2201

Cyberthieves loot $400,000 from city bank account

Cybertheft comes just days after RSA issued a warning that criminal gang planned massive attacks against U.S. banking customers

Burlington, Wash. officials have notified hundreds of employees and residents that their bank account information was compromised last week when hackers broke into city systems and stole more than $400,000 from a city account at Bank of America.

Among those impacted by the breach are employees participating in Burlington’s electronic payroll deposit program and utility customers enrolled in the city’s autopay program for sewer and storm drain charges.

In an alert issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was comprised following an intrusion into a city utility billing system.

I am glad I do not use Bank of America. This is the third time this year they have been compromised which shows a lack of proper Internet security on the bank’s part.

Read more at :
http://www.computerworld.com/s/article/9232372/Cyberthieves_loot_400_000_from_city_bank_account

2202

Windows 7 malware infection rate soars in 2012

But 2009 OS still 2X-3X less likely to get hacked than 11-year-old XP

Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today. But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP.

Data from Microsoft’s newest twice-yearly security report showed that in the second quarter of 2012, Windows 7 was between 33% and 182% more likely to be infected by malware than in the second quarter of 2011.

“This may be caused in part by increasing acceptance and usage of the newest consumer version of Windows,” said Microsoft in its latest Security Intelligence Report. “Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population. As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices.”

But other elements came into play, argued Tim Rains, director of Microsoft’s Trustworthy Computing group.

Read more at :
http://www.computerworld.com/s/article/9232188/Windows_7_malware_infection_rate_soars_in_2012?source=toc

2203

Microsoft patches 20 bugs, including critical Word flaw

Microsoft today patched 20 vulnerabilities in Word, Office, Windows, SharePoint Server, SQL Server and other products in its portfolio, including a critical bug in the company's popular Word program and another already used to attack the company's own online services.

Of Tuesday’s seven security updates, one was labeled “critical,” Microsoft’s most-severe threat ranking, while the others were pegged as “important,” the next-most-serious rating.

The critical update for Word affected all versions of Microsoft’s word processor on Windows, including Word 2003, 2007 and 2010; Word Viewer, the add-on that lets users who don’t own Word view and print documents; and Office Web Apps, the free online editions of Word, Excel, PowerPoint and OneNote.

Read more at :
http://www.computerworld.com/s/article/9232207/Microsoft_patches_20_bugs_including_critical_Word_flaw?source=toc

2204

Mozilla yanks Firefox 16 one day after release

Critical vulnerability overlooked or introduced by previous patching; fix due Thursday

Mozilla yesterday took the unusual step of yanking Firefox 16 from distribution just a day after its release. The company said a critical vulnerability triggered the move.

The bug was apparently overlooked by Mozilla while it was developing Firefox 16, or introduced by the fixes baked into the upgrade that started reaching users early Tuesday.

“Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). Firefox version 15 is unaffected,” said Michael Coates, Mozilla’s director of security assurance, in a Wednesday post to the company’s security blog.

Read more at :
http://www.computerworld.com/s/article/9232282/Mozilla_yanks_Firefox_16_one_day_after_release?source=toc

2205

Facebook connects with AVAST to protect users

AVAST Software has teamed up with Facebook to help you and your friends stay safe. AVAST is sharing its Virus Lab data with Facebook in the combined attempt to prevent malware being shared unknowingly by Facebook users. Whenever someone clicks a link within Facebook, Facebook checks the URL in the AVAST cloud, in real time. If the URL is infected, the user sees a message warning of the potential threat.

Read more at :
http://blog.avast.com/2012/10/16/facebook-connects-with-avast-to-protect-users/

2206

Santander’s online banking keeps passwords in cookies
http://www.h-online.com/security/news/item/Santander-s-online-banking-keeps-passwords-in-cookies-Update-1730364.html

2207

Unbelievable!

2208

That is a terrible practice but I would bet more banks than you would think do the same thing.

2209

Cyber-Security Threats Unaddressed by Small Businesses

Small-business owners are woefully unprepared when it comes to protecting their companies from various forms of internal and external security threats.

When it comes to security, small and midsize businesses are largely unaware of the risks they face, according to a survey of 1,015 U.S. SMBs by the National Cyber Security Alliance (NCSA) and security specialist Symantec. The report found more than three-fourths (77 percent) of respondents said their company is safe from cyber-threats, such as hackers, viruses, malware or a cyber-security breach, yet 83 percent have no formal cyber-security plan.

One encouraging finding was that companies founded in the wake of the economic crisis are almost 20 percent more likely than older small businesses to have a written plan in place for keeping their business secure from cyber-threats.

