Cyber Security Institute
Warnings
Thursday, June 03, 2010
Windows 2000 PCs being targeted by hackers
Online criminals are scanning the internet and attacking Windows 2000 machines that haven’t had a recent Windows Media Service patch installed, according to Symantec. Symantec first spotted the attacks on Monday, saying that they are extremely limited.
Tuesday, February 23, 2010
FTC warns 100 organisations over leaked P2P data
More than 100 organisations guilty of allowing private data to leak on P2P networks have received warning letters from US consumer watchdog the Federal Trade Commission. Customer and biz data turning up on Torrents.
Friday, February 19, 2010
Spike In Power Grid Attacks Likely In Next 12 Months
Attacks against the power grid are likely to rise and intensify during the next 12 months as smart grid research and pilot projects advance, according to utility security experts and a recently published report that analyzes threats to critical infrastructure. The so-called Project Grey Goose Report on Critical Infrastructure points to state and/or non-state sponsored hackers from the Russian Federation of Independent States, Turkey, and China as the main threats to targeting and hacking into energy providers and other critical infrastructure networks.
Tuesday, December 15, 2009
Hackers Are Defeating Tough Authentication, Gartner Warns
Security measures such as one-time passwords and phone-based user authentication, considered among the most robust forms of security, are no longer enough to protect online banking transactions against fraud, a new report from research firm Gartner Inc. warns. Increasingly, such measures are overwhelmed by online criminals looking to pillage bank accounts using valid login credentials stolen from customers, the report said. Going forward, banks need to quickly implement additional layers of security to protect their customers from falling victim to online fraud, said Avivah Litan, Gartner analyst and the report’s author.
Monday, December 14, 2009
Internet Security Firms Now Targeting Region
An anticipated upsurge in Internet users in Africa and more specifically the East African region is drawing the attention of cyber security firms. The region is now much more prone to Internet threats and cyber crime.
Friday, November 28, 2008
Hackers publish attack code for last week’s Windows bug
Just a day after downplaying the vulnerability that caused it to issue an out-of-cycle patch last week, Microsoft Corp. late yesterday warned customers that exploit code had gone public and is being used in additional attacks. “We’ve identified the public availability of exploit code that now shows code execution for the vulnerability addressed by MS08-067,” said Mike Reavey, operations manager of Microsoft’s Security Response Center, in a post to the MSRC blog Monday evening. “This exploit code has been shown to result in remote code execution on Windows Server 2003, Windows XP, and Windows 2000.”
Rootkit unearthed in network security software
Network security software from a Chinese developer includes processes deliberately hidden from a user and, even worse, a hidden directory, Trend Micro reports.
Saturday, November 22, 2008
Google Analytics — Yes, it is a security risk
Contrary to what many commentators believe, widgets used by Google Analytics and similar services do represent a threat, especially if you’re a high-profile target. To recap, Change.gov and BarackObama.com were both found exposing non-encrypted pages that Obama officials use to make post press releases and carry out other administrative tasks. The lack of IP filtering, or at the very least, use of secure sockets layer was surprising, but what was really baffling was the decision to link the admin pages to Google Analytics. The reason: The service grants unscrupulous employees at Google—- not to mention anyone who manages to penetrate Mountain View’s fortress—- access to the administrative pages.
Friday, October 10, 2008
Exploit code loose for six-month-old Windows bug
On Thursday, Microsoft revised a security advisory it first posted April 19 about a bug in Windows XP, Vista, Server 2003 and Server 2008 that could be exploited to gain additional privileges on vulnerable machines. “Exploit code has been published on the Internet for the vulnerability addressed by this advisory,” confirmed Bill Sisk, a communications manager at Microsoft’s Security Response Center in a post to the MSRC blog. In late March, Argentinean security researcher Cesar Cerrudo announced he had found a bug that could let attackers bypass some of the security schemes in the newest versions of the operating system, including Windows Server 2008. “Basically, if you can run code under any service in Windows Server 2003 then you can own Windows,” he added. Microsoft has yet to issue a fix for the flaw; since April its own move has been to recommend work-arounds for customers running Internet Information Services.
Thursday, September 11, 2008
CookieMonster Can Steal HTTPS Cookies
The Python-based tool actively gathers insecure SSL information and records that as well as normal HTTP cookies to Firefox-compatible cookie files. A so-called CookieMonster attack is coming, and if you use Web-based services that involve login credentials, such as Web e-mail or online banking, you may want to turn your fear and paranoia dial to 11, one researcher warns. “CookieMonster is a Python-based tool that actively gathers insecure HTTPS cookies, and records these as well as normal http cookies to Firefox compatible cookie files,” explains Mike Perry, the security researcher who created the software, in a documentation file.
Monday, April 28, 2008
Experts warn over SQL injection attacks
Attackers are increasingly exploiting common database vulnerabilities to leave behind code on thousands of sites, redirecting visitors to servers that host malicious downloads, security experts warned last week. The attacks, which apparently started at the beginning of April, attempt to use any field on a Web site that accepts user input to execute commands on the database that stores the site’s information. In the latest spate of compromises, unknown attackers used SQL injection techniques to create malicious iframe blocks on legitimate Web sites.
