June, 2011
Google Street View snooping lawsuits will proceed – CNN
NEW YORK (CNNMoney) — A federal judge has denied Google’s request to dismiss several lawsuits accusing the company of illegally collecting private information from open Wi-Fi networks. The ruling, filed in California court Wednesday, is a setback for Google as it tries to put its “Street View” debacle behind it. In May 2010, Google admitted [...]
US Govt releases bank security guidance – SC Magazine
Guidelines aim to curb corporate bank account takeovers. The long-awaited update to the US Federal Financial Institutions Examination Council (FFIEC) guidelines around authentication has been released. The supplement (pdf) specifically speaks to the widespread scourge of corporate bank account takeovers. Over the last several years, US organisations have lost hundreds of millions of dollars because [...]
SEO Poisoning Campaign Infecting Users With Black Hole Exploit Kit
Researchers have found a new black hat SEO campaign that is being used to redirect users to links that will install the Black Hole exploit kit. The attack is based on searches for, of all things, Shia Labeouf, and leads users through a forest of redirects before plopping them on the compromised site. The new [...]
Hackers pierce network with jerry-rigged mouse – The Register
Mission Impossible meets Logitech. When hackers from penetration testing firm Netragard were hired to pierce the firewall of a customer, they knew they had their work cut out. The client specifically ruled out the use of social networks, telephones, and other social-engineering vectors, and gaining unauthorized physical access to computers was also off limits. Deprived [...]
Home of Outed Alleged LulzSec Member Raided in Ohio – threatpost
News reports say the FBI has raided a home in Hamilton, Ohio as part of an investigation of LulzSec, the group responsible for a string of attacks on prominent targets in recent months. Local media reports said the home, located on Jackson Road in Hamilton, Ohio, was the residence of a teenager who is believed [...]
Google Mail wants to help users identify phishing emails – The H Security
In future, Google Mail will display added email sender information so that users can better determine whether they are dealing with a phishing scam. Instead of just the sender’s name, Google Mail users can now also see the sender’s full address. However, this address might not be correct, as it is very easy to generate [...]
OpenOffice.org site goes offline, Oracle declines to comment – The Register
Two URLs including the OpenOffice.org domain owned by software giant Oracle are currently displaying error messages, but the Larry Ellison-run company is declining to explain why the sites are down. The openjdk.java.net is also currently failing to load. Both sites carry the same “Error 503 – service unavailable” message, and the URLs are owned by [...]
“Credit card overdue” spam carries malware – Help Net Security
Spam emails seemingly coming from a credit card company have been hitting inboxes and trying to scare users into downloading and running the attached malicious file: According to M86 Security, the credit card company is not named since the spammers are trying to target all credit card owners, and the attached file – supposedly a [...]
Up-And-Coming Botnet Uses Same Malware Kit As Defunct Mariposa – Dark Reading
‘Butterfly bot’ kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters. A financial-fraud botnet built with the same malware kit used in the now-defunct Mariposa botnet remains active after arrests this month of two Eastern European men who allegedly ran it. Researchers at Unveillance, Panda Labs, and Damballa [...]
Google’s cloud is wide open, Insecurity expert warns of extension perils – TechEye
While Google is touting that its cloud-based services are more secure than any other computer method, security experts are saying that’s rubbish. Matt Johansen, a researcher with WhiteHat Security, found a flaw in a Chrome OS note-taking application and used it to take control of a Google email account. He reported it to Google, which [...]
Fake IRS Scam Campaign Pushing Zeus Bot – threatpost
There is a large scale spam campaign underway right now in which attackers are using fairly well-crafted emails that appear to come from the IRS to infect victims with the Zeus bot. The attack has been ongoing for a couple of weeks now, and researchers say that although the attackers have taken some precautions to [...]
WordPress 3.1.4 Update Released
WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and [...]
Microsoft patent points to Skype snooping – The Register
A new Microsoft patent points towards Skype becoming equipped for lawful interception, which could be important as the service grows up to challenge traditional telcos. The patent was filed back in 2009, but granted last week and picked up by Computerworld. Titled “Legal Intercept”, it covers one way in which a VoIP-based communications system might [...]
Laughs Just Keep on Coming — LulzSec’s Final Release Contained Malware – All Things Digital
Saturday night as was I reporting on the “retirement†of the criminal hacker gang LulzSec, I took a chance: I downloaded the file containing the group’s “final drop,†which it had released to the BitTorrent site The Pirate Bay. The file was 600-plus megabytes and contained several things, including evidence that the group, or someone [...]
Hackers Break into Computer System at Ann Arbor-Based Pub – Hospitality Technology
The Detroit Free Press reports: Ann Arbor police say hackers broke into the computer system of a popular Irish restaurant, Conor O’Neill’s Restaurant, stealing numerous credit card and debit card numbers to make purchases. The case came to light after the credit and debit cards were fraudulently used in the state of Texas between April [...]
