FireEye to Expose Dangers of Modern Malware at the RSA 2010

FireEye, Inc. will expose the threat posed by advanced persistent threats, as seen in the case of "Operation Aurora", at the RSA Conference 2010 next week in San Francisco. FireEye experts, including Chief Security Architect Marc Maiffret, will be on hand to discuss the extent of modern malware attacks and the limitations of conventional network defenses at booth #332 from March 2 – 4. […] At the company’s booth, FireEye will demonstrate its modern malware protection system and show how common cyber defenses currently used by organizations, including firewalls, antivirus, network intrusion prevention and web gateway security devices, are simply … Continue reading FireEye to Expose Dangers of Modern Malware at the RSA 2010

Hackers follow the money, IBM research shows

Existing threats such as phishing and document format vulnerabilities have continued to expand, even as users improve security, according to a new IBM report. […] The 2009 X-Force Trends and Risk Report also finds that: – Vulnerabilities have decreased. Overall, 6,601 new vulnerabilities were discovered in 2009, an 11 percent decrease over 2008. The report indicates declines in the largest categories of vulnerabilities such as SQL Injection, in which criminals inject malicious code into legitimate Web sites, and ActiveX controls, or small programs used on the Internet to help with tasks, may indicate some of the more easily discovered vulnerabilities … Continue reading Hackers follow the money, IBM research shows hacker who redirected Web traffic pleads guilty

One of the three men charged with hacking into the Web site for Comcast’s Internet customers last year has pleaded guilty, the U.S. Attorney’s Office in Philadelphia said Wednesday. Christopher Allen Lewis, whose hacker alias was EBK, pleaded guilty to conspiring to disrupt service on the site on May 28 and 29. […] The U.S. Attorney’s Office said the men, who were associated with the hacker group Kryogenics, on May 28 redirected traffic destined for to Web sites they had set up. As a result, Comcast customers trying to get their e-mail or voice mail from that … Continue reading hacker who redirected Web traffic pleads guilty

Baidu: Registrar ‘incredibly’ changed our e-mail for hacker

A hacker who took down top Chinese search engine last month broke into its account with a U.S. domain name registrar by pretending to be from Baidu in an online chat with the registrar’s tech help, according to a lawsuit filed by Baidu. […] The attack began on the afternoon of Jan. 11 when the hacker contacted tech help via online chat and claimed to be from Baidu, the complaint alleges. The attacker asked a support representative to change Baidu’s e-mail address on file. The representative then sent a confirmation code to Baidu’s e-mail account even though the … Continue reading Baidu: Registrar ‘incredibly’ changed our e-mail for hacker

BBC iPlayer rejects open source plugins, takes Flash-only path

Be safe: Use Adobe content protection, kids The BBC has quietly updated its hugely popular iPlayer with a verification layer that closes the door on open source implementations of RTMP (real-time messaging protocol) streaming, The Register has learned. The Beeb applied the update to its online video catch-up service on 18 February, just four days after Adobe Systems penned a corporate blog post about its “content protection offerings”. The tweak means that free RTMP plugins offered by the likes of the XBMC community – whose code is based on the GNU General Public Licence v2 – can no longer stream … Continue reading BBC iPlayer rejects open source plugins, takes Flash-only path

Threats from cyber criminals underestimated

As IT security expert Avira discovered in its moral issue survey, conducted on in January 2010, Internet users underestimate the risk of cyber criminals gaining illegal access to their data. The responses from the 5,578 respondents indicate that, while they are attentive to their security, they are completely unprepared for the ingenuity now being shown by cyber criminals. Clearly users need to increase their vigilance and actively protect themselves with extensive security solutions on their computers. The survey showed that most users are fairly naïve when it comes to computer security. 49 percent of participating surfers (2,747) said that … Continue reading Threats from cyber criminals underestimated

Nearly 20% still running IE 6

VB poll finds users still running outdated browser despite campaigns to boycott it. Despite widespread calls to boycott IE 6 and Microsoft’s plans to retire support for the browser, 19% of respondents in a Virus Bulletin poll said that they are still running the browser, whether at home, at work, or both. The browser has come in for heavy criticism due to numerous security flaws and its use of outdated technology. Indeed, in January both the French government and the German government issued advisories to computer users recommending that they switch to a different web browser, after it was discovered … Continue reading Nearly 20% still running IE 6

Google Picasa JPEG Image Processing Integer Overflow Vulnerability

Google Picasa is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition. Vulnerable:  Google Picasa 3.6 Build 95.25 Not Vulnerable:  Google Picasa 3.6 Build 105.41 Solution: Reportedly the vendor has released Picasa 3.6 Build 105.41 to address this issue but Symantec was unable to confirm this information. Please contact the vendor for more information. The non-vulnerable version was released yesterday.

McAfee pays $67M in fraud settlements

Thousands of investors have been paid a combined $67 million in connection with financial fraud settlements by McAfee Inc., the Securities and Exchange Commission said Monday. Security software maker McAfee settled the charges in February 2006 without admitting or denying wrongdoing. It also agreed at the time to pay roughly $50 million in penalties. The SEC charged the Santa Clara company in January 2006 in U.S. District Court for California’s Northern District, alleging it had defrauded investors by overstating its revenue and earnings. According to the SEC, the scheme took place between 1998 and 2000.

Malware levels stay flat

A new report from security firm Kaspersky Lab suggests that there has been little growth in the number of new malware samples. Skip related content The company reported that over 2009, roughly 15 million new malware samples were found, a rate of around 30,000 new threats each day. That rate, said the company, was "virtually the same" as the 2008 level.[…] Additionally, the company reported that web-based fraud schemes, such as fake anti-virus software, boomed over 2009 and netted some $150 million in profits. This year, much of the focus is expected to shift from PC-based malware to attacks on … Continue reading Malware levels stay flat