archives
June 2011

Government hackers hit al-Qaida?

Al-Qaida appears to have had its web communications hit by hackers, thwarting its continued effort at updating the world about its activities. It appears that a good portion of their global web presence has been affected. A year ago a similar style attack halted their web communications. According to Evan Kohlmann from Flashpoint Global Partners,

Facebook Facial Recognition – A picture is worth a thousand words

Facebook recently launched a facial recognition feature that allows you and others to “tag” photos with your name. As has been the norm for Facebook, this “feature” is turned on by default and users must take their own initiative to limit, or turn it off. The implications are wide-ranging, so if you or anyone in

Well That Was Embarrassing

Yet another Facebook Clickjacking attack is making the rounds. This time the message shows as below. A right-click (not left) will allow you to copy the source location and open the link in a protected environment. The link brings up the following image The “Jaa” button is actually a “Share” button and will post the

Do you Use Tumblr? Beware!

Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it. According to the article, hijacked web pages of Tumbler users

Windows Rootkit Requires Reinstall?

In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.

Sony lawsuit: security experts fired prior to breach

A lawsuit being leveled against Sony relating to the recent breach activity alleges they skimped on security experts, laying off a batch of professionals prior to the events. The suit, seeking class action status, is being brought by Felix Cortorreal, Jimmy Cortorreal, and Jacques Daoud Jr., who claim they were directly affected by the data

TDSS: botnets, Kademilia and collective consciousness

The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on

TDL Tracking: Peer Pressure

Recently … our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen earlier … we discovered that it implements a particularly interesting network communication protocol …

FBI nabs international “scareware” ring

Long a puzzling challenge, the FBI seems to be making strides in tackling international coordinated scams, in this case, scareware. Scareware, the practice of providing fake infection notifications to users’ computers, and then offering to sell solutions to problems that don’t exist, has been quite a boon as of late for fraudsters. FBI claims the

Giving Cold Callers the Cold Shoulder

…And therein lies a problem that goes beyond support scams. The telephone network, like the Internet, isn’t very good at recognizing national boundaries. Which is why I have a couple of rules of thumb when it comes to cold callers…

EU to urge shorter data breach notification times

Following a string of data breach notifications which seem to be less than forthcoming, the EU is urging much stricter guidelines for data breach reporting timelines. It a recent article, European Commissioner Viviane Reding was shocked “that companies needed two or three weeks to inform people that their personal data had been stolen.” Recently I

Calling for Backup

…what I had principly in mind at that point was the impact of some 4,800 of its customers whose businesses may have been threatened when data, sites and email on four of its servers were lost…

SCADA still scary

“Infrastructure Attacks: The Next Generation?” now includes the speaker notes, which hopefully makes it more interesting and useful.

White House to double jail time for hackers?

The Obama administration seems intent on pushing for stiffer sentences for hackers caught endangering national security to 20 years prison time, doubling the current sentence. A stiff penalty, to be sure, the latest in a series of volleys from D.C. to curb the flurry of recent high-profile attacks and restore confidence in the U.S. Government’s

LinkedIn Privacy: An Easy How-to Guide to Protecting Yourself

Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy

The Social Networking/Cybersafety Disconnect

Survey Reveals Chasm between Users’ Concerns and Behavior A recent Survey commissioned by ESET and conducted online by Harris Interactive from May 31-June 2, 2011 among 2,027 U.S. adults 18+ found a startling disconnect between user concerns about privacy and security and their actions on social networking sites. To start, the study found that 69%

419: UK lets the Good Times Roll

…It’s a 419 (Advance Fee Fraud) message, of course. Stripped of the pseudo-governmental flim-flam, the core of the message is that they want you to forward them this…

New your.brand domain names to increase phishing?

ICANN has just approved a new batch of individualized TLD’s (Top Level Domains), so now you can register your.brand, whatever yourbrand is, instead of the usual yourbrand.com, .net, etc., if you can prove to ICANN you deserve it. The problem? Users tricked by similar looking domain names have long been a boon for phishing exploits,

#1 Bitcoin Exchange Data Breached

Mt. Gox, the most popular Bitcoin exchange, has had a database compromised and user information stolen, sparking rapid devaluation and temporary exchange freeze to halt the slide. According to a Mt. Gox breach notification e-mail sent to users on June 19th: “Our database has been compromised, including your email. We are working on a quick

Thank you, fans….

So, a (long) while ago I wrote about the Haiti earthquake, with some commentary about the intersection between natural disasters, Black Hat SEO, scare tactics for education in good security practice, plus some links relevant to the earthquake. Well, I'm certainly not ashamed of that blog, though I haven't thought about it for a long time,

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

6 articles related to:
Hot Topic
30 Jun 2011
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.