Category Archives: Latest Warnings

Cyberheists ‘A Helluva Wake-up Call’ to Small Biz

November 6, 2012

The $180,000 robbery took the building security and maintenance system installer Primary Systems Inc. by complete surprise. More than two-dozen people helped to steal funds from the company’s coffers in an overnight heist in May 2012, but none of the perpetrators were ever caught on video. Rather, a single virus-laden email that an employee clicked on let the attackers open a digital backdoor, exposing security weaknesses that unfortunately persist between many banks and their corporate customers.

DHS Warns of ‘Hacktivist’ Threat Against Industrial Control Systems

October 26, 2012

48 Comments

The U.S. Department of Homeland Security is warning that a witches brew of recent events make it increasingly likely that politically or ideologically motivated hackers may launch digital attacks against industrial control systems. The alert was issued the same day that security researchers published information about an undocumented software backdoor in industrial control systems sold by hundreds different manufacturers and widely used in power plants, military environments and nautical ships.

Adobe Ships Critical Fixes for Shockwave Player

October 23, 2012

3 Comments

Adobe has released a critical security update that plugs at least a half-dozen security holes in its Shockwave media player software. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638, available here. Updates are available for Windows and Mac systems. In its advisory on this update, Adobe says it is not aware of any active attacks against these flaws.

Critical Java Patch Plugs 30 Security Holes

October 17, 2012

30 Comments

Oracle on Tuesday pushed out a bevy of security patches for its products, including an update to Java that remedies at least 30 vulnerabilities in the widely-used program.

The Scrap Value of a Hacked PC, Revisited

October 15, 2012

28 Comments

A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can’t begin to fathom why miscreants would want to hack into his PC. “I don’t bank online, I don’t store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?,” are all common refrains from this type of user.

I recently updated the graphic (below) to include some of increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums.

Microsoft Patches Windows, Office Flaws

October 9, 2012

15 Comments

Microsoft today pushed out seven updates to fix a variety of security issues in Windows, Microsoft Office and other software. If you’re using Windows, take a moment to check with Windows Update or Automatic Update to see if new security… Read More »

Critical Adobe Flash Player Update Nixes 25 Flaws

October 8, 2012

26 Comments

Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software.

‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks

October 8, 2012

51 Comments

Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA’s advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I’m weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.

Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent

September 26, 2012

28 Comments

A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

Espionage Hackers Target ‘Watering Hole’ Sites

September 25, 2012

16 Comments

Security experts are accustomed to direct attacks, but some of today’s more insidious incursions succeed in a roundabout way — by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called “watering hole” tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities sectors.