Yahoo Messenger Malvertising Hijacks Your Browser Start Page to Vietnamese Portal
" until removal tool is readygo to http://technet.microsoft.com/en-us/sysinternals/bb545027
download & execute: autoruns
look after “Laban.vn” and disable it
additionally you can add this line in hosts file
127.0.0.1 laban.vn "
‘Password’ is still the worst password, but watch out for ‘ninja’
Although the tech world is always changing, one thing remains the same: A lot of people use terrible passwords.Splashdata, a security software developer, released its annual list of the most common passwords on the Internet. Once again, “password,” “123456,” and “12345678” are the three most popular, in that order.
The list of most common passwords is based on file dumps from online hackers. Splashdata notes that 2012 saw several high-profile security breaches, including Yahoo, LinkedIn, eHarmony, and Last.fm. The company says it releases its annual list to raise awareness of bad passwords …
See the list & read more at :
http://www.pcworld.com/article/2013012/password-is-still-the-worst-password-but-watch-out-for-ninja.html
Barnes & Noble says pin pads in 63 stores hacked
Barnes & Noble Inc. said Tuesday that devices used by customers to swipe credit and debit cards have been tampered with in 63 of its stores in nine states.The New York-based bookseller said in a statement Tuesday only one of the devices, known as PIN pads, was tampered with in each of the 63 stores. The stores are in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
Read more at :
http://blog.al.com/wire/2012/10/barnes_noble_says_pin_pads_in.html
Campbell River RCMP issues computer virus alert for ‘sophisticated screen’ that takes over monitor
Campbell River RCMP has issued a warning about a new computer virus affecting local computers.The virus locks your computer and displays a sophisticated screen with the message: “Police Cybercrime Investigation Department. Your computer has been locked!” Beside the title is a coat of arms similar to the RCMP’s, labelled “Canadian Pacific Police Service.”
This is not an existing police agency, the RCMP says. The virus takes over your webcam and displays a live-streaming video of yourself on the screen along with other messages and instructions.
See & read more at :
http://www.timescolonist.com/news/Campbell+River+RCMP+issues+computer+virus+alert+sophisticated/7432776/story.html
Spying Eyes Are Watching You
Now that the Cold War is a distant memory and James Bond movies just ain’t what they used to be, you may think that the spy game is dead. Well, think again. A new report from the Office of the National Counterintelligence Executive, charmingly called ONCIX, tells quite a different story.Espionage against the United States is a “significant and growing threat to the nation’s prosperity.” Spying is, in fact, even worse than it was in the salad days of Smiley’s people because of the advent of … you guessed it: the Internet. Says ONCIX: “Cyberspace—where most business activity and development of new ideas now takes place—amplifies … threats by making it possible for malicious actors … to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.”
Read more at :
http://www.baselinemag.com/c/a/Intelligence/James-Bond-Lives-746971/
Dos/DDoS Attacks Grow in Complexity
As GoDaddy and Bank of America recently discovered, denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are commonplace and increasingly sophisticated
Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are a vexing problem for organizations. What's more, as GoDaddy and Bank of America recently discovered, they're commonplace and increasingly sophisticated. Hackers use these techniques to take down sites and damage a company's reputation or bottom line. Unfortunately, "Every site is a potential target," observes Tal Beery, security researcher for Imperva.Imperva’s September Hacker Intelligence report, “Denial of Service,” provides some insight into the current state of DoS and DDoS, which are increasingly used by groups such as Anonymous and LulzSec to support their goals and promote their messages. A growing problem, the report notes, involves hackers executing DDoS attacks by analyzing the technical tools and trends deployed during several recent hacking operations.
Read more at :
http://www.baselinemag.com/security/dosddos-attacks-grow-in-complexity/
Public Privacy and the Glass House
We must live with the fact that we cannot protect the Internet environment when we live in a glass house—a characterization of how insecurity pervades our world.
There always has been tension between functionality and security, and likely always will be. Functionality usually wins out because we can calculate the ROI value for functionality, but calculating ROI for security is problematic.Efforts to forecast the consequences of a future breach, leak or insider theft rapidly break down. They sound like hollow warnings by Henny Penny that the sky is falling. It’s uncomfortable—and often professionally suicidal—to make projections for costs and likely consequences for cyber-threats.
Read much more at :
http://www.baselinemag.com/security/public-privacy-and-the-glass-house/
Israel Police disconnect from Internet, fearing cyber war
Officers ordered to be extra careful with computers following fears of an attack; unclear if breach was wide-scale attack or virus.
