Kaspersky Lab strengthens it’s Americas’ research bench with addition of new malware analysts (1 is from MS)

Kaspersky Lab announces that four new malware analysts have been hired to provide additional research support to the Americas region. Josh Phillips comes to Kaspersky Lab from Microsoft, where he served as a virus analyst who developed signatures for new and emergent malware. As a Senior Researcher with Kaspersky Lab, Josh will be responsible for continuing to identify and capture developing malware for the Americas region, as well as developing future technologies. Tim Armstrong comes to the Global Research and Analysis Team from Kaspersky Lab Americas’ corporate support team, where he worked with enterprise customers and performed on-site installations. In … Continue reading Kaspersky Lab strengthens it’s Americas’ research bench with addition of new malware analysts (1 is from MS)

Avast! Local Privilege Escalation and DoS Vulnerabilities (no plan to fix vuln.#2 for Avast v4 users but will fix it in Avast! v5)

Avast! installs some program files with insecure permissions. "Everyone" group has "Full Control" rights to the files/folders in the following path: "%Program Files%Alwil SoftwareAvast4Data". It means that any unprivileged user can modify, delete or change permissions of any file in DATA folder. The folder consists of data, executable and configuration files. In result multiple attack vectors are possible. Vulnerable Systems: * Avast! Professional Edition version 4.8.1356 and prior * Avast! Home Edition 4.8.1356 and prior Immune Systems: * Avast! Professional Edition version 5 * Avast! Home Edition 5 Vulnerability #1 Local privilege escalation. A local attacker (unprivileged user) can modify … Continue reading Avast! Local Privilege Escalation and DoS Vulnerabilities (no plan to fix vuln.#2 for Avast v4 users but will fix it in Avast! v5)

China anti-virus authorities warn of new Hack_Kido computer virus

China’s anti-virus authorities on Sunday warned computer users to guard against mutation of Hack_Kido computer virus, which could prevent users from downloading operation system loophole patches. The virus would monitor the users’ on-line browsing and close any web-site related with the Microsoft, preventing users from getting any help from the Microsoft web-sites, according to the Tianjin-based National Computer Virus Emergency Response Center. http://news.xinhuanet.com/english/2009-10/25/content_12322160.htm? http://www.chinadaily.com.cn/2009-10/25/content_8845185.htm

Comcast Zeros In On Spammers

Comcast now is trying to cut off spammers before they unleash torrents of junk e-mail. The operator in the third quarter deployed a "sender reputation" service from San Francisco-based Cloudmark to pinpoint potential spammers. Comcast has already been using the Cloudmark Authority system to protect the 25 million e-mail accounts it hosts from spam, viruses and phishing attacks. Terms of the expanded deal were not disclosed. Comcast, the nation’s biggest cable operator, had 15.3 million high-speed Internet customers as of the end of June. Cloudmark’s Sender Intelligence includes data regarding spam resulting from bot infections on Comcast’s network, and serves … Continue reading Comcast Zeros In On Spammers

Microsoft anti-virus software dawdles over updates

Under certain circumstances, Microsoft’s recently launched Security Essentials (MSE) security solution fails to download updates for several days, despite new anti-virus signatures being available on the server. As a result, the software no longer offers adequate protection against new malware. These are the results found in tests run by The H’s associates at heise Security for the latest edition of the computer magazine c’t. Read more in http://www.h-online.com/security/news/item/Microsoft-anti-virus-software-dawdles-over-updates-838203.html? I am using MSE but not seeing what they saw.  MSE is updated many times a day.

Guardian Jobs website hacked, personal data at risk

In news that will send a shiver down the spines of many job seekers, it has been revealed that the UK version of the Guardian Jobs website has been broken into by hackers. The site, which is described as one of the top five job websites in the UK, with some two million users a month, would be a rich data mine for identity thieves who would be rubbing their hands in glee at the prospect of getting their hands on confidential information from innocent people’s CVs and job applications. Details of how the hack was committed have not been … Continue reading Guardian Jobs website hacked, personal data at risk

Nigeria’s anti graft police shuts 800 scam websites

Nigeria’s anti-corruption police said Friday they had shut down some 800 scam websites and busted 18 syndicates of email fraudsters in a drive to curb cyber-crime the country is notorious for. "Over 800 fraudulent e-mail addresses have been identified and shut down," Economic and Financial Crimes Commission (EFCC) boss Farida Waziri said. "There have been 18 arrests of high profile syndicates operating cyber-crime organisations," she added. In a statement EFCC, which has previously relied on raiding cyber cafes and complaints from the public to clampdown on the crime, said it has now adopted smart technology working in conjunction with Microsoft, … Continue reading Nigeria’s anti graft police shuts 800 scam websites

Google Online Security: Best Practices for Verifying and Cleaning up a Compromised Site

Google wrote in a blog post today on how webmasters can go on cleaning compromised website: It’s not always clear to webmasters how to go about cleaning up their sites once they’ve been compromised, so this time we thought we’d share some best practices. 1) Verify Your Site with Google Webmaster Tools 2) If Your Site Has Been Compromised, Perform a Comprehensive Cleanup –  Remember to Check Your Web Server Configuration –  Deleted & Error Pages: Dark Corners of Your Website Where Malware May Be Lurking 3) If You Switch Hosting Providers, Disable Access to the Old Version of Your … Continue reading Google Online Security: Best Practices for Verifying and Cleaning up a Compromised Site

Windows 7 Arrives Today

Today Microsoft Corp. announced the worldwide availability of its new Windows 7 operating system. Windows 7 delivers on a simple premise: make it easier for people to do the things they want on a PC. The new operating system offers a streamlined user interface and significant new features that make everyday tasks easier and allow people to get the most out of computers of all styles and sizes. http://www.microsoft.com/presspass/press/2009/oct09/10-22Windows7PR.mspx http://windowsteamblog.com/blogs/windows7/archive/2009/10/22/windows-7-arrives-today-with-new-offers-new-pcs-and-more.aspx