archives
June 2011

Anti-Phishing Day

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,

Support Scams: Cold Calls, Cold Hearts

Here's a diagnostic window that your shouldn't panic over, certainly if some cold-calling scammer directs you to it by persuading you to run a diagnostic on your own system. But I'm getting ahead of myself. You might think I've blogged more than enough about support scams already – you know, where someone calls you out

The Good Virus: White Knight or Red Queen?

I encountered an old acquaintance today. Tip of the hat to Peter Radatti for pointing me towards an article by John Breeden II that proposes a very familiar idea: the Good Virus. (One that also often pops up in the form of the Good Worm, such as the various hues of Code that were proposed

Bitcoin “wallet” hacked – heisted $500K?

Old western cowboys beware, this heist didn’t happen with a stagecoach at gunpoint, it’s a new era out there. A user, going by the username allinvain reports he had 25,000 Bitcoins (BTC) stolen when his computer was infected. At the current BTC exchange rate, that haul would net about $500,000. Not too shabby for a

Got Hacked? You have 48 hours to fess up

Or so the current legislation being proposed in a U.S. House of Representative subcommittee would like it. A hearing scheduled for today at the House Energy and Commerce Committee’s Commerce, Manufacturing, and Trade Subcommittee centered around draft legislation proposed by Rep. Mary Bono Mack (R-Calif.) hoping to accomplish a security baseline companies must adhere to,

I Can Neither Confirm nor Deny

As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?” What do all of these links below have in common? You don’t have to read them, I’ll tell you.. http://sdchamber-members.org/Business%20Online%202009-10/Business%20Action%20Online%20May%202010/Business%20Action%20Online%20May%20ESET.html http://www.theregister.co.uk/2008/03/17/scientology_anonymous_round_three/

TDL file system

@RedNose commented on the blog I put up recently about the tool my Russian colleagues have made available for dumping TDL's hidden file system: I'm going to respond here in case anyone else is confused about this. "I ran the tool and it did not show anything. Does it mean that TDSS is not present?"

The Next Stuxnet

…the ‘next Stuxnet’ probably won’t be any such thing, whatever we may choose to call it…

Why the IMF breach?

In the absence of any detailed information from the IMF itself, it’s not surprising that most of the surmise around the attack is based on internal IMF memos quoted by Bloomberg, and much of it is rather tenuous.

CTACtile

…if you’re a Facebook user, you might want to try the CTAC Facebook page. I’ve taken to posting links to CTAC output there at the same time as I tweet it…

The dollar cost of a data breach

Euro, pound, yen and yuan, no need to feel left out, no physical border has stopped the possibility of data breach so far. Still, here in the U.S. it’s a key factor in many technology budget/risk calculations. So just what does it cost to get hacked? A recent article from the Ponemon Institute has attempted

Fake Windows Updates Are Easy to Avoid

Our friends (and competitors) at Sophos blogged about a new threat that poses as a Windows Update and then infects unsuspecting users with a fake antivirus product. The update appears to be very real and is tricking users. While my colleagues at Sophos offer excellent advice to help people protect themselves (as I believe we

Like FireSheep? You Will Love FireTweet!

OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem. Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications

LulzSec lulls the NHS: not such bad lads?

…on the Twitter account owned by LulzSec that they had turned their attention to the NHS. Curiously enough, they seem to have been restrained and even responsible: while there’s an image out there of a message they claim to have sent to an administrator at an unidentified NHS site, they blacked out the details.

Citigroup Hacked – Sometimes it is all About the Money

At least I don’t have to use the “S” word today! A New York Times story reports that Citigroup has disclosed that it had suffered a data breach that disclosed information about approximately 1% of its North American credit card holders. Based upon Citi’s annual report this would be about 210,000 affected customers. According to

Sony Says Personally Identifiable Information Might Have Been Stolen

Today, June 8th Sony Pictures published a consumer alert on their site http://www.sonypictures.com/corp/consumeralert.html. The alert is about the data breach that was not discovered by Sony, but rather shoved in Sony’s face on June 2nd and specific details were confirmed by the Associated Press on June 3rd. Despite the fact that it was confirmed that

Sometimes Marketing Looks Like a Dog Biting His Tail

I’m not paid to find irony in life, it’s just how I’m wired. For example, I found it hilarious that in a Singapore airport restroom with toilets that flush automatically, touch-free sinks, touch-free soap dispensers, and touch-free hand driers, they have a TOUCH SCREEN “rate our bathroom” survey! I’m not making this up, here’s the

A Nice Pair of Breaches

…here’s a blog in stark contrast to Urban Schrott’s blog about good password practice in Ireland … Troy Hunt ran an analysis of the subset of stolen Sony Pictures passwords put out as a torrent by those nice boys at LulzSec, some 37,608 of them…

Passwords, passphrases and past caring

First: a link to another article  for SC Magazine's Cybercrime Corner on password issues: Good passwords are no joke. However good your password is, your privacy still depends on rational implementation by the service provider. Also, one of the articles that sparked off that particular post: ESET Ireland's excellent blog post on a survey carried

Boys will be boys…

…whatever the hacker community’s personal taste is in games and consoles, gamers are a tempting target…

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.