RSS Alerts

Related Links

Related Stories

  • US phishing attacks soared 50% plus during July
    Research just released by Symantec shows that phishing attacks rose 52% in July while spam - as a percentage of all email - stayed about the same compared as the previous month.
  • One in six spam emails from USA
    The USA continued to be the top email spam country in the second quarter of 2009 making up 15.6% of global spam traffic, according to a report on the latest trends in spam from IT security and data protection firm Sophos.
  • Facebook moves to save face on T&Cs
    Social networking giant Facebook has back-tracked on a controversial decision to retain users' information, even when they close their accounts.
  • New Efforts to Battle Botnet-Driven Spam
    Network operators and ISPs from around the world are working together to address issues that will help block botnet-induced spam.
  • Facebook applications exposed as security risk
    Speculation on the security of social networking has increased amid reports that applications on Facebook are capable of collecting personal information.

News

Weekly brief - September 28, 2009

28 September 2009

Takedowns, Tools, Threats, and Tsk, Tsk! We review the week's information security news.

Takedowns

Razer, a manufacturer of hardware for computer gamers, took its support site down following reports by Rik Ferguson of Trend Micro that its downloadable device drivers were infected with a Trojan.

Tools

The latest version of BeEF, a browser exploitation framework, is now available. It demonstrates the collecting of zombie browsers and browser vulnerabilities in real time, and provides a command and control interface that enables the targeting of zombie browsers.

F-Secure has launched a new version of its Health Check product. Version 2.0 of the product, which checks your computer to see if it is protected and highlights security issues, is now in beta. It features expanded browser support, and has abandoned ActiveX.

Arshan Dabirsiaghi, director of research for Aspect Security, will launch an open source web software-based application firewall at the OWASP conference this November.

StorageCraft released version 3.5 of its ShadowProtect, which is a disk-based backup tool. The new version notifies users when the hard drive begins to fail, and can back it up, even when areas of the drive are no longer working.

Techniques

Researchers at Pacific Northwest National Laboratory and Wake Forest University have developed a system that uses swarm intelligence to identify security threats. It's modeled on ants, who defend successfully against intruders.

Threats

Idaho gets the most spam, with 93.8% of emails classified as junk, according to Symantecs' MessageLabs subsidiary. Kentucky, New Jersey, Alabama, Illinois, Indiana, Massachusetts, Pennsylvania, Arizona, and Maryland were runners up for the dubious honor.

Conficker continues to be effective, despite that it is almost a year since it was initially released, and even though it originally exploited a patched flaw. Experts say that the virus has migrated to encrypted peer-to-peer command and control.

Up to nine percent of the average enterprise's computers could be infected by bot software, according to research from Damballa - and 60% of infected enterprise computers are members of tiny targeted botnets numbering just a few hundred machines.

Tsk, Tsk

We should know better than this by now, shouldn't we? 2246 investors in the ponzi scheme of disgraced former NASDAQ chair Bernie Madoff had their names, addresses, and social security numbers stolen. They were on a computer left in a car by an employee of AlixPartners LLP, the consulting firm that has been processing victims' claims.

Another break-in may have compromised 31 000 patients at a health clinic in Kern County, after individuals entered a locked storage area that contained confidential patient information.

Privacy advocates praised Facebook's decision to shut down its controversial Beacon service, which used people's personal information for commercial marketing purposes. However, the company also published plans that it would release an API for its notification and mailbox services, meaning that applications written to operate in a social networking service will be able to peek at your email.

And finally... we wish this guy luck.

 

This article is featured in:
Business Continuity and Disaster Recovery Data Loss Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water