Investigators from the Israel Police information security branch are on the trail of a viral break-in of the national police computer system, which forced the police to take their operations off-line on Wednesday, and issue strict computer security guidelines to officers.On Thursday, police announced that they had ordered all officers to no longer use the Internet on police computers and avoid using thumb drives or CDs, or any other passing of data and programs between police computers. They said the decision was made after an infiltration of some sort in the police computer system raised flags in the computer security department of the police.
Read more at :
http://www.jpost.com/NationalNews/Article.aspx?id=289260&R=R2
Massive Data Breach Hits South Carolina State Tax System
The latest breach shows that state and local governments as well as private corporations need to better lock down their data and perform regular security assessments, security experts say.
The theft of approximately 3.6 million Social Security numbers and information on 387,000 credit and debit card accounts is yet another reminder that all IT operations should lock down their sensitive data by segmenting their networks, using better access controls, and regularly performing vulnerability assessments, security experts said.On Oct. 26, the South Carolina Department of Revenue announced that attackers had breached its systems in September, following two previous attacks in August. The attacks exploited an unspecified vulnerability in the system, which the state agency closed on Oct. 20. The online thieves who breached its network took a large amount of sensitive information on any taxpayers that had filed tax returns since 1998.
Read more at :
http://www.eweek.com/security/massive-data-breach-hits-south-carolina-state-tax-system/
Phishing attack promises a free version of Windows 8
http://sophosnews.files.wordpress.com/2012/10/windows8-phish-email.jpg?w=640
Don’t be fooled. If you want windows 8, buy it. You can’t get if for free!
Telefónica wants to turn customer data into cash
http://www.h-online.com/security/news/item/Telefonica-wants-to-turn-customer-data-into-cash-1739251.html
Free e-books could infest thousands of tablets through malcious javascript: ePub 3 standard leaves room for interactive elements using javascript, opening the door to malcious hacker exploits: http://www.eburon.nl/301012_gratis_ebook_infecteert_tienduizenden_tablets_met_trojan → article author Wiebe de Jager
( 30-10-12 15:13 ) This could mean a serious threat in the foreseeable future,
polonus
Thousands and thousands of firms can be easily hacked through SNMP through bad configuration of routers and ADSL modems:
http://www.securitypronews.com/securitypronews-24-20030909SNMPEnumerationandHacking.html
Link article by Mati Aharoni
First it was thought it was only a printer related problem, but the situation is far worse as iniitially assumed.
And as we read from the link the threat already existed in 2005.
See this Dutch newspaper article
http://www.telegraaf.nl/digitaal/13140020/__13.656_bedrijven_zo_te_hacken__.html
polonus
New vicious UEFI bootkit vuln found for Windows 8
Certainly not good news.
Don’t social network on you and yours being away for a social gathering nearby. Burglars may read your messages and bring a visit to the premishes.
Keep your private affairs private.
polonus
Malware Infects About 13 Percent of Home Networks: Kindsight Report
A network security provider finds that 13 percent of home networks in North America are infected with malware, including 2.2 million systems infected with the botnet using compromised systems for click fraud.Malware continues to plague home users, with about 13 percent, or nearly one-in-seven home networks showing signs of at least one compromised system, network security firm Kindsight stated in a report published on Oct. 30.
The firm, which provides security services to major Internet service providers, can detect when computers are trying to communicate with a malicious domain or server. In the third quarter of 2012, some 6.5 percent of home networks showed signs of hosting highly dangerous malware, such as a banking trojan or bot software, while 8.1 percent showed signs of more moderate infections, such as adware or spyware. Some networks had both types of infections.
Read more at :
http://www.eweek.com/security/malware-infects-about-13-percent-of-home-networks-kindsight-report/
Vupen brags about Windows 8 hack
http://www.h-online.com/security/news/item/Vupen-brags-about-Windows-8-hack-1742332.html
Trojan bargain with Windows 8 support
http://www.h-online.com/security/news/item/Trojan-bargain-with-Windows-8-support-1740800.html
Speculation over Facebook access via Google index
http://www.h-online.com/security/news/item/Speculation-over-Facebook-access-via-Google-index-1742538.html
New zero-day in Adobe-X exploited in blackhole kit malware: http://www.group-ib.com/index.php/7-novosti/672-group-ib-us-zero-day-vulnerability-found-in-adobe-x"
polonus