City of Seattle Information Security Newsletter

Report: Cyberattacks against the U.S. rising sharply

Mon, 23 November 2009 +0000

>A new report prepared for Congress found that the number of cyberattacks against the U.S. government is rising sharply in 2009, and many of the attacks are coming from Chinese state and state-sponsored entities.

Older Microsoft Internet Explorer Vulnerable to Security Flaw

Mon, 23 November 2009 +0000

>Researchers at Symantec say exploit code for a zero-day security vulnerability has been uncovered in Internet Explorer 6 and 7.

Lightning strikes again: iPhone malware gets truly malicious

Mon, 23 November 2009 +0000

>The new worm is similar to the original Ikee worm (and the recently discovered iPhone hacking tool) in so much as it only infects jailbroken iPhones, where users have installed OpenSSH and not changed the default password (alpine).

Botnet begins social networking spam run

Mon, 23 November 2009 +0000

>A major malware botnet has sprung to life and is making a huge spam run through social networking sites.

More Facebooking, More Malware

Mon, 23 November 2009 +0000

>Security solutions firm F-Secure Malaysia says greater vigilance is needed as the use of social networking is gathering pace compared to e-mail.

iPhone worm hjacks ING customers

Mon, 23 November 2009 +0000

>The second worm to infect jailbroken iPhone users reportedly targets customers of Dutch online bank ING Direct

Tech Workers Dubbed the Unhealthiest

Mon, 23 November 2009 +0000

>Brits that work in IT have topped a poll of the most unhealthiest employees, says Fat Free Fitness.

Zero-day vulnerabilities in Firefox extensions discovered

Fri, 20 November 2009 16:30:00 +0000

>One of the reasons behind Firefox's popularity is the availability of a vast library of extensions. Users use them to modify the browser to their liking and make their browsing experience easier and more pleasant. The problem is, unbeknown to them, these extensions are exposing them to risk.

Dumb code could stop computer viruses in their tracks

Fri, 20 November 2009 16:30:00 +0000

>ON THE day a new computer virus hits the internet there is little that antivirus software can do to stop it until security firms get round to writing and distributing a patch that recognises and kills the virus.

IE8 bug makes 'safe' sites unsafe

Fri, 20 November 2009 16:30:00 +0000

>The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe.

Security Pro Says New SSL Attack Can Hit Many Sites

Fri, 20 November 2009 16:30:00 +0000

>A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet.

Cisco's free iPhone app grabs security feeds

Fri, 20 November 2009 16:30:00 +0000

>Cisco has made available a free iPhone app that can be used to receive more than a dozen security-related information feeds in customizable form related both to Cisco products and to general security topics, such as newly detected threats.

Happiness on Facebook Cuts Canadian Woman's Health Care

Fri, 20 November 2009 16:30:00 +0000

>As social media evolves -- and the freedom of the Internet diminishes our self-censorship -- many have run into situations where Facebook has land them in trouble.

Mozilla locks out rogue Firefox add-ons

Thu, 19 November 2009 16:30:00 +0000

>Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browsers application components directory.

Viruses, Malware Creeping into Online Games

Thu, 19 November 2009 16:30:00 +0000

>Maker of online gaming protection software reveals why virus attacks on video games is a problem that has increased over 600 percent in the past year.

Health Insurer Loses 1.5 Million Patient Records

Thu, 19 November 2009 16:30:00 +0000

>A health insurer lost 1.5 million patient records last May but waited six months to disclose the incident.

Fake Payment Request Attack Ramps Up

Thu, 19 November 2009 16:30:00 +0000

>A currently underway attack is attempting to trick victims with an e-mail that purports to request a verification for payment to a major company, but instead carries a Trojan.

3 Basic Steps to Avoid Joining a Botnet

Thu, 19 November 2009 16:30:00 +0000

>Banging the drum for security awareness never gets old. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need reminding.

FBI says hackers targeting law firms, PR companies

Wed, 18 November 2009 16:30:00 +0000

>Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.

Fake Facebook page steals login details

Wed, 18 November 2009 16:30:00 +0000

>A fake Facebook page which is designed to steal social networkers login details has been uncovered by PandaLabs.

T-Mobile employees sold data from thousands of customers

Wed, 18 November 2009 16:30:00 +0000

>Information commissioner says "paltry fines" are not enough, only jail sentences will do

Senate Panel: 80 Percent of Cyber Attacks Preventable

Wed, 18 November 2009 16:30:00 +0000

>If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard Tuesday.

Survey finds Mac, PC users are equal cybercrime victims

Wed, 18 November 2009 16:30:00 +0000

>Mac enthusiasts are just as likely to fall victim to a phishing attack as Windows users, according to a survey commissioned by security firm ESET.

The six greatest threats to US cybersecurity

Wed, 18 November 2009 16:30:00 +0000

>Its not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking.

Most Security Products Don't Initially Work As Intended, Study Says

Tue, 17 November 2009 16:30:00 +0000

>In certification tests, many products fail in functionality or logging, ICSA/Verizon reports

New Google SafeSearch Shows When Kids Are Protected

Tue, 17 November 2009 16:30:00 +0000

>Four colored balls now tell parents their children are protected against adult content while searching on Google.

SSL Flaw Could Have Been Used to Hack Twitter

Tue, 17 November 2009 16:30:00 +0000

>A flaw in the protocol used to secure communications over the Internet could have been used to hack Twitter accounts, according to an IBM security researcher.

Yahoo Careers website patched to close SQL flaw

Tue, 17 November 2009 16:30:00 +0000

>Security researchers have helped to close up a blind SQL injection vulnerability on Yahoo's careers website.

FAQ: Recognizing phishing e-mails

Tue, 17 November 2009 16:30:00 +0000

>If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing.

Working at Home: A Wi-Fi, H1N1, Family Survival Guide

Tue, 17 November 2009 16:30:00 +0000

>Bah Humbug!! 'Tis the season for stealing your parents' neighbor's Wi-Fi signal, struggling to set up a VPN connection while your flight gets delayed again, locking yourself in a closet to join a conference call, and trying to not catch the H1N1-type virus your sister's kid just sneezed all over your BlackBerry.

Fake Verizon 'balance-checker' Is a Trojan

Mon, 16 November 2009 +0000

>Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments.

Researcher finds "frighteningly bad" Adobe Flash flaw

Mon, 16 November 2009 +0000

>A researcher has discovered a new hacker point of entry in Adobe Flash, but the software company's product security director dismissed the research as "not news."

Attack tool can hijack data off unlocked iPhones

Mon, 16 November 2009 +0000

>Hackers can steal data off jailbroken iPhones by leveraging the same vulnerability that currently is being used to spread a mischievous worm.

DNS problem linked to DDoS attacks gets worse

Mon, 16 November 2009 +0000

>Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

Kaspersky Unveils Antivirus for Mac

Mon, 16 November 2009 +0000

>It is wrong to think that a Mac operating system is safe from malware.

Job Search Scams: Protect Yourself Against Identity Theft

Mon, 16 November 2009 +0000

>As U.S. unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers.

Swine flu fears making millionaires out of Russian hackers

Mon, 16 November 2009 +0000

>As the number of reported swine flu cases climbs, it's time a strong message was sent out against buying Tamiflu over the internet.

Microsoft looking into new SMB vulnerability report