Search Our Site:

Category News Feeds Get the very latest Virus Spyware and Security news feeds from some of the hottest sites on the Web such as CNet News.com, ZiffDavis, eWeek, InternetNews, Trend Micro and The Register.   Security - RSS Feeds Security - RSS Feeds • WhiteHat Report Finds Web Site Security Vulnerabilities Persist WhiteHat Security's latest report on Web site security shows cross-site scripting remains the most common Web site vulnerability. But cross-site forgery requests also made WhiteHat's list of top 10 Web site security flaws. On a positive note, the majority of the vulnerabilities discovered by WhiteHat were remediated. - WhiteHat Security's latest report on Web site vulnerabilities has found the Internet in slightly better shape emphasis on slightly. In the fifth installment of the quot;WhiteHat Website Security Statistics Report, quot; the company has found that 82 percent of the 687 Web sites assessed by the ... • Apple iPhone Passcode Bypass Made Public The passcode feature on the latest version of Apple's iPhone can be bypassed in a few simple steps. Apple issued a fix for the issue when it released iPhone v1.1.3 back in January. While iPhone users wait for another fix, information about an easy workaround has been made available. - The passcode feature on the latest version of Apples iPhone can be bypassed, potentially allowing an unauthorized person to access data on the device if it is lost or stolen. The issue was posted to a MacRumors.com discussion forum and affects iPhone 2.02. Users can lock the iPhone with a four-d... • Private Browsing and the Enterprise In an enterprise, privacy is good in moderation. But new hyperprivacy features need IT's control. - The rumors were right: Internet Explorer 8 will have new privacy features akin to those in Apple Safari. What role should they play in the enterprise? InPrivate Browsing ( quot;Private Browsing quot; was already taken by Apple) lets the user control whether or not IE saves potentially privacy-rel... • Attackers Targeting Linux Infrastructures with Rootkit to Steal SSH Keys U.S.-CERT is warning of attacks targeting Linux-based infrastructures using compromised SSH keys. After access is gained to the system, local kernel exploits are used to gain root access. A rootkit is then installed to steal more SSH keys. The attack could be related to a flaw affecting Debian-based encryption keys discovered earlier this year. - Hackers are launching attacks against Linux-based computing infrastructures using compromised SSH [Secure Shell] keys and installing rootkits, according to a warning by the U.S. Computer Emergency Readiness Team. According to US-CERT, the attack uses stolen SSH keys to access a system and then loc... • Why Can't Google Stop Malware Ads on Adwords? There has recently been an unfettered flow of advertising for malicious software on Google's AdWords networks. How come Google can't stop the malware? - People make much of technical matters in security, but the most important force behind malware is social engineering, not some vulnerability or bad design. The current hot malware is a textbook case of social engineering and an aggressive marketing campaign. You must have seen them by now: ads f... • Laptop Sold on eBay Exposes 1M Royal Bank of Scotland (RBS), American Express... Personal details of more than 1 million customers of Royal Bank of Scotland, American Express and NatWest are found on a computer sold on auction site eBay. RBS said the information included historical data related to credit card applications and data from other banks, but would not disclose further details.The information was being held by archiving firm Graphic Data, which copies paperwork from some of Britain's biggest financial organisations and stores it digitally. - LONDON (Reuters) - Account holders' personal details have been found on a computer sold on eBay, banks said on Tuesday, adding to fears over data security. Media reports said details of more than a million customers of Royal Bank of Scotland, American Express and NatWest were found on the compu... CNET News.com - Security Tech News First • Rising fraud threats in virtual worlds McAfee says phishing attacks, viruses, spam, and money laundering are rife in virtual worlds. • Security hole opens up password protected iPhones Users report serious security flaw in iPhone 2.0.2 that exposes mail, texts, voice messages, and browser to strangers despite the device being password-protected. • IE 8 beta gives other browsers a run for their money With the newest public beta version of its Internet Explorer browser, Microsoft meets, and in some cases exceeds, the security features available in other browsers. • Become a remote spy with Swann's new wireless camera Swann announces the IP-3G ConnectCam 1000. • Space: The final frontier for computer viruses Virus that hits laptops onboard the International Space Station isn't the first ever, just the first one that is reported, NASA says. • Google Earth shows cows point north Featured links from the CNET Blog Network Google Earth shows cows point north -- A study by German scientists using images sourced from Google Earth shows that cows align themselves to the north-south magnetic axis. The opportunity for backup and disaster recovery in the Cloud -- Cloud-based services offer a new opportunity for businesses to take backup and disaster recovery seriously. The site that might help you sleep with a psychopath -- Airbedandbreakfast.com is a site that encourages people to host and to stay at ordinary people's houses when they're