Computer Security News

Computer Security News and Related Information for IT Professionals and Home Users
Volume 99   Issue 1
  May 22, 2013

Latest Headlines & Security Articles:

Volume 99  Issue 1  May 22, 2013  —  v8.
 Microsoft is reading Skype messages 

 Power company targeted by 10,000 cyberattacks per month 
 U.S. power companies under frequent cyberattack 

 Chinese hackers said to have accessed law enforcement targets 

 Telenor cyberespionage attack has Indian origins 

 Reporters use Google, find breach, get branded as “hackers” 

Adobe Flash Player:
The Adobe Flash Player is updated quite frequently.
For best security you should check for updates often.

   Check for existence of Flash Player, and version ID 
   Download Adobe Flash Player stand-alone installers 

 NOTE that as of May 22nd 2013, the newest version of
 the Adobe Flash Player for Windows™ is:  11.7.700.202

  Platform version numbers may vary.  Check YOURS.

 New Citadel malware variant targets Payza online payment platform 

 Critical Linux vulnerability imperils users, even after “silent” fix 

 Why Intel's “How Strong is Your Password?” site can’t be trusted 

 Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too 

 Researchers uncover new global cyberespionage operation dubbed “Safe” 

 Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor? 

Volume 97  Issue 4  March 22, 2013  —  v8.
 Privacy 101: Skype Leaks Your Location 

 South Korean banks and broadcasters took phish bait in cyberattack 

 Ad-injecting trojan targets Mac users on Safari, Firefox, and Chrome 

 Microsoft details law enforcement requests in new report 

 Despite its efforts to fix vulnerabilities, Yahoo's Mail users
 continue reporting hacking incidents 

 TeamViewer-based cyberespionage operation targets activists 

 The Obscurest Epoch is Today 

 National Vulnerability Database taken down via vulnerability-exploit 

 Security updates available for Adobe Flash Player 

Adobe Flash Player:
The Adobe Flash Player is updated quite frequently.
For best security you should check for updates often.

   Check for existence of Flash Player, and version ID 
   Download Adobe Flash Player stand-alone installers 

 NOTE that as of March 22nd 2013, the newest version of
 the Adobe Flash Player for Windows™ is:  11.6.602.180

  Platform version numbers may vary.  Check YOURS.

 Watching Workers:  Where's The Line? 

 Judge ignores leniency plea, hands AT&T hacker a 41-month-sentence 

 A DHL delivery which is nothing but malware 

 The World Has No Room For Cowards 
 Security reporter tells Ars about hacked 911 call that sent SWAT team 

 The quest to crack the world’s most mysterious malware warhead 

 Site hosting leaked celebrity data goes offline 
 Credit Reports Sold for Cheap in the Underweb 
 Celebrity credit reports posted by ID thieves taken from free website 

 3G and 4G USB modems are a security threat, researcher says 
 Huawei USB modems vulnerable 

 ID thieves "dox" Joe Biden, Jay-Z, Michelle Obama, and dozens more 

 Watch out, office bods: A backdoor daemon lurks in HP LaserJets 

Volume 97  Issue 3  March 12, 2013  —  v8.
 Microsoft to patch security vulnerabilities, including some rated as critical 

 Help Keep Threats at Bay With 'Click-to-Play' 

 Pwn2Own carnage continues as exploits take down Adobe Reader, Flash 
 Pwn2Own takes down IE 10 running on a Surface Pro 
 Pwn2Own hacking contest winds down after paying a record $480K 

 What you Like on Facebook could reveal more than you think 

 Dating site Zoosk resets some user accounts following password dump 

 Helping users make better security decisions by design 

 Mac malware that infected Facebook bypassed OS X Gatekeeper 

 Thanks, Oracle: Java malware protection undone by old-school attack 

Volume 96  Issue 2  March 06, 2013  —  v7.
 Mobile Malcoders Pay to (Google) Play 

 Rogue Apache modules pushing iFrame injections, lead to Blackhole kit 

 How to protect yourself from debit-card fraud 

 U.S. military networks not prepared for cyberthreats, report warns 

 Oracle Issues Emergency Java Update 
 Oracle releases new Java patch to address this week’s McRat problem 
 Oracle pulls Java 6 plug, Apple likely keep patching OS X Snow Leopard 
 Oracle trowels more plaster over flawed Java browser plugin 

