cybersecurity

Firefox plug-in disabled due to security risk

"Mozilla on Friday disabled a Microsoft plug-in for Firefox called the .Net Framework Assistant because of a security problem — then scrambled to give people with patched systems an override option. Mike Shaver, Mozilla's vice president of engineering, announced the first step late on Friday night on his blog. 'It's recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on,' Shaver said. 'Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entr ›
CyberATTACK

Pass code hacker hits Penn. agency account

"Authorities say computer hackers drained more than $479,000 from a Pennsylvania county redevelopment agency's bank account. Cumberland County officials told reporters Wednesday that the intruders transferred funds from the agency's account to their own accounts at 11 different financial institutions last month." (Pass code hacker hits Penn. agency account ›
CyberCRIME

Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack

"Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned. Internal documents reveal for the first time that the nation’s largest retailer was a ›
CyberSECURITY

Microsoft's Patch Tuesday fixes record number of flaws

"Microsoft on Tuesday patched a record number of security holes in its Windows operating systems and other software, a haul that included at least one security flaw that was already under attack in the wild. One of the updates fixed a vulnerability in Windows Media Runtime that allows an attacker to remotely execute malware by tricking a user into playing a ›
CyberCRIME

Gang of 100 Phishers Charged in U.S., Egypt

"A gang of more than 100 alleged phishers has been charged in the U.S. and Egypt in connection with a global scheme to steal bank credentials of victims and siphon money from their accounts. A total of 53 defendants (.pdf) ranging in ages 18 to 44 are charged in a thick indictment (.pdf) unsealed Wednesday in federal court in Los Angeles. An additional pers ›
CyberATTACK

New Trojan Horse Targets Online Banking, Does More Than Steal Login Information

"This is one of those bits of news that bears repeating, particularly if you use online banking. CNET is reporting about a new type of Trojan horse, known as URLZone, that is designed not to steal your login information for online banking sites, but rather to actually steal your money while you’re on the bank†›
CyberATTACK

Federal Bureau of Investigation - New E-Scams & Warnings

"fraudulent e-mail message claiming to contain a confidential FBI report titled ‘New Patterns in Al-Qaeda Financing’ has been circulating since August 15, 2009. The e-mail has the subject line ‘Intelligence Bulletin No. 267,’ and contains an attachment titled ‘bulletin.exe.’ This message, or similar me ›
CyberCRIME

Bank Botnet Serves Fake Info to Thwart Researchers

"Researchers tracking a gang of online bank thieves found that the criminals have deployed a devious means to thwart law enforcement and anyone else trying to monitor their activities. The gang behind the URLZone trojan, which siphons money from online bank accounts and then alters a victim’s online bank statement to hide the fraud, have also devised a me ›
CyberSECURITY

10,000 Hotmail Passwords Leaked Online

"According to tech news site Neowin, an anonymous user posted usernames and passwords for over 10,000 Windows Live Hotmail accounts to web site PasteBin, including accounts on email domains like @hotmail.com, @msn.com, and @live.com. Neowin verified that the accounts are genuine, and that most appear to be based in Europe. Ars Technica reports, more specifically, those lea ›
CyberSECURITY

E-mail error sends out students' Social Security numbers

"Suffolk Community College has agreed to pay a company for the next year to monitor the credit of 300 students whose last names and Social Security numbers were mistakenly listed in an attachment to an e-mail sent to those students last month. Mary Lou Araneo, college vice president, said Sunday there is 'no indication' that any of the personal information ›
CyberSECURITY

Facebook Attack Launches; CAPTCHAs Bypassed

"The 'Data Snatchers' have found a way to automate the creation of Facebook accounts, according to Roger Thompson at security software company AVG. This means they've found a way to bypass the Facebook Captcha (the image of letters which are required for a new account, which are supposed to ensure that a human is involved). The result is that they have crea ›
CyberCRIME

Hacker Steals Thousands in City Cash

"Investigators said Friday that a hacker managed to get into a City of Atlanta computer and steal financial account information. According to authorities the man then set up bogus out-of-state accounts and withdrew tens of thousands of dollars. A man was indicted for stealing taxpayer cash from city accounts." (Hacker Steals Thousands in City Cash 100209 | myfoxatlanta.c ›
CyberTHREATS

Samoan Tsunami used in new cyber attack

"Cyber criminals are again wasting no time on capitalising on public interest in major news events with a new phishing attack being reported based on the recent Tsunami hitting Pacific Island nations. F-secure has reported that search engine optimisation (SEO) poisoning is again being used to to lure people into downloading a rogue antivirus agent. " (Samoan Tsunami used ›