Earlier this year, a worm known as Conficker, Kido and Downadup
targeted PCs running Microsoft Windows. 15 million computers have been
estimated to be affected to date. The virus embeds itself within the
operating system and provides spammers, cyber criminal and hackers with
back door which allows them to access an individual’s machine. Now we
are seeing a follow-up with Conficker B++, which aims at users with an
improved code base.
Chicago (IL) - The World Privacy Forum recently published a report which highlights and explains the risks to privacy and confidentiality which arise when in a cloud computing environment. Is cloud computing safe? Does it impose real security risks, such as known knowns, known unknowns and the dangerous unknown unknowns?
Chicago (IL) - Another United States based payment acquirer/processor has had its network hacked, thus exposing the credit card accounts and information of many consumers to thieves, bandits and thugs in this latest breach. And as is common in these types of security breaches, the consumers are only finding out about it many months later.
Full details as to what firm's data was breached has yet to be released. Several credit unions, however, are reporting that Visa alerted them of a payment processor who had discovered the data breach.
Last November the United States Military made the decision to ban all USB drives and removable media in attempt to put an end to worm infiltration. But now, the Air Force is taking bigger steps, shutting off Air Force bases Internet connections for not complying with strict security rules and regulations on its networks. The first base to have their plug pulled? Maxwell AFB in Alabama.
A week ago Microsoft issued a patch for a critical hole in Internet Explorer 7, and now cyber-criminals are exploiting that weakness. The patch Microsoft released addressed a vulnerability whereby the browser improper handled errors when attempting to access deleted objects.
Last week, TG Daily wrote an article about a new KMIP security protocol wherein companies like Brocade, EMC, HP, IBM, LSI, Seagate and Thales had unveiled Key Management Interoperability Protocol (KMIP) which aimed to simplify the process of encrypting data and storing keys. Today, some controversy has broken out over KMIP.
As part of Apple's first OS X security update in 2009, the company has posted an updated version of Windows Safari to address the same vulnerability found in both Mac and Windows version of the browser. The issue, reported by three developers, could allow a hacker to execute arbitrary code through maliciously crafted URLs associated with RSS feeds. Users are encouraged to update their Windows Safari quickly.
At the Schmoocon hacker conference in Washington D.C., Charlie Miller, security researcher presented a new vulnerability in Google's mobile OS Android, which lets hackers take control of the phone's web browser and other processes from a remote location. Once an individual's phone has been compromised the hackers are capable of gaining access to saved credentials stored in the browser and the browsers history.
A new encryption protocol specification developed by Brocade, EMC, HP, IBM, LSI, Seagate and Thales has been unveiled this week. Dubbed Key Management Interoperability Protocol, or KMIP, the specification aims to simplify the process of encrypting important data, as well as maintaining keys.
Microsoft said it has organized a global response to the Conficker (Downadup) worm to disable domains targeted by Conficker. For the fifth time, Microsoft announced a $250,000 bounty to find the source of the worm – a strategy that's worked four times already, and most recently led to the conviction of the author of the Sasser worm back in 2005.
Apple's MobileMe, a paid suite of cloud services that, among other things, syncs information between desktop and mobile devices, has become the target of an elaborate phishing scam that aims to dupe users into revealing their credit card information. As is usual in this type of scams, the email communication painstakingly recreates the design of official Apple communication and leads to an equally elaborate online destination which appears as the bona fide MobileMe service page.
Only about 48 hours have passed since Google launched Google Latitude, a feature designed for Google Maps on mobile devices which allows users to find and track their family and friends via a laptop, smartphone, or desktop computer. Since then a privacy group has spoken out with great criticism of the application, claiming it's dangerous, and could leave users vulnerable.
Today, IBM announced the results of its 2008 X-Force Trend and Risk report, which found corporations put their own customers at risk for "cybercriminal activities" by failing to properly defend their servers against identified exploits.
Georgetown University has forbidden its students and faculty from utilizing the beta version of Microsoft's new Windows 7 operating system on school computers.
TG Daily observed additional problems with Google's servers today. Whereas Google News was affected yesterday, today it is the main Google search engine at www.google.com. Users searching for anything will find that all returned pages include a warning that the site may harm their computer. This effectively blocks the URL link from being a click operation, and now requires manual intervention to visit the site.
A new computer worm which bears the likeness of new American president Barack Obama has reportedly been discovered. It doesn't look to be a serious threat, though, said a distributor of AVG Internet Security Products, but it still shows how vulnerable computers can be.
An almost unbelievable flaw in Windows 7 beta and Microsoft's User Account Control (UAC) feature - the one designed to keep all of the annoying messages seen in Vista away from its users - allows its protection to be defeated by any malware which happens to infect the system. The malware needs only to send a series of false keystrokes from a Visual Basic script to activate the UAC dialog, move the slider bar to the disable position, and then save the changes. After that, the program can access protected functions or even reboot the system, thereby gaining full total system access on restart.