Tuesday, December 04, 2007
Mashups, SAAS Present Security Risks
Experts say the techologies and their building blocks, XML and HTML, have inherent security flaws. The rise of mashups and similar technologies has given developers a way to build simple applications, but they’re also opening up a new world of security issues. The risks involved with mashups and SAAS (software as a service) come because of the amount of sensitive data that can be exposed on the Internet. However, Jeremy Burton, CEO of Serena Software, which released its enterprise mashup platform Dec. 3, said the benefits of the technologies can outweigh the risks. “There are definitely security risks involved when exposing any URL on the Internet which contains confidential data behind it,” Burton said at the XML 2007 conference here Dec. 3.
Monday, October 15, 2007
Nine out of ten websites have serious vulnerabilities
Based on more than a year of data, this is the industry’s only report focused solely on previously unknown vulnerabilities on publicly facing websites. The report shows that nine out of ten websites have serious vulnerabilities that make them targets for malicious online attacks. Cross-site Scripting (XSS) remains the top vulnerability class, appearing in approximately three quarters of websites, while Information Leakage is the top vulnerability class of the overall population.
Wednesday, May 16, 2007
Traffic-Scanning Flaw Hits 90+ Vendors
It’s not every day that US-CERT warns of a flaw that is potentially so widespread that it could affect more than 90 vendors covering a huge swath of the IT industry. US-CERT’s HTTP content scanning systems full-width/half-width Unicode encoding bypass flaw could potentially be one of the most widespread networking security flaws discovered in years. If exploited, a malicious user could use the bypass to attack a vulnerable environment.
Wednesday, April 18, 2007
Targeted Attacks on the Rise
It’s the other end of the threat spectrum: Instead of a massive attack on hundreds of your users, it’s one message, sent to a single user, containing a backdoor Trojan—or worse. Such narrowly-targeted attacks are becoming more popular than ever, according to a new report issued today by MessageLabs. The messaging security company says it identified 716 emails in 249 targeted attacks last month. Most of the email attacks came in the form of malware hidden in a Microsoft Office document. Some 45 percent of the attachments were PowerPoint; 35 percent were MS Word files.
Monday, April 09, 2007
How SOA increases your application security risk
Service-oriented architecture changes the security equation by introducing a greater reliance on third parties for application development and operation. But according to Ray Wagner, managing vice president of information security and privacy at Gartner, this is a matter of degree rather than an introduction of a totally new security exposure. For instance, an SOA application may depend on a web-based third-party service to provide vital functionality, with obvious security implications.
Wednesday, February 21, 2007
VMs Create Potential Risks
Those tens of thousands of virtual servers spawned from your thousands of physical ones offer no guarantee your security policies will carry over, and can leave you with a security time bomb ticking away in your data center, according to vendors and some experts. “Virtualization is both an opportunity and a threat,” says Patrick Lin, senior director of product management for VMWare.
Wednesday, January 17, 2007
Malware creates new challenges for anti virus vendors
We are seeing a sizeable decrease in the media grabbing pandemic outbreaks of malicious software. Yet with less headlines on high risk infectors we are still seeing an increasing overall number of malware infections, it is this new breed of malware that is costing industry millions every year – yet no-one seems to know about them One might be fooled into thinking that the lack of media attention on virus outbreaks - like Melissa, LoveLetter, Sobig.F etc- means the casual Internet user is less exposed to infections from malicious software. Long standing customers of antivirus vendor Norman, will have seen that in the past 18 months we have released more signatures than in the previous 15 years. The recent family of worms called W32/Stration by Norman was also given names like Email-Worm.Win32.Warezov; W32/Spamta.worm by other antivirus vendors. The large scale outbreaks we have seen previously have shown that malware can indeed be a very powerful tool in the right hands.
Thursday, January 11, 2007
Firms Fret as Office E-Mail Jumps Security Walls
A growing number of Internet-literate workers are forwarding their office e-mail to free Web-accessible personal accounts offered by Google, Yahoo and other companies. Its a hole you can drive an 18-wheeler through, said Paul D. Myer, president of the security firm 8E6 Technologies in Orange, Calif. It is a battle of best intentions: productivity and convenience pitted against security and more than a little anxiety. Corporate techies who, after all, are paid to worry want strict control over internal company communications and fear that forwarding e-mail might expose proprietary secrets to prying eyes. Employees just want to get to their mail quickly, wherever they are, without leaping through too many security hoops. That is too much for some employees, especially when their computers can store the passwords for their Web-based mail, allowing them to get right down to business. For example, the flimsier security defenses of Web mail systems could allow viruses or spyware to get through, and employees could unwittingly download them at the office and infect the corporate network.