traveling. The correct way to update Windows' device drivers -- Visit the system vendor's site to download the latest versions of the software that runs your PC's important components. InternetNews.com Security News Real time breaking news, trends, analysis, features and opinion for IT managers about network security and how to protect the enterprise. • Password Stealing Worm Catches NASA Napping Houston, we have a virus. • The Trouble With Virtual Disaster Recovery Embracing virtualization helps cut costs, but will it lead to trouble when there's a massive systems failure? • Fake FedEx E-mails Flood the Web Spammers rev up to unprecedented volumes. • FEMA Gets a Lesson in Security Phone hackers exploit a vulnerability caused by a contractor to make free phone calls. • U.S. Clamps Down on Suspected Botnet Operator One alleged bad guy down, perhaps -- but many more to go, if security experts are right. • Princeton Review Breach Avoidable: Experts While the data breach at the Princeton Review is the focus of unwanted attention, it's just a sign of more deep-rooted problems. Trend Micro - Newest Malware Advisories TREND MICRO provides free malware information updates • TROJ_FAKEALER.IO A Trojan horse program is a malware that is not capable of automatically spreading to other systems. Trojans are usually downloaded from the Internet and installed by unsuspecting users. Trojans typically carry payloads or other malicious actions that can range from the mildly annoying to the irreparably destructive. They may also modify system settings to automatically start. Restoring affected systems may require procedures other than scanning with an antivirus program. • WORM_SOHANAD.DR To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below. Malware Overview This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be dropped by other malware. It may be downloaded from a remote site. This worm drops copies of itself. Note that the drop paths are harcoded within this worm's code. However, this dropping routine fails to execute on systems running Windows 2000 and Windows NT. This worm creates registry entries to enable its automatic execution at every system startup. This worm sends email using MAPI (Messaging Application Programming Interface) via MS Outlook. It sends email to all addresses listed in the MS Outlook address book with copies of itself as attachments. It may also connect to Web sites to download an updated copy of itself. However, the said Web sites are inaccessible as of this writing. • TROJ_AGENT.GZT This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. It may arrive as a .DLL file that exports functions used by other malware. It drops copies of itself. It is injected into processes running in memory. It accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system. • WORM_AUTORUN.BNH This worm drops a copy of itself upon execution. Through system registry modification, it then registers itself as a system service to ensure its automatic execution at every system startup. To propagate, it drops copies of itself in all available physical and removable drives. It drops a file that allows it to automatically execute dropped copies when the drives are accessed. • TROJ_SMALL.KAS This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It drops copies of itself. It drops files/components. It creates registry entries to enable its automatic execution at every system startup. It also creates and modifies registry key(s)/entry(ies) as part of its installation routine. It drops component files. It deletes itself after execution. • TROJ_TIBS.CLZ This Trojan may be downloaded from certain remote sites by HTML_DLOADER.PCS. It drops a copy of itself upon execution and then registers itself as a system service to ensure its automatic execution at every system startup. The Register - Security: Enterprise Security Biting the hand that feeds IT • Minister warns of national grid hack threat And theft of commercial secrets A UK government minister has warned that cyber-terrorists were attempting to take out the national grid.… • Best Western plays down impact of hack attack 8 million records? Huh, more like 10 Hotel chain Best Western has denied falling victim to a large-scale hacking attack.… • That password-protected site of yours - it ain't Google exposes the Net's dirty secrets It's one of the simplest hacks we've seen in a long time, and the more elite computer users have known about it for a while, but it's still kinda cool and just a little bit unnerving: A hacker has revealed a way to use Google and other search engines to gain unauthorized access to password-protected content on a dizzying number of websites.… • Phreakers seize government phone system Department of Homeland (in)Security Information technology workers at the US Department of Homeland Security are busy scraping egg off their collective faces after unknown hackers broke into their telephone system and racked up $12,000 in calls to the Middle East and Asia.… • Microsoft's IE 8 puts giant web hole on notice Tell us if you've heard this one before? Engineers in Microsoft's Internet Explorer group are devising a new means to stamp out one of the web's biggest security banes: attacks that steal email, bank account credentials and other sensitive information by injecting malicious code into trusted websites.… • Cisco plugs online meeting bug Buffer buffed Cisco has plugged a buffer overflow flaw involving its popular WebEx online meeting client.…         Home Contact Us Site Map Copyright © 2004 - Detechnify.com - All Rights Reserved. Contact Details.