 Asprox botnet proves to be a resilient foe 

 US ISPs launch pirate wrist-slapping campaign 
 Here’s what an actual "six strikes" copyright alert looks like 

 Google squashes 10 Chrome bugs as $100K Pwn2Own prize looms 

 Attacks hit, but don't break, new SHA-3 candidate 

 Espionage malware addicted to Twitter since 2011 

 IT security managers too focused on compliance, experts say 

 Jailed cybercriminal hacked into his own prison's computer system 
 Banged-up Brit hacker hacks into his OWN PRISON'S MAINFRAME 

 Why do so many antivirus programs miss the same, old exploits? 

 Securing your website: A tough job, but someone’s got to do it 

Volume 97  Issue 1  March 01, 2013  —  v7.
 Another Java zero-day exploit in the wild actively attacking targets 

 Exploit lets websites bombard visitors' PCs with gigabytes of data 
 HTML5 Web Storage loophole can be abused, fill disks with junk data 

 Bizarre old-school spyware attacks governments, “Mark of the Beast” 
 Researchers uncover new global cyber-espionage campaign 

 Bank Muscat hit by $39m ATM cash-out heist 

 Anonymous leaks 'Bank of America secrets' in spy revenge hack 
 Bank of America says data breach occured at third party 

 Lessons to learn from UGNazi hacking against Mat Honan and Cloudflare 

 Sinkholes reveal more Chinese-hacked biz - and piggybacking crims 

 Google patches bug, allowed attackers past two-factor authentication 

 Facebook to fix bug leaking users' phone numbers 

 Rihanna sex video event scam spreads on Facebook 

Volume 96  Issue 6  February 27, 2013  —  v7.
 Java’s latest security problems: New flaw identified, old one attacked 
 Researcher unearths two new Java zero-day bugs 

 Adobe releases third security update this month for Flash Player 
 Adobe springs emergency Flash update, says hackers hitting Firefox 
 Adobe tells users to update Flash Player for the third time this month 

Adobe Flash Player:
The Adobe Flash Player is updated quite frequently.
For best security you should check for updates often.

   Check for existence of Flash Player, and version ID 
   Download Adobe Flash Player stand-alone installers 

 NOTE that as of February 27th 2013, the newest version of
 the Adobe Flash Player for Windows™ is:  11.6.602.171

  Platform version numbers may vary.  Check YOURS.

 Targeted malware attack piggybacks on Nvidia digital signature 

 Server hack prompts call for cPanel customers to take “immediate action” 

 Microsoft joins list of recently hacked companies 
 Microsoft joins Apple, Facebook, and Twitter; comes out as hack victim 

 DDoS Attack on Bank Hid $900,000 Cyberheist 

Volume 96  Issue 3  February 21, 2013  —  v7.
 China's cyber spying: Time for a Cold War response? 
 Is it now crazy to offshore IT to China? 
 China Won't Cut Its Cyberspying 

 FTC orders HTC to fix its “reasonable security” failures on Android 

Adobe Flash Player:
The Adobe Flash Player is updated quite frequently.
For best security you should check for updates often.

   Check for existence of Flash Player, and version ID 
   Download Adobe Flash Player stand-alone installers 

 NOTE that as of February 22nd 2013, the newest version of
 the Adobe Flash Player for Windows™ is:  11.6.602.168

  Platform version numbers may vary.  Check YOURS.