Read more at :
http://www.eweek.com/security/cyber-security-threats-unaddressed-by-small-businesses-symantec/?kc=EWKNLEDP10182012D

2210

The Biggest Troll on the Web
http://gawker.com/5950981/unmasking-reddits-violentacrez-the-biggest-troll-on-the-web
http://cnnpressroom.blogs.cnn.com/2012/10/18/ac360-video-preview-exclusive-invu-w-reddit-jailbait-moderator-michael-brutsch-tonight/

2211

How to fail at nuclear espionage
http://blogs.norman.com/2012/security-research/how-to-fail-at-nuclear-espionage

2212

HP asks researcher not to publish security vulnerabilities
http://www.h-online.com/security/news/item/HP-asks-researcher-not-to-publish-security-vulnerabilities-1733216.html

2213

HSBC confirms cyber attack

A cyber attack targeted HSBC websites this week, preventing customers from using HSBC online services, including internet banking.

A day after the Oct. 18 attack, the global financial firm released a statement saying that “some sites” are operating again. The denial of service attack did not affect customer data, the bank said.

A spokesperson could not say whether HSBC commercial banking customers in Western New York were impacted.

Several banks around the country have encountered cyber attacks in recent weeks. Capital One Financial Corp. and BB&T Corp. were also targeted this week.

Read more at :
http://www.bizjournals.com/buffalo/news/2012/10/19/hsbc-confirms-cyber-attack.html

2214

Social engineering is a growing threat to computer security

Some companies protect their computer systems with expensive technology, but they often overlook the employee who may be conned into unlocking private information and giving it away to anyone who asks for it.

Technology security experts like Nathan LaFollette are hired to test computer systems for vulnerabilities – both inside and outside the building. He said the human element is often the weakest link and can be exploited by social engineering. He says hackers sometimes find it easier to trick an employee to reveal passwords than finding their own way through computer firewalls.

Experts at technology firms like Cisco report that hackers are constantly using social engineering techniques that take advantage of real employee names, partial passwords or use schemes to convince employees they’re involved in legitimate transactions.

“Social engineering is a huge threat for corporations, but they don’t spend a lot of money or training on it,” said LaFollette, founder and chief executive officer of Inet\Detect in Brunswick. “It’s a major problem that will continue to grow and it’s not something that you can just throw products at to remediate.”

See & read more at :
http://www.cleveland.com/business/index.ssf/2012/10/social_engineering_is_a_growin.html

2215

Real-Time Cyber-Attack Map

"In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."

Read at :
http://it.slashdot.org/story/12/10/19/2344253/real-time-cyber-attack-map?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+(Slashdot)

See active map at :
http://map.honeynet.org/

2216

Spammers spoof shortened links ending on .gov: http://www.symantec.com/connect/blogs/spam-gov-urls (link author: eric park on Symantic Community: Connect)
example 15% of all clicks on 1 dot usa dot gov go to spam…

polonus

2217

It is a shame that this technology is insecure and spreads information to potential burglers that residents are not at their homes.
Read this articles on the insecurity of read-out of smartmeters: http://www.winlab.rutgers.edu/~gruteser/papers/fp023-roufPS.pdf
Article authors are Ishtiaq Rouf∗, Hossen Mustafa∗,Miao Xu, Wenyuan Xu†
University of South Carolina, Rob Miller Applied Communication Sciences, Marco Gruteser Rutgers University

polonus

2218

White House Denies Networking Firm Huawei Cleared of Spying for China

No review has cleared Huawei or any other vendor supplying telecommunications equipment to U.S. firms of spying allegations, a White House official said.

The White House is denying a media report that an investigation into corporations supplying U.S. telecommunications companies with equipment found no proof Huawei Technologies was involved in espionage on behalf of China.

Citing anonymous sources, Reuters reported that an 18-month examination of Huawei’s communications equipment revealed the products contained security vulnerabilities that could be exploited by hackers, but not evidence the company had spied on the United States.

Read more at :
http://www.eweek.com/networking/white-house-denies-networking-firm-huawei-cleared-of-spying-for-china/?kc=EWKNLEDP10222012E

2219

Android Malware Takes off, Mostly Outside the U.S.

A very compelling reason to be using Avast Mobile Security on Android devices

Attackers are continuing to focus more heavily on mobile devices, and in particular those running Google’s Android operating system, posting 175,000 malicious or suspicious programs to app stores.

The activity in the third quarter is a steep increase from the previous quarter when the firm only found 30,000 apps that appeared to take malicious actions or aggressively gather information on a user.

Read more at :
http://www.eweek.com/security/android-malware-takes-off-mostly-outside-the-u.s./?kc=EWKNLEDP10232012E

2220

Google Drive opens backdoor to Google accounts
http://www.h-online.com/security/news/item/Google-Drive-opens-backdoor-to-Google-accounts-1735069.html