MayDay! Sneakier, More Powerful Botnet on the Loose

A new peer-to-peer (P2P) botnet even more powerful and stealthy than the infamous Storm has begun infiltrating mostly U.S.-based large enterprises, educational institutions, and customers of major ISPs.

Truecrypt 5.0 released

The popular open source privacy tool, TrueCrypt, has just received a major update. The most exciting new feature provides the ability to encrypt an entire drive, prompting the user for a password during boot up; this makes TrueCrypt the perfect tool for non-technical laptop users (the kind who are likely to lose all of that sensitive customer data). The Linux version receives a GUI and independence from the kernel internals, and a Mac OS X version is at last available too.

Google Blamed For Indexing Student Test Scores & Social Security Numbers

Heads Up Internet Explorer Users

A plug-in for Microsoft’s Internet Explorer Web browser that helps users upload photos to popular sites such as Facebook and Myspace contains multiple security holes.

When Security Improvements Backfire

Recently, when conducting an (authorized) security review at a small web hosting provider, I ended up as “root” on all their Unix systems within a matter of hours, and did not even need any l33t buffer overflow or the like. Well-meaning system administrators had tried to improve security of their servers, and had unwittingly ended up making life much easier for the bad guys.

Report - 51 Percent Of Malicious Web Sites Are Hacked

The number of legitimate Web sites that have been hacked and seeded with code that tries to infect visitors PCs with malware now exceeds the number of sites specifically created by cyber criminals.

Drive-By Pharming In the Wild

Symantec reported Tuesday that the first case of drive-by pharming, in which a hacker changes the DNS settings on a customer’s broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank.

Spies In the Phishing Underground

Security researchers Nitesh Dhanjani and Billy Rios, who recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites turned into an extraordinary tour through the ecosystem that supports the business of phishing.

Retrospective: 10 Security Blunders

Every year gets its share of major, jaw-dropping security blunders. This is a retrospective for the 21st century so far, with special attention on 2007.

Zero-Day Exploit For Apple’s QuickTime Posted

Vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software.

Polish teen derails tram after hacking train network

The 14-year-old modified a TV remote control so that it could be used to change track points.

Malware Distribution Through Physical Media a Growing Concern

In the past month, at least three consumers have reported that photo frames - small flat-panel displays for displaying digital images - received over the holidays attempted to install malicious code on their computer systems.

Most Home Routers Vulnerable to Flash UPnP Attack

GNU Citizen have been researching UPNP Vulnerabilities in home routers, and have produced a flash swf file capable of opening open ports into your network simply by visiting an unfortunate URL.

Thinking fast-flux: New bait for advanced phishing tactics

Years ago, attackers would often have one or two really important machines that were the centerpiece of their criminal money-making schemes. The bad guys, thus, often faced one or more single points of failure in their criminal infrastructures. So, how have today’s enterprising bot-herders, making millions of dollars from their criminal empires, responded to the single points of failure? Two words: fast flux.

Eavesdropping on Bluetooth headsets

Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call.

New iPhone Trojan Spreading

Seen more as a prank than an actual threat, a Trojan horse for the Apple iPhone, has already come and gone. Still, users should be on the look out for a package called “iPhone firmware 1.1.3 prep,” described as something you need to install before updating to the new 1.1.3 firmware.

Master Boot Record rootkit

Matt Richard from Verisign’s iDefense sent us some information regarding the Master Boot Record (MBR) rookit that’s been found in the wild in the past weeks.

Oak Ridge National Labs hit with targeted attacks

Oak Ridge National Laboratory (ORNL) announced last week that more than a dozen employees fell prey to a “a sophisticated cyber attack”, exposing a database containing visitors’ personal information.

Ask.com enables anonymous web search

Web search site Ask.com has launched a feature that allows users to delete data on their search queries.

Media player users beware - more vulns ahead

Attack code has already been released… codec used by older versions of Windows Media Player, made by Microsoft, and in AOL’s Winamp.

DNS attack could signal Phishing 2.0

Open-recursive’ DNS servers could redirect users to phishing sites, researchers say.

The ‘Malware Economy’ Evolves

Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don’t think we are really winning this war.