 Zendesk says breach compromised email addresses 
 Tumblr, Pinterest, Twitter hipsters exposed in Zendesk data raid 

 Pah! Social, file-sharing apps are SAFE compared to biz apps 

 Racist "McDonald's" notice posted on Facebook is yet another fraud 

Volume 96  Issue 3  February 21, 2013  —  v7.
 NBC.com hacked to serve up banking malware    (ComputerWorld)
 NBC.com hacked to serve up banking malware    (PCWorld)

 Donald Trump’s Twitter "seriously hacked" 

 Chinese military unit behind 'prolific and sustained hacking' 
 Chinese Army Hackers Are Trying to Bring Down U.S. Infrastructure 
 U.S. Security Company Tracks Hacking To Chinese Army Unit 
 US students get cracking on Chinese malware code 
 China biggest, but not the only country engaged in cyberespionage 

 Apple, Macs hit by hackers who targeted Facebook 
 Apple hacked, and Java is the weak spot 
 How to disable Java in your browsers 
 How to kill Java dead, dead, dead 

 Point-of-Sale malware attacks — crooks expand their reach 

 Identity fraud in US reaches highest level in three years 

Volume 96  Issue 3  February 15, 2013  —  v7.
 Facebook computers compromised by zero-day Java exploit 
 Facebook was targeted by 'sophisticated' hackers 
 Facebook targeted by hackers, says no user data compromised 

 Adobe confirms zero-day exploit bypasses Adobe Reader sandbox 
 Zero-Day Flaws in Adobe Reader, Acrobat 
 Thanks, Adobe. Protection for critical zero-day exploit not on by default 
 Zero-day PDF exploit affects Adobe Reader 11 and earlier versions 
 No patch, Adobe suggests workaround; Mac, Linux users need not apply 

 Exploit Sat on LA Times Website for 6 Weeks 
 Malware injected into legitimate JavaScript code on legitimate websites 

 iOS 6.1 hack lets users see your phone app, place calls 
 iPhone passcode flaw opens device to intruders 

 Does the IRS really know who you are? 

 Ice-type attacks give enemies access to your Android phone’s data 

 Phishing attacks target home workers as easy 'back door' 

 A world of hurt after McAfee mistakenly revokes key for signing Mac apps 

 Retail, food service industry top target of fraudsters 

Obama executive order redefines critical infrastructure
Following cyber order from Obama, CISPA is back

Editor's Note: Based upon historic evidence, it appears quite likely that this “critical infrastructure” initiative will cost American taxpayers billions of dollars, and will be yet another failure in a long, long line of failures of government projects, same as this one:
FCC invests $10M in new network security, leaves backdoor unlocked

 Yahoo! Pushing Java Version Released in 2008 

 Zombie Hackers Exploited Emergency Alert System Security Flaws 
 Emergency Alert System devices vulnerable to hacker attacks 

 Microsoft patches IE with record-setting updates; preps for Pwn2Own 

 Attack traffic from China takes a great leap forward 

Volume 96  Issue 2  February 12, 2013  —  v7.
 In Cyberwar, Software Flaws Are A Hot Commodity 

 FCC invests $10M in new network security but leaves backdoor unlocked 

 At Facebook, zero-day exploits, backdoor code bring war games to life 

 Security Firm Bit9 Hacked, Used to Spread Malware 
 Hackers hijack Bit9 to target its customers with malware 
 Crooks steal security firm's crypto key, use it to sign malware 

 Adobe issues emergency Flash update for attacks on Windows, Mac users 
 Adobe releases emergency Flash fixes for two zero-day bugs 

 Oracle to release yet more patches for Java 

 Critical cURL library flaw could expose many apps to hackers 

 How a security ninja cracked password guarding most valued assets 

Volume 96  Issue 1  February 05, 2013  —  v7.
 "Lucky Thirteen" attack snarfs cookies protected by SSL encryption 

 Mozilla takes drastic step to block virtually all plug-ins in Firefox 

 Department of Energy Hacked 

 Twitter looks to add two-factor authentication to stop password hacks 
 Twitter Hacked; Company Says 250K Users May Have Been Affected 

 How Newegg crushed the “shopping cart” patent and saved online retail 

 Securing your website: A tough job, but someone's got to do it 

 Chinese hacking of US media becoming a "widespread phenomenon" 
 Chinese Hackers Hit U.S. Media 
 Chinese cyber attacks on West are widespread, experts say 
 WSJ says it too was attacked by Chinese hackers 
 Hackers in China Attacked The Times for Last 4 Months 

