Cyber Thieves Steal Nearly $1,000,000 from University of Virginia College
Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week, KrebsOnSecurity has learned.
Yearly Archives: 2010
MS Fix Shores Up Security for Windows Users
Microsoft has released a point-and-click tool to help protect Windows users from a broad class of security threats that stem from a mix of insecure default behaviors in Windows and poorly written third-party applications.
Crooks Who Stole $600,000 From Catholic Diocese Said Money Was for Clergy Sex Abuse Victims
Organized thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa earlier this month, sending the money in small chunks overseas with the help of dozens of co-conspirators here in the United States.
Researchers Kneecap ‘Pushdo’ Spam Botnet
Security researchers have dealt a mighty blow to a spam botnet known as Pushdo, a massive grouping of hacked PCs that until recently was responsible for sending more than 10 percent of all e-mail worldwide.
White House Calls Meeting on Rogue Online Pharmacies
The Obama administration is inviting leaders at the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.
Adobe, Apple Issue Security Updates
Adobe and Apple have released security updates or alerts in the past 24 hours. Adobe has pushed out a critical patch that fixes at least 20 vulnerabilities in its Shockwave Player, while Apple issued updates to correct 13 flaws in Mac OS X systems.
MalCon: A Call for ‘Ethical Malcoding’
I was pretty bummed this year when I found out that a previous engagement would prevent me from traveling to Las Vegas for the annual back-to-back Black Hat and Defcon security conventions. But I must say I am downright cranky that I will be missing MalCon, a conference being held in Mumbai later this year that is centered around people in the “malcoder community.”
According to the conference Web site, MalCon is “the worlds [sic] first platform bringing together Malware and Information Security Researchers from across the globe to share key research insights into building the next generation malwares. Spread across the world, malcoders now have a common platform to demonstrate expertise, get a new insight and be a part of the global MALCODER community. This conference features keynotes, technical presentations, workshops as well as the EMERGING CHALLENGES of creating undetectable stealthy malware.”
Anti-virus Products Struggle Against Exploits
Roughly half of the exploits tested were exact copies of the first exploit code to be made public against the vulnerability. NSS also tested detection for an equal number of exploit variants, those which exploit the same vulnerability but use slightly different entry points in the targeted system’s memory. None of the exploits used evasion techniques commonly employed by real-life exploits to disguise themselves or hide from intrusion detection systems.
Among all ten products, NSS found that the average detection rate against original exploits was 76 percent, and that only three out of ten products stopped all of the original exploits. The average detection against exploits variants was even lower, at 58 percent, NSS found.
Adobe Issues Acrobat, Reader Security Patches
Adobe Systems Inc. today issued software updates to fix at least two security vulnerabilities in its widely-used Acrobat and PDF Reader products. Updates are available for Windows, Mac and UNIX versions of these programs. Acrobat and Reader users can update… Read More »
WinMHR: (Re)Introducing the Malware Hash Registry
Microsoft Windows users seeking more certainty about the security and integrity of downloaded files should take a look at a free new offering from Internet security research firm Team Cymru (pronounced kum-ree) that provides a solid backup to anti-virus scans.
The tool is actually an extension of an anti-malware service that Team Cymru has offered for several years, known as the “Malware Hash Registry.” The MHR is a large repository of the unique fingerprints or “hashes” that correspond to millions of files that have been identified as malicious by dozens of anti-virus firms and other security experts over the years. The MHR has been a valuable tool for malware analysts, but until now its traditional command-line interface has placed it just outside the reach of most average computers users.
