EBay: Phishing likely to blame for members’ data theft

EBay’s security experts have determined that it’s highly likely that whoever posted confidential information about its members in a company discussion forum this week stole the data via an e-mail phishing scam, an eBay spokeswoman said Thursday. http://www.networkworld.com/news/2007/092707-ebay-phishing-likely-to-blame.html

Apple iPhone Multiple Vulnerabilities

Impact:  Hijacking, Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS, System accessWhere:  From remoteSolution Status:  Vendor Patch  OS: Apple iPhone 1.x Some vulnerabilities, security issues, and a weakness have been reported in the Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or to compromise a vulnerable system. 1) An input validation error when handling SDP (Service Discovery Protocol) packets exists in the iPhone’s Bluetooth server. This can be exploited by an attacker in Bluetooth range to cause the application … Continue reading Apple iPhone Multiple Vulnerabilities

Microsoft Security Bulletin MS07-042 Re-release

The following bulletin has undergone a major revision increment. Please see the appropriate bulletin for more details.   * MS07-042 – Critical Bulletin Information:===================== * MS07-042 – Critical  – http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx – Reason for Revision: Bulletin Updated: Added Microsoft Office    Compatibility Pack for Word, Excel, and PowerPoint 2007 File    Formats and Microsoft Expression Web as affected products.    The Bulletin has also been updated to inform customers that a    potential reliability issue exists in applications that have    installed Microsoft XML Core Services 4.0 on Windows Vista,    which can be addressed by applying the download available in    Microsoft Knowledge Base Article 941833.   – Originally … Continue reading Microsoft Security Bulletin MS07-042 Re-release

New Prime Minister, New Trojan

Today, a new Prime Minister took over office in Japan. As usual, malware authors are taking full advantage of this big occasion, launching targeted attacks that play upon the event. Symantec Security Response has received an archive file today with the file name mofa.zip, which contains an executable called mofa.exe. This file is detected as Backdoor.Darkmoon.E (http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-092515-0356-99) According to a local news source (in Japanese), an email pretending to be from the newly elected Prime Minister, Yasuo Fukuda, is hitting some individuals’ email boxes. The email contains content in regards to Japanese diplomacy in Asia, along with the address and … Continue reading New Prime Minister, New Trojan

Another WEP bytes the dust

Symantec blogs about aircrack-twp, a tool that can recover a 104-bit WEP key in less than 60 seconds. The advise: Stay away from WEP. Read more at http://www.symantec.com/enterprise/security_response/weblog/2007/09/another_wep_bytes_the_dust.html

F-Secure Security Bulletin FSC-2007-6

F-Secure Security Bulletin FSC-2007-6Vulnerabilities in scanning of specially crafted archives and certain packed executables Affected versions    F-Secure Anti-Virus for Windows Servers version 7.00 Mitigating Factors:    Exploitation of the vulnerabilities requires specially crafted archives or packed executables Issue only exists on 64-bit server platforms There are no known exploits. Solution:  Apply the patch. http://www.f-secure.com/security/fsc-2007-6.shtml

MessageLabs Intelligence: Virus and Phishing Levels Sky-rocket in September

MessageLabs announced the results of its MessageLabs Intelligence Report for September and 3rd quarter of 2007. The new data reveals that virus and phishing levels have significantly increased, reaching levels not seen since early 2006. In addition, MessageLabs exposes a second wave of highly targeted C-level and senior management email attacks with increased sophistication and outreach. More at http://www.messagelabs.com/resources/press/4927

Puppy Scams Lead to Heartbreak

ScamBusters.org is a site with information on identity theft, Internet scams, credit card fraud, phishing, lottery scams, urban legends, and how to stop spam.http://scambusters.org/ New article by them is entitled “Puppy Scams Lead to Heartbreak, Cautions ScamBusters.org”Read about it http://www.prweb.com/releases/2007/09/prweb556649.htm

ISSE: Emerging security threats challenge businesses

Hackers and cybercrime gangs are increasingly targeting smart phones, Macintosh computers and other “emerging” platforms, delegates to Europe’s largest independent security conference have been warned. Speaking at this year’s ISSE conference in Warsaw, Costin Raiu, head of research and development at anti-virus vendor Kaspersky Labs, said that security improvements in Windows Vista were making it harder for cyber-crime gangs to target PCs. At the same time, the growing popularity of alternative platforms, such as Mac OS and the Symbian mobile OS were bound to attract growing attention from hackers. http://www.itpro.co.uk/security/news/126403/isse-emerging-security-threats-challenge-businesses.html