 Mega launches vulnerability reward program 

 Keep it secret, keep it safe: A beginner's guide to Web safety 

 Obama to issue cybersecurity executive order this month 

 Privacy visor blocks facial recognition software 
 Foil face-recognition cameras with Privacy Visor 

Volume 95  Issue 9  January 29, 2013  —  v7.
 UPnP flaws expose millions of networked devices to remote attacks 
 86,800 network printers open to the whole internet 

 Java’s new “very high” security mode can't protect you from malware 
 New bug makes moot Java's latest anti-exploit defenses 
 Java Hacker Uncovers Two Flaws In Latest Update 

Oracle will continue to bundle 'crapware' with Java

How to Block the Ask.com Toolbar Installation:
  Edit your HOSTS file to include this line:  rps-svcs.sun.com

  Note that you will have to close  and then restart your
  browser for this change to become effective. Also note
  that this change will not block other applications from
  installing the Ask.com Toolbar.

This assumes you know how to implement a maintained HOSTS file.

 Google stepping up fight to limit government access to emails 

 Anonymous: Operation Last Resort "FULL LENGTH" 
 Hackers play Asteroids on US government websites 

 Big Bank Mules Target Small Bank Businesses 

 FBI intent on sniffing out those who leaked possible US Stuxnet role 

 What if your security camera were an insecurity camera? 

 Google Maps New Target:  Secretive North Korea 

Volume 95  Issue 8  January 26, 2013  —  v7.
 Internal Threats Top Security Concerns for IT Pros 

 Backdoors Found in Barracuda Networks Gear 
 Secret backdoors found in firewall, VPN gear from Barracuda Networks 

 Just-patched Java, IE bugs used to snare human rights sites 

 A close look at how Oracle installs deceptive software with Java updates 
 Oracle, please stop sneakily foisting third-party toolbars on us . . . 

 As defenses against network DDoS attacks improve, hackers find . . . 

 What Google's Transparency Report doesn't tell us 

 PSA: Don't upload your important passwords to GitHub 

 Pwn2Own hacking contest puts record $560K on the line 
 Big bugs, big bucks: Pwn2Own awards reach half a million 
 Pwn2Own Hacking Contest Bounties Exceed $500,000.00 
 Pwn2Own - Hack the Big Four browsers, go home with $560,000.00 

 11 Body Parts Defense Researchers Will Use to Track You 

Volume 95  Issue 7  January 21, 2013  —  v7.
 Firefox update 18 gets an update, but no security problems this time 

 DARPA takes multipronged approach to securing military's cloud 

 Polish Takedown Targets 'Virut' Botnet 

 80 Percent Of Attacks In 2012 Were Redirects From Legitimate Sites 

Adobe Flash Player:
The Adobe Flash Player is updated quite frequently.
For best security you should check for updates often.

   Check for existence of Flash Player, and version ID 
   Download Adobe Flash Player stand-alone installers 

 NOTE that as of January 21st 2013, the newest version of the
 Adobe Flash Player for Windows is:  11.5.502.146

 FBI to ACLU: Nope, we won't tell you how, when, or why we track you 

Volume 95  Issue 6  January 17, 2013  —  v7.
 Microsoft releases emergency update to patch Internet Explorer bug 

 Foxit patches critical flaw in PDF viewer browser plug-in 

 Shylock home banking malware now spreads via Skype 
 New slicker Shylock Trojan hooks into Skype 

 Two US power plants infected with malware spread via USB drive 

 $5,000 will buy you access to another, new critical Java vulnerability 
 Post-patch, US-CERT continues call to disable Java plug-in 

 On Facebook, users can no longer hide from search results 
 Bing beefs up Facebook content in search results 

 'Bob' outsources tech job to China; watches cat videos at work 

 AV-Test boss dismisses Microsoft criticism of malware test results 

 Malware attack! "You have received a secure message" 

 How Twitter users can fake a verified account - and how to spot it 

 eBay fraud and me: My absolutely ridiculous experience 

Volume 95  Issue 5  January 14, 2013  —  v7.
 Ransom, implant attack highlight need for healthcare security 

 An emerging target for cyber attacks: Trust 
 Cyberattacks on the upswing 

JAVA NEWSRecent Java Issues are Critical

  Oracle releases emergency Java patch        ←  GOOD REPORT
[experts warn flaws may take 2 years to fix]

  Oracle Rushes Out Java Security Patch 
  Researchers find malware targeting Java HTTP servers 
  US-CERT: Disable Java in browsers because of exploit 
  Yet another Java Zero-Day Exploit 

At-risk devices may include your phone:
  What Are Java-Enabled Mobile Phones? 


