This you???? : Phishing attack hits Twitter users

There is another widespread phishing attack hitting users of Twitter today. Messages asking "This you????" followed by a link are being sent via the system to unsuspecting users. If you click on the link you are taken to a fake Twitter login page, where hackers are just waiting for you to hand over your credentials. If you have received a message like this from one of your friends it is likely that their account has been compromised by cybercriminals. Screenshots, videoclip and details in http://www.sophos.com/blogs/gc/g/2010/02/24/phishing-attack-hits-twitter-users/

Malicious ad slips onto StarTribune.com

A Trojan-style virus forced StarTribune.com to cut off its outside advertising feed. After testing all ads for malicious software, Star Tribune officials hope to restore the website to normal Tuesday. A virus apparently spawned by an advertisement on StarTribune.com on Sunday morning was stopped Monday afternoon by halting the feed of outside ads to the website. It was a pattern that website operators have seen before: An unauthorized Web advertisement from an outside source was slipped into the mix of electronically routed ads that appear on the website, and visitors apparently received a malicious download from it. After testing all … Continue reading Malicious ad slips onto StarTribune.com

Intel hit by ‘sophisticated’ hack last month

Intel says it was hit by a "sophisticated incident" in January in which hackers attempted to breach its digital defenses, making it the latest US company to admit it is being targeted by online miscreants. The world’s biggest chipmaker made the acknowledgment in a recent filing with the Securities and Exchange Commission under a section devoted to risks that could have an adverse effect on the company’s bottom line. It is the first time Intel has included hacking as a risk factor. The disclosure came as recently reported breaches at Google, Adobe and some 2,500 companies and government agencies have … Continue reading Intel hit by ‘sophisticated’ hack last month

VeriSign rolls out new Web site verification service

The subscription service is designed for those Web sites not using SSL certificates VeriSign is introducing a certification service that confirms whether a business is legitimate and that their Web site is free of malware. VeriSign already sells various SSL (Secure Sockets Layer) certificates for Web sites that aim to let visitors know the site meets high standards for encryption of sensitive information. Those sites are also allowed to display a so-called "trust seal," designed to inspire confidence in the Web site. The latest product, VeriSign Trust Seal, is aimed at small and medium-size businesses that do not need to … Continue reading VeriSign rolls out new Web site verification service

Comcast launches first public U.S. trial of advanced DNS security

Comcast unveiled on Tuesday an aggressive plan to deploy new DNS security mechanisms that are designed to protect Web site operators and consumers from a specific type of hacking attack that involves hijacking Web traffic and redirecting it to bogus sites. In a blog post, Comcast said it has deployed DNS Security Extensions — dubbed DNSSEC — throughout its nationwide network and will immediately make validating servers available to any of its customers that want to experiment with this emerging security technique. In addition to this public trial of DNSSEC validation services, Comcast says it will digitally sign all of … Continue reading Comcast launches first public U.S. trial of advanced DNS security

Attack Unmasks User Behind The Browser

Researchers develop proof-of-concept that exploits social networking patterns to ‘deanonymize’ online users A group of researchers have discovered a simple way to reveal the identity of a user based on his interactions with social networks. The ‘deanonymization’ attack uses social network groups as well as some traditional browser history-stealing tactics to narrow down and find the user behind the browser. The researchers were able to deanonymize more than half of the users in their initial test using their attack method, which entailed their joining and crawling groups within social networks, such as Germany’s Xing business social network and Facebook, using … Continue reading Attack Unmasks User Behind The Browser

Adobe Security Bulletin APSB10-08: Security update available for Adobe Download Manager

Summary A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user’s system. Users, who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions in the Solution section below. Affected software versions Adobe Download Manager on Windows (prior to February 23, 2010) Solution Users, who have downloaded Adobe … Continue reading Adobe Security Bulletin APSB10-08: Security update available for Adobe Download Manager

HSBC locks browsers with anti-malware filter

HSBC has started nudging its online bank customers to download a free security app it reckons can protect them from the predations of banking Trojans, phishing, and keyloggers. The application in question is actually Trusteer’s Rapport browser plug-in, which protects a user’s the browsing sessions while visiting specific websites. The plug-in embedded its own default selection of banking institutions (including HSBC and Alliance and Leicester in the UK), but the user can add additional ones as they choose, although this limits some security features. When visiting one of these sites, Rapport blocks any attempt to take control of the session … Continue reading HSBC locks browsers with anti-malware filter

Microsoft released KB971033 – Windows Activation Technologies Update for Windows 7

As expected, Microsoft has pushed the Windows Activation Technologies Update for Windows 7 (WAT) in Windows Update, but it’s not pre-checked which means it’s up to you to install, to participate in fighting piracy 🙂 Screenshot in http://www.calendarofupdates.com/updates/index.php?app=calendar&module=calendar&cal_id=1&do=showevent&event_id=66898 And there’s many updates today for Windows- see Calendar of Updates.

Attackers going after end users rather than servers

The Web traffic study also finds issues with botnets, corporate policies, and outdated browsers Rather than targeting Web and email servers, attackers these days are prone to going after enterprises from the inside out, compromising end user systems and then using them to access confidential data, according to a Web traffic analysis report by security-as-a-service provider Zscaler. Based on a recent study of traffic passing through its global network,  Zscaler’s "State of the Web — Q4 2009" report also notes trends including issues with botnets, corporate Internet access policies, and the use of the Internet Explorer 6 browser. Officially being … Continue reading Attackers going after end users rather than servers