The fifth IEEE eCrime Researchers Summit 2010 once again will be held in conjunction with the 2010 APWG General Meeting between October 18-20, 2010 at Southern Methodist University in Dallas, TX. See http://ecrimeresearch.org.

A situation has arisen in a governmental site in Ecuador. Taking advantage of a vulnerability on the server where the Web site is hosted, the attackers succeeded in accessing the system remotely.

We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is "erin andrews death threat".  Apparently,

A press query was passed to me concerning our blogs about the Russian bombings and the fact that criminals are making use of the topic to spread malware using blackhat SEO (Search Engine Optimization) and abuse of the twitter service. See "Russian Metro Bombings: here come the ghouls" and "Here come (more of) the ghouls" for more

SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don't have time to read everything on the Internet relating to current information security issues.) The emails described try to kid the victim that they've under-reported or failed to report

The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day.  With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait

It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a

As posted a few minutes ago on Mac Virus, Dancho Danchev has posted information on a phishing campaign where the bad guys are impersonating Apple in order to steal sensitive device information from iPhone users. Dancho’s post, which has lots of other links, is at: http://blogs.zdnet.com/security/?p=5460&tag=col1;post-5460 David Harley CISSP FBCS CITP Director of Malware Intelligence ESET

* http://en.wikipedia.org/wiki/Pushmi-pullyu#The_Pushmi-pullyu In an article in the Register with the eye-catching title of "Verified by Visa bitchslapped by Cambridge researchers", John Leyden comments on the argument by Cambridge researchers Ross Anderson and Steve Murdoch that the 3D Secure system, better known as Verified by Visa or Mastercard Securecode is better suited to shifting liability for

[Part 5 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Trust People, Not Addresses Don’t trust unsolicited files or embedded links, even from friends. It’s easy to spoof email addresses, for instance,