 Mobile attacks top the list of 2013 security threats 

 Bogus Chrome update offers shadow real updates 

 How do you know if your data is in good hands? Here's how. 

 Firefox getting built-in HTML5-based PDF viewer to improve security 

 IE flaw being exploited by group behind Aurora attacks 

 Ghostshell takes credit for extensive hack of government sites 

Volume 95  Issue 4  January 11, 2013  —  v7.
 Phone Hacking Ring Linked to Al Qaeda 

 Foxit PDF plugin hit by worse-than-Adobe 0-day 

 Anti-virus industry's dirty secret revealed 

 Facebook, Yahoo Fix Valuable $ecurity Hole$ 
 Yahoo DOM XSS 0day - NOT FIXED YET! 

 V24 of Chrome released, January 11 2013 

 "Internet of Things" has arrived - so have massive security issues 

 U.S. Cities Relying on Precog Software to Predict Murder 

 Zero-Day Java Exploit Debuts in Crimeware 

 Bank Hacking Was the Work of Iranians, Officials Say 

 Computer Scientists Find Vulnerabilities in Cisco VoIP Phones 

 Java is still exploitable and is likely going to remain so 

Volume 95  Issue 3  January 8, 2013  —  v7.
 Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript,
 and 20 other security fixes 

 Microsoft and Adobe issue first Patch Tuesday of 2013 

 Microsoft kicks off 2013 with clutch of critical Windows updates 

 UK armed forces at risk of 'fatal' cyber-attack, MPs warn 

 Nvidia fixes hole that turns PCs into remote-control toys for hackers 

 Boffins hide messages in Skype 'silence packets' 

Volume 95  Issue 2  January 7, 2013  —  v7.
 DHS website falls victim to hacktivist intrusion 

 Never trust a photo copier 

 7 Top Information Security Trends For 2013 

 Healthcare Settlement Highlights Risk Analysis, Encryption Importance 

 Obama's CIA nominee an advocate for federal cybersec regulations 

 Adobe warns of actively exploited ColdFusion flaws 

Volume 95  Issue 1  January 4, 2013  —  v7.
 Zero day vulnerability in Internet Explorer being used in targeted attacks 

 Researcher sidesteps Microsoft fix for IE zero-day 
 Website of US-based gas turbine maker also rigged with new IE exploit 

 94% of US hospitals suffered data breaches, and 45% had quintuplets 

 How a regular IT guy helped catch a botnet cybercriminal 

Volume 94  Issue 8  December 28, 2012  —  v7.
 Exploring the Market for Stolen Passwords 

 Stabuniq malware found on servers at U.S. financial institutions 
 Wells Fargo's website buckles under flood of traffic 

 Were 2012 Cybersecurity Predictions Right? 

 The "hidden" backdoor - VirTool:WinNT/Exforel.A 
NOTE:  This backdoor is implemented at the NDIS level.

 Shocking Delay in Fixing Adobe Shockwave Bug 

 PowerPoint about Mayan "End of the World" infected with malware 

Volume 94  Issue 7  December 26, 2012  —  v7.
 New Findings Lend Credence to Project Blitzkrieg 

 S.C. Security Blunders Show Why States Get Hacked 

 9 Ways Hacktivists Shocked The World In 2012 

 Digital Citizens group focuses on Internet safety 

 Army greenlights controversial intelligence system 

 Researchers show proof-of-concept Microsoft ERP hack 

 Wells Fargo's website buckles under flood of traffic 

 Improved Carberp malware targets U.S. banks 

Volume 94  Issue 6  December 24, 2012  —  v7.
 Adobe to patch 2-year-old Shockwave flaw next year 

