Microsoft IE breached by new attacks
There is no question that Microsoft’s Internet Explorer has become more secure over time. There’s also no question that with roughly 69 percent of the global browser market, IE remains a meaty target.
It is therefore not surprising that IE is under attack, though perhaps the recent breach of fully-patched IE is surprising, as as The Register reports:
The attacks target a flaw in the way IE handles certain types of data that use the extensible markup language, or XML, format. The bug references already freed memory in the mshtml.dll file. According to IDG News, exploits work about one in three times, and only after a victim has visited a website that serves a malicious piece of javascript.
6 tips to avoid security policy failure
Security breaches expose millions of consumers to identity theft every year, making this a particularly rampant form of IT-related failure. A new study pinpoints human error as the primary cause and offers recommendations for creating and enforcing usable policies.
It’s common for data breaches to result from incidents involving lost laptops, inadequate system testing, poor physical shipping practices, and sheer carelessness. In many cases, these breaches occur when employees violate established security procedures required by either government regulation or existing organizational policies.
A research report sponsored by security solution provider, Clavister, affirms the view that workers cause most security problems by ignoring established policies.
Microsoft Issues Last Round of Patch Tuesday Fixes for 2008 as Hackers Target Flaw
Microsoft issued eight bulletins as part of this month’s Patch Tuesday, including six that the company ranked “critical.” One of the vulnerabilities is already under attack by hackers.
Microsoft pushed out eight security bulletins as part of this month’s Patch Tuesday, including a fix for a vulnerability currently under attack.
According to the advisory, hackers have begun launching limited, targeted attacks against a vulnerability in an ActiveX control for the Microsoft Visual Basic 6.0 Runtime Extended Files. Visual Basic 6.0 Runtime Extended Files include select ActiveX controls, libraries and tools delivered with the Visual Basic 6.0 Integrated Development Environment (IDE) media and as an online release. The files are typically installed either by Visual Basic 6.0 IDE or Microsoft.com.
21 million German bank accounts - yours for only €12m
Identity thieves who claim they stole details of 21 million German bank accounts are offering to sell the data on the black market for €12 million (US$15.3 million), a German magazine reported over the weekend.
To prove they weren’t bluffing, the crooks produced the compact disc containing the names, addresses, phone numbers, birthdays account numbers, and bank routing numbers of 1.2 million accounts. Two investigative reporters for WirtschaftsWoche say they obtained the CD during a face-to-face meeting at a hotel in Hamburg with two individuals involved with the theft. The journalists were posing as interested buyers working for a gambling operation.
Eight easy steps to iPhone security
As someone who’s been around the block a few times with mobile technology, I get a kick out of lengthy treatises on the practices one should follow to keep the information on your iPhone secure. They follow a commonsense pattern: Use a PIN, set the device to auto-lock after a minimal delay, set it to blank itself after a limited number of invalid unlock attempts, block access to the App Store, use Safari’s security defaults, and use WPA2 security for Wi-Fi. This is helpful, but it isn’t enough. Users of the iPhone, and mobile devices in general, deserve the big picture regarding the balance of security and convenience.
Mozilla to pull antiphishing feature from Firefox 2.0 at Google’s request
Mozilla Corp. will drop antiphishing protection from the final version of Firefox 2.0 at Google Inc.’s request when Mozilla updates the browser later this month, a company executive confirmed today.
When Mozilla rolls out Firefox 2.0.0.19, the browser will be missing the antiphishing feature that the aging browser has sported since it debuted in 2006, said Mike Beltzner, director of Firefox, in an e-mail today.
“The latest published update for Firefox 2, which is Version 2.0.0.18, has the Phishing Protection feature enabled and working,” Beltzner said. “However, the next planned update for Firefox 2, Version 2.0.0.19, will be required to disable this feature.”
New trojan in mass DNS hijack
Researchers have identified a new trojan that can tamper with a wide array of devices on a local network, an exploit that sends them to impostor websites even if they are hardened machines that are fully patched or run non-Windows operating systems.
The malware is a new variant of the DNSChanger, a trojan that has long been known to change the domain name system settings of PCs and Macs alike. According to researchers with anti-virus provider McAfee’s Avert Labs, the update allows a single infected machine to pollute the DNS settings of potentially hundreds of other devices running on the same local area network by undermining its dynamic host configuration protocol, or DHCP, which dynamically allocates IP addresses.
FBI: Criminals Auto-dialing With Hacked VoIP Systems
Criminals are taking advantage of a bug in the Asterisk Internet telephony system that lets them pump out thousands of scam phone calls in an hour, the U.S. Federal Bureau of Investigation warned Friday.
The FBI didn’t say which versions of Asterisk were vulnerable to the bug, but it advised users to upgrade to the latest version of the software. Asterisk is an open-source product that lets users turn a Linux computer into a VoIP (Voice over Internet Protocol) telephone exchange.
Koobface worm still infiltrating Facebook
Chicago (IL) – Koobface, a worm that surfaced on Facebook in July, is spreading again and remains very active, according to a security alerts issued by Websense and McAfee.
Security experts from Websense warned users last month that they had picked up an email that indicated that user accounts infected by Koobface are being used to post messages to Facebook friends lists. “The content [of the email] was an enticing message with a link that used a Facebook open redirector. When recipients click the link, they are automatically redirected multiple times, finally reaching a site masquerading as YouTube that serves a malicious Trojan downloader.”
Firefox users targeted by rare piece of malware
Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.
The malware, which BitDefender dubbed Trojan.PWS.ChromeInject.A sits in Firefox s add-ons folder, said Viorel Canja, the head of BitDefender s lab. The malware runs when Firefox is started.
The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.
-
RSS Feed
-
Subscribe via Email
