Archive for January, 2008
The number of legitimate Web sites that have been hacked and seeded with code that tries to infect visitors PCs with malware now exceeds the number of sites specifically created by cyber criminals.
Symantec reported Tuesday that the first case of drive-by pharming, in which a hacker changes the DNS settings on a customer’s broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank.
Security researchers Nitesh Dhanjani and Billy Rios, who recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites turned into an extraordinary tour through the ecosystem that supports the business of phishing.
Every year gets its share of major, jaw-dropping security blunders. This is a retrospective for the 21st century so far, with special attention on 2007.
Vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software.
The 14-year-old modified a TV remote control so that it could be used to change track points.
In the past month, at least three consumers have reported that photo frames – small flat-panel displays for displaying digital images – received over the holidays attempted to install malicious code on their computer systems.
GNU Citizen have been researching UPNP Vulnerabilities in home routers, and have produced a flash swf file capable of opening open ports into your network simply by visiting an unfortunate URL.
Years ago, attackers would often have one or two really important machines that were the centerpiece of their criminal money-making schemes. The bad guys, thus, often faced one or more single points of failure in their criminal infrastructures. So, how have today’s enterprising bot-herders, making millions of dollars from their criminal empires, responded to the single points of failure? Two words: fast flux.
Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call.
Seen more as a prank than an actual threat, a Trojan horse for the Apple iPhone, has already come and gone. Still, users should be on the look out for a package called “iPhone firmware 1.1.3 prep,” described as something you need to install before updating to the new 1.1.3 firmware.
Matt Richard from Verisign’s iDefense sent us some information regarding the Master Boot Record (MBR) rookit that’s been found in the wild in the past weeks.