5 posts from August 2010

About This Blog

The Content Security Research Team's Mission: Deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in our eSafe solutions.

Learn More

Follow Us on Twitter

08/19/2010

Weekly Security News – August 19, 2010

1.  Fake dislike button Facebook scam
Read More

2.  Who is the typical Russian hacker?
Read More

3.  BlackBerry gives in, to provide access to encrypted data
Read More

4.  Resourceful attackers continue to make the web insecure
Read More

5.  Most attacks on federal networks financially motivated
Read More

6.  5 reasons IT pros should be paranoid
Read More

7.  Security software market to grow 11% this year
Read More

8.  Source of recent malicious malware campaigns
Read More

9.  TICKET SHARKS: 60 000 names sold on the black market
Read More

10.  Doherty Hotel’s database fraudulently accessed; 150 credit cards subject of probe
Read More

11.  Hackers steal customer data by accessing supermarket database
Read More

08/16/2010

New ICQ Trojan is spreading in the wild

Since this morning we've started to see a new ICQ Trojan that spreads rapidly. The Trojan is spreading via ICQ, by sending a file - snatch.exe to all the infected machine's ICQ contacts.

It also has the ability to have a conversation with the user. It has some built-in phrases so when the potential infected user will say “Hello”, the Trojan will send him a "Hello" message back.

Most of the infected users we've seen till now are Russian speakers.

08/12/2010

Weekly Security News – August 12, 2010

1. India plans to raise own cyber army
Read More

2. How Much Private Information Do you Reveal?
Read More

3. Hackers Wirelessly Crash Car's Computer At Highway Speeds
Read More

4. Healthcare Suffers More Data Breaches Than Financial Services So Far This Year
Read More

5. Loss of personal information as stressful as losing a job
Read More

6. 126,000 college students and employees notified of breach
Read More

7. Phishers offer false security in exchange for your Facebook password
Read More

8. Private browsing modes not as private as one might wish
Read More

9. Is Your Company Vulnerable to Social Engineering?
Read More

10. How can I know if my computer is infected? 10 signs of infection
Read More

08/05/2010

Weekly Security News – August 5, 2010

1.   U.K. government nixes 'kill IE6' campaign
    Read Article

2.   Facebook's 500 millionth member highlights risks
  Read Article

3.   Summer holiday security checklist
  Read More

4.   63% consider international cyber-espionage acceptable
  Read More

5.   Hong Kong e-payment firm admits selling customer data
  Read More

6.   Seven myths about zero day vulnerabilities debunked
  Read More

7.   US Still Number One Malware Producer
  Read More

8.   Microsoft patches the critical Windows LNK vulnerability
  Read More

9.   Cyber War is not the Cold War
  Read More

10. China Called a Hacker's Marketplace
   Read More

11. Brothers admit spam campaign against college students
   Read More

12. DeepWater Horizon (BP oil spill) appears to be a control system cyber incident
   Read More

13. US at High Risk for Computer Attack
  Read More

14. Android wallpaper app stealing user data and sending it to China
   Read More

15. Turkish pranksters load Facebook Translate with swears
  Read More

08/03/2010

LNK vulnerability patch solves "the next big thing"?

Microsoft released a patch that solves the new LNK vulnerability: Microsoft Announcement.

We recommend installing this patch to ensure you are protected from the vulnerability.

Discovery of the new LNK vulnerability a few weeks ago created a lot of hype. All the security industry web sites were abuzz with talk about the new vulnerability, discovered by the Belorussian AV company VirusBlokADA.

The first incident of the vulnerability downloaded a Trojan targeting SCADA control systems, used to control power plants. Thereafter, other Trojans (e.g. Zeus) used the vulnerability to propagate themselves, causing experts in the content security field to start talking about “the next big thing".

Is it, or was it, really the next big thing? I don't think so. It reminds me of the "Swine Flu" scare we had last year. Everybody was talking about it, and how it was going to be the new smallpox epidemic. In the end, although there were many incidents of the virus, it certainly didn’t reach epidemic proportions…

This is the same case. Many organizations raised a flag that a new virus is on the rampage; people got scared, new security solutions were bought, and many individuals and organizations made a nice profit from it. But, is it really that bad? Well, no. Many users were infected with the new vulnerability, but not more than other vulnerabilities. Furthermore, there was a time gap between the discovery and the release of the patch.

This is not the end, though. Vulnerabilities will continue to be discovered in the future, and companies will once again talk about “the next big thing", but I think we need to keep everything in proportion. Although we should be on guard 24/7, we should also be more responsible, as security specialists, before frightening the public.

« July 2010 | Main | September 2010 »