Amnesty International’s homepage in the United Kingdom is hacked and is currently serving malware that exploits a recently-patched vulnerability in Java. Security experts say the attack may be opportunistic, or it may be part of a more nefarious scheme to target human rights workers.
Thousands of Twitter accounts apparently created in advance to blast automated messages are being used to drown out Tweets sent by bloggers and activists this week who are protesting the disputed parliamentary elections in Russia, security experts said.
It wasn’t long ago that I felt comfortable recommending CNET’s download.com as a reputable and trustworthy place to download software. I’m going to have to take back that advice: Unfortunately, CNET now is bundling invasive and annoying toolbars with much of the software on its site, even some open-source software whose distribution license prohibits such activity.
I first became aware of this after reading mailing list posting by Gordon “Fyodor” Lyon, the software developer behind the ever useful Nmap network security scanner. Lyon is upset because download.com, which has long hosted his free software for download, recently began distributing Nmap and many other titles with a “download installer,” that bundles titles with browser toolbars like the Babylon toolbar.
The Wall Street Journal this week ran an excellent series on government surveillance tools in the digital age. One story looked at FinFisher, a remote spying Trojan that was marketed to the governments of Egypt, Germany and other nations to permit surreptitious surveillance for law enforcement officials. The piece noted that FinFisher’s creators advertised the ability to deploy the Trojan disguised as an update for Apple’s iTunes media player, and that Apple last month fixed the vulnerability that the Trojan leveraged.
But the WSJ series and other media coverage of the story have overlooked one small but crucial detail: A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw.
The U.S. Department of Homeland Security today took aim at widespread media reports about a hacking incident that led to an equipment failure at a water system in Illinois, noting there was scant evidence to support any of the key details in those stories — including involvement by Russian hackers or that the outage at the facility was the result of a cyber incident.
Last week, portions of a report titled “Public Water District Cyber Intrusion” assembled by an Illinois terrorism early warning center were published online. Media outlets quickly picked up on the described incident, calling it the “first successful target of a cyber attack on a computer of a public utility.” But in an email dispatch sent to state, local and industry officials late today, DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said that after detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.
The proprietors of shadowy online businesses that have become synonymous with cybercrime in recent years were arrested in their native Estonia on Tuesday and charged with running a sophisticated click fraud scheme that infected with malware more than four million computers in over 100 countries — including an estimated 500,000 PCs in the United States. The law enforcement action was the result of a multi-year investigation, and is being called the “biggest cybercriminal takedown in history.”
2011 has been called the year of the data breach, with hacker groups publishing troves of stolen data online almost daily. Now a new site called pwnedlist.com lets users check to see if their email address or username and associated information may have been compromised.
Pwnedlist.com is the creation of Alen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint. Enter a username or email address into the site’s search box, and it will check to see if the information was found in any of these recent public data dumps.
The IT director for an international hedge fund received the bad news in a phone call from a stranger: Chinese hackers were running amok on the fund’s network. Not seeing evidence of the claimed intrusion, and unsure of the credibility of the caller, the IT director fired off an email to a reporter.
“So do you think this is legit, or is the guy trying to scare us?” the IT director asked in an email to KrebsOnSecurity.com, agreeing to discuss the incident if he and his company were not named. “He has sent me the logs for the connections to the infected server. I checked the firewall and am not seeing any active connections.”
The data breach disclosed in March by security firm RSA received worldwide attention because it highlighted the challenges that organizations face in detecting and blocking intrusions from targeted cyber attacks. What’s more, the subtext of the intrusion was that if this could happen to one of the largest security firms, what hope was there for organizations that aren’t focused on security?
Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to say publicly which additional companies may have been hit. Today’s post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.
Buying a car or making any other expensive purchase can be a hassle. And when it’s necessary to finance a purchase, there’s one more hurdle. If you want merchant financing, you’ll often be required to fill out a credit application… Read More »
