RSS Alerts

Related Links

Related Stories

  • Apple moves swiftly to fix iPhone security flaws
    A potentially serious iPhone security flaw identified by researchers at the Black Hat security briefings in Las Vegas last week has been quickly patched by Apple Computer.
  • Apple releases Safari 4.0 to counter security flaws
    Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit
  • Forrester questions the security of cloud computing
    With the economic downturn, cloud computing is seen as a way to improve operational efficiency, reduce headcounts and help with the bottom line, but according to the report from Massachusetts-based Forrester Research on cloud computing, organisations should not jump on the ‘cloud wagon’ before considering security and privacy concerns.
  • Parabon's grid technology simulates DDoS site attacks
    Parabon Computation has launched a new service that simulates a distributed denial of service (DDoS) attack on a company Web site.
  • NYPD victim of data theft
    The New York Police Department's Pension Fund has admitted that the personal records of up to 80,000 police officers may have been compromised, following the theft of unencrypted data tapes from a disaster recovery facility.

News

Infosecurity weekly brief - September 15, 2009

15 September 2009

Breaches, threats, protections and security directions - we summarise what's been happening in the world of information security over the past week.

Breaches

A security researcher has found an SQL injection vulnerability in the web site of RideMatch.Info, a car pooling website that allows Californians to organise rides into work. The bug gave hackers access to sensitive information including names, home addresses and commute times.

Net luminary Robert Scoble was one of many people whose Wordpress websites were hacked after villains found a flaw in the code distributed by the communty project. Upgrade now, says Wordpress.

Dupont has apparently found a case of industrial espionage for the second time in two years. The case again involves a Chinese-born worker who was allegedly about to return to China with company secrets.

California-based Ferma Corp was robbed of US$447 000 by online crooks who used a combination of money mules and a probable online banking trojan to siphon off the cash.

Chase Bank had to notify customers of a data breach after a computer tape with personal information went missing from a third part vendor's care. It won't say how many customers are affected, what types of information were on the tape, or whether it was encrypted.

Threats

University researchers have discovered that security could be breached in cloud computing environments by launching attacks between virtual machines.

SANS has found a blue screen of death attack affecting Windows Vista, Windows Server 2008, and Windows 7. And Sunbelt has documented the attack in its Vista security newsletter, which it has just renamed to Win7News.

Panda Labs has documented the most dangerous computing malware programs of the last 20 years. And a new site called the Malware Distribution Project - the equivalent of those weapons labs that still keep small batches of smallpox for old times' sake - has another 3 336 483 of them on ice. Let's hope that its online security is good.

The Polytechnical Institute of New York University is organising the 2009 cyber war games, a hacking challenge which will hopefully identify the next generation of security experts.

Protections

Both Microsoft and Cisco have released security updates designed to stop a TCP-based denial of service attack discovered around a year ago.

Apple's anti-phishing update to mobile Safari isn't working as it should, according to anti-malware firm Intego. Its researchers tested the tool and found that the iPhone lets through sites that the desktop version of the browser blocks. Still, that isn't stopping Apple from beefing up the rest of its security; the firm issued fixes for over 47 security bugs across its products last week.

VeriSign launched a distributed denial of service (DDoS) monitoring and mitigation service called the VeriSign Internet Defense Network.

Directions

NIST has published a report on how to measure cybersecurity.

 

This article is featured in:
Application Security Data Loss Encryption Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water