a critical (remotely exploitable) security hole in its Internet
Explorer browser, Microsoft says a fix will be included in this month’s
batch of Patch Tuesday updates.

Although the combined number of reported data breaches in the
government and the military has dropped in 2009 compared to last year,
many more records were compromised in those breaches, according to
recent figures compiled by the Identity Theft Resource Center. Read the full article. [Government Technology]

Novell has released a security update for its eDirectory server to remedy a heap overflow vulnerability.  Attackers can remotely exploit the flaw to
crash or penetrate a server. The vendor says that the vulnerability can
be exploited with a specially crafted NDS Service Request. Read the full article. [The H Security] Read the original advisory.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.