martedì 30 novembre 2010
domenica 28 novembre 2010
Security Incidents of This Week (weekly)
-
BEDIA Website Defaced By Hacker
The website of Botswana Export Development and Investment Authority (BEDIA) has been defaced by a hacker. The hacker changed the homepage and some sections of the website, removing information concerning upcoming events and latest news usually displayed for investors.
-
Windows 0day allows malicious code execution
Antimalware provider Prevx has sounded the alarm about a serious vulnerability in fully patched versions of Microsoft Windows. It allows attackers to execute malware, even in versions designed to withstand such exploits.
-
OpenSSL updated to kill code-execution bug
The OpenSSL server has been updated to fix a security bug that could be remotely exploited to potentially install malware on vulnerable systems.
-
'Scary stuff': Cyberattack arrest highlights risk
How did a hacker in Malaysia manage to penetrate a computer network operated by the Federal Reserve Bank of Cleveland?
And what was the same accused cybercriminal doing this summer when he allegedly tapped into the secure computers of a large Defense Department contractor that managed systems for military transport movements and other U.S. military operations?
Those are among the puzzling questions raised by allegations against Lin Mun Poo, a 32-year-old Malaysia native whose case illustrates the mounting national secrets threats posed by overseas cyberattacks, U.S. law enforcement and intelligence officials tell NBC News. -
Kroxxu botnet targets one million users
A new botnet has been detected which could have potentially affected over a million web users in the last 12 months.
The Kroxxu botnet currently has its grip on around 100,000 web domains and has been spreading password-stealing malware whilst covering its tracks extremely effectively, avast! Virus Lab found. -
Network card rootkit offers extra stealth
Security researchers have demonstrated how it might be possible to place backdoor rootkit software on a network card.
-
Taiwanese Hackers Deface Asian Taekwondo Union Website - Softpedia
-
Internet, traffico Usa dirottato in Cina per diciotto minuti
L'8 aprile 2010, per diciotto minuti, una quota del 15 per cento dell’imponente traffico internet mondiale, e in particolare statunitense (incluse comunicazioni da e per i siti dell’Esercito, della Marina, del corpo dei Marines, dell’Aeronautica, dell’ufficio del Segretario della Difesa, del Senato e della Nasa), potrebbe essere stato registrato e decriptato dalla Cina
Posted from Diigo. The rest of my favorite links are here.
venerdì 26 novembre 2010
Barare sullo slow-start
http://blog.benstrong.com/2010/11/google-and-microsoft-cheat-on-slow.html
domenica 21 novembre 2010
domenica 14 novembre 2010
Security Incidents of This Week (weekly)
-
V for Vendetta Hacker Strikes at Washington State University
An anonymous hacker wearing a Guy Fawkes mask took over classroom projection screens at Washington State University last Friday, the fifth of November, to broadcast a prerecorded message
-
Hackers Hijack 1 Million China Cell Phones ses
More than 1 million cell phone users in China has been infected with a virus that automatically sends text messages, and the attack is costing users a combined 2 million yuan ($300,000 U.S.) per day.
-
Local Christian group's website hacked, defaced
Visitors to the NarroWay Productions website on Saturday found an anti-Christian message.
-
Android bugs let attackers install malware without warning
Researchers have disclosed bugs in Google's Android mobile operating system that allow attackers to surreptitiously install malware on users' handsets.
The most serious of the two flaws was poignantly demonstrated on Wednesday in a proof-of-concept app that was available in the Google-sanctioned Market. Disguised as an expansion for the popular game Angry Birds, it silently installs three additional apps that without warning have access to a phone's contacts, location information and SMS functionality and can transmit their data to a remote server. -
Nasty IE 0day exploit hosted on Amnesty International site
Visitors to Amnesty International's Hong Kong website are being bombarded with a host of lethal exploits, including one that attacks an unpatched vulnerability in Microsoft's Internet Explorer browser, researchers at security firm Websense said.
The injected IE attack code resides directly on the pages of amnesty.org.hk, an indication that the perpetrators were able to penetrate deep into the website's security defenses. The code exploits a vulnerability disclosed last week that gives attackers complete control over machines running default versions of IE 6 and 7. Version 8 isn't vulnerable, thanks to security protections built into the browser. -
Report: Banking Apps for Android, iPhone Expose Sensitive Info | Threat Level | Wired.com
A number of wireless banking applications for iPhone and Android phone users contain privacy and security flaws that cause the phones to store sensitive information in cleartext that could be gleaned by hackers, according to a report.
-
Hacker forces Royal Navy to suspend website
A hacker claims to have broken into the main website run by the British Royal Navy, www.royalnavy.mod.uk, revealing usernames and passwords of administrators.
The hacker, who calls himself TinKode and is believed to hail from Romania, posted information on the web about the compromise and the sensitive passwords he was able to uncover.
Posted from Diigo. The rest of my favorite links are here.