Friday, December 15, 2006
Targeted security attacks on the rise
MessageLabs now intercepts two attacks each day, compared to one per week at the same point in 2005. The targeted approach is prevalent in phishing attacks too, an increasingly dominant force in all malicious emails intercepted by MessageLabs, with levels rising from 10.6 per cent in January to 68.8 per cent in December.
Wednesday, December 13, 2006
Rustock Trojan A Model For Future Threats
Among Rustock’s distinguishing characteristics are its heavy reliance on advanced rootkit technologies to hide from security software and its changeling-like ability to morph itself each time it infects a file. That threat, dubbed “Rustock” by Symantec, is a family of backdoor Trojan horses that first appeared nearly a year ago, says Patrick Martin, a senior product manager with the Cupertino, Calif., company’s security response team. The tactics used by a sophisticated threat of 2006 will become staples in exploits during the year to come, a security researcher. “The techniques that [Rustock] is using will be the baseline for threats in the future,” Martin says. “It’s using techniques that most rootkit detectors aren’t looking at or for yet,” says Martin. The longer a Trojan can remain undetected the longer it can stay on a PC, and the more income it can generate for its owner.
Friday, December 01, 2006
Virtual concerns
Administrators, developers, and power users are starting up new virtual workstations and servers with every new corporate breath. Administrators and CSOs are considering all of these ideas to save money and increase security. Whether virtual solutions have the speed, flexibility, and security to become a win-all solution is yet to be seen. I remember hearing the same promises during the heyday of thin-client computing, and that technology largely failed. Of course, for every security benefit a virtual machine provides, a new security threat or risk emerges. The author wants to add some other scenarios to consider.
Monday, October 16, 2006
Phishers more successful than first thought
A higher than expected percentage of internet users are falling victim to phishing scams, US academics claimed today. Researchers at Indiana University’s School of Informatics said that phishers targeting US adults could be netting responses from as much as 14 per cent of the targeted users per attack.
Thursday, September 14, 2006
New IE hole revisits an old bug
Hackers have discovered a new vulnerability in Internet Explorer, and they’ve released code that could be used to attack users of Microsoft Corp.‘s popular browser. To take advantage of the exploit code, attackers would first need to trick users into viewing a maliciously encoded Web page, but they could then run unauthorized code on a victim’s computer. Symantec calls the bug “critical,” and Secunia rates the issue as “highly critical,” its most severe rating.
Friday, August 04, 2006
Researchers warn over Web worms
Exploiting a lack of security checks in browsers and Web servers, Web worms and viruses are likely to become a major threat to surfers, security researchers speaking at the Black Hat Briefings warned. Billy Hoffman, lead research and development researcher, SPI Dynamics In separate presentations, researchers showed off techniques for using Javascript code on Web pages to grab browser histories and scan internal networks as well as using AJAX—a technology that adds interactive features to Web sites—to create Web viruses that can steal personal information. The threats are not only theory, but have been used to attack MySpace users and Yahoo users, said Billy Hoffman, lead research and development researcher for Web security firm SPI Dynamics.
Monday, July 17, 2006
Threat Landscape For The Future
Wednesday, July 05, 2006
Security Still Key WLAN Concern
Research firm Gartner Inc. says the growth of wireless LAN networking the enterprise is causing users to worry more about WiFi security risks than ever before. Gartner asked 200 networking and business technology firms in North America and Europe about their enterprise WLAN technology late last year. Gartner says that security concerns are growing as WLAN networks become a standard part of the corporate landscape rather than being limited to conference rooms and branch offices.
Thursday, June 15, 2006
Microsoft Reminds About Ending XP SP1 Support
Thursday, June 08, 2006
VoIP Security Alert: Hackers Start Attacking For Cash
An owner of two small Miami Voice over IP telephone companies was arrested last week and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. Hacking has become a decidedly for-profit crime, with crooks intent on theft rather than disruption. Edwin Pena had been making easy cash for almost 18 months and sold about 10 million minutes before law enforcement caught up with him yesterday morning, prosecutors say. He paid $20,000 to Spokane, Wash., resident Robert Moore, who helped Pena scan VoIP providers for security holes with a code cracking method called brute force. Those companies have to pay for access to the Internet’s backbone, and they found themselves with up to $300,000 in charges for access stolen through Pena’s hacks, authorities say.
Wednesday, May 31, 2006
Enterprises Should Ditch Skype: Gartner
The most recent bug in Skype is another clue to enterprises that they should steer clear of the VoIP service, research firm Gartner recently warned. Two weeks ago, Skype patched a critical vulnerability that could let an attacker send a file to another user without his or her consent, and potentially obtain access to the recipient’s computer and data. “This vulnerability follows three in 2005 (two high-risk, one low-risk) and highlights the risk of not establishing and implementing an enterprise policy for Skype,” wrote Gartner research director Lawrence Orans in an online research note. “Because the Skype client is a free download…most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks.” The problem, said Orans, is that Skype doesn’t demand that vulnerable clients be updated, and sans administrative management controls to force this, the VoIP client leaves corporate networks open to attack.