4
Nov
The spread of malicious software that can harm computers and open gateways for hackers and identity thieves is on the rise according toMicrosoft (NSDQ: MSFT).
The amount of so-called malware and other unwanted software found on computers rose 43% in the first half of the year, the company said Monday. More than 90% of the vulnerabilities affected applications, while only about 10% impacted operating systems, according to Microsoft, which released the data in its Security Intelligence Report.
3
Nov
The demand that the development of web 2.0 has placed on browsers to become more interactive and act as a portal rather than just a viewing platform is opening up new vulnerabilities to unsuspecting users, Itzik Kotler, team leader of the Security Operation Center at Radware, has warned.
As well as developing new signatures and analytics tools for Radware scanning software, Kotler also works on finding new classes of vulnerabilities before they appear in the wild. One such security hole is in Javascript, which would allow a hacker to copy any file from a user’s PC with little chance of detection – something many have considered to be impossible.
16
Sep
Hundreds of webpages in a section of BusinessWeek’s website which offers information about where MBA students might find future employers have been affected. According to Sophos, hackers used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site’s underlying database - to pepper pages with code that tries to download malware from a Russian web server.
14
Feb
Hoax Valentine’s messages that aim to infect your PC and turn it into a bot are circulating already.
Security firms are warning that cybercriminals are attempting to infect the PCs of innocent surfers by convincing them that they have a secret admirer.
Anyone who opens the email is putting themselves at risk of losing their own personal information, as well as allowing hackers to remotely control the PC for their own ends.
The emails have subject lines such as “Love Rose”, “Rockin’ Valentine” and “Just You” and contain a file called valentine.exe.
27
Jan
Most websites serving up malware are legitimate according to a senior security researcher. Dan Hubbard, Websense’s vice president of security research, said that for the first time, legitimate sites seized by hackers outnumber malicious ones.
According to data compiled by Websense, 51 percent of the sites it classified as malicious in the second half of 2007 had been compromised and then seeded with attack code that infected unpatched machines visiting the URLs. The remaining 49 percent were “intentionally built for malicious intent,” the Websense report said.
21
Jan
Security experts have warned users to focus on securing their whole online lifestyle in 2008.
Care should be taken in all aspects of online services, including bill payments, shopping and stock trading, and not just in the use of social networking and gaming sites.
“Social engineering will still be the preferred method to lure people into infecting their computer or giving away password information, but the approaches will become much more sophisticated,” said Diego d’Ambra, chief technology officer at SoftScan.
20
Jan
With many malware gangs crossing national borders and hitting international headlines, the marketplace for these illegal incidents is quickly becoming one like an open source community.
This is according to Thomas Holt, a professor criminal justice at the
Mr Holt and a team of researchers have been looking through websites, internet relay channels and other online forums where malware is discussed to find just what makes it so advantageous to communicate across the world with hackers.
8
Jan
Researchers have discovered the first trojan for Apple’s iPhone.
The malicious package, called “iPhone firmware 1.1.3 prep” by its creator, was first reported Saturday on blogs, purporting to be “an important system update, according to researchers at Symantec Security Response.
The trojan is harmful to the iPhone only in that it overwrites applications such as “Erica’s utilities,” a collection of command-line utilities for the mobile device, and OpenSSH. When an iPhone user deletes the faux firmware package, those applications are also removed, researcher Orla Cox said today on the Symantec Security Response blog.
Source: SC Magazine
7
Jan
A three-pronged approach can prevent threats from damaging data networks. Although many companies have policies in place that deny employee access to Web sites that are not work related, the monitoring and enforcement of these policies is not always easy. Over the past year, there have been numerous stories about employees who visited Web sites such as YouTube or Monster.com, resulting in their work computer becoming infected with a piece of Web-borne malware. This type of problem is likely to grow as cyber criminals find that the use of Web-borne malware can infect hundreds of thousands of users in moments.
©2007-2008 dralnuX: beyond the box