 FCC Smartphone Security Checker 
 Android malware up sixfold in Q3 
 FBI issues Android malware warning 
 Samsung Galaxy III vulnerability leaves millions open to malware 

 S.C. data breach just latest in hacker onslaught 
 SC tax agency to receive loan for hacking response 

 Air Force scraps massive ERP project after racking up $1 billion in costs 

Volume 94  Issue 5  December 23, 2012  —  v7.
 West Va. Internet consultant paid $512k in federal stimulus funds 

 Why the Government's Cybersecurity Plan Will End in Catastrophe 

 5 (more) key cloud security issues 

 A new targeted Trojan, Batchwiper, wipes data from drives 

 15 social media scams 

Computer Security NewsCSN

  News and Articles pertaining to security and/or privacy issues in the digital world.

Quote of the month:

All things are doomed to eventually fail.

Older Headlines & Security Articles:

 Hackers jack Monster.com, infect job hunters 
NOTE:  Anonymous tipster tells us it's an "inside job"

 Commerce Bank breached 

 Hackers poised for Black Friday assault 

 Free software group files copyright lawsuits 

 Russian hacker gang vanishes day after moving to China 

 Group drafts rules to nix credit-card storage 

 Wiretapping bills allow lawsuits to continue 

 New MSN Messenger Trojan Spreading Quickly 

 'Lust, Caution' Prompts Virus, Medical Warnings 

 WabiSabiLabi Co-Founder Arrested 

 China spying 'biggest US threat' 

 Spy charges for US computer duo 

 Apple Releases Godzilla-Sized Security Patch 

 U.S. girds for battle with computer 'botnets' 

 Many Retailers Easy to Hack, Study Finds 

 Did NSA Put a Secret Backdoor in New Encryption Standard? 

 DoubleClick Serves Up Vast Malware Blitz 
NOTE:  If you have a good HOSTS file, your risk is reduced.

 Most Malware Made in China 

 TJX's Projected Breach Costs Increase to $216M 

 Hacker finds 492,000 unprotected Oracle, SQL database servers 

 Is the Chinese government infecting us with malware? 

 Bureau warns on tainted discs 

 DNS-changing Trojan opens Mac OS X floodgates 

 Attackers Snatch Member Data from 92 Nonprofits 

 Microsoft closes Windows Shell hole 

 Bot master owns up to 250,000 zombie PCs 

 Merrill Lynch Slashes Tech Sector Rating 

 'Electronic Jihad' fails to threaten, again 

 Security Loophole Found In Windows Operating System 

 Hackers launch 'cyber jihad' on US 

 Al Qaeda declares Cyber Jihad on the West 

 Report:  Cyber jihad set for November 11 

 Set a Hacker Alarm on Your Web Mail Box 

 Hacker Pleads Guilty to Spreading Botnets 

 Manhattan business indicted for ID theft 

 Web attack primes sites to infect visitors 

 Stop the botnets! 

 Close the Holes Targeted by the MPack Attack Kit 

 US spammer gets two years in jail 

 Task force aims to improve U.S. cybersecurity 

 Some question security of enhanced drivers license plan 

 Electronic Jihad rears its head, again 

 The Web's 12 Scariest Applications 

 Senators Question Telco Domestic Spying Immunity 

 Chinese Fraudsters Fake Drug Watchdog Web Site 

 New Group Joins Russians in Evil PDF Attack 

 IBM to spend $1.5 billion to improve computer security 

 Audio-spam pitch rode eight-figure Storm wave 

 Mac Trojan prowls porn sites 

 Spammers employ stripper to crack CAPTCHAs 

 Stock spammers pump up the volume with MP3 files 

 Halloween spam tries to spirit away personal information 
 Beware $250 [and other] Gift Card offers  -  FRAUD!

 Secure Anonymous Email Message Service 
 Are these things legal?  Check it out!

 Microsoft patches Word, Internet Explorer 

 Word exploit loose, according to Microsoft, Symantec 

 California man arrested for DDoS attacks 

 DHS video shows potential impact of cyberattack 

 File sharer fined $222k in music industry win 

 Commerce Bank hacked; says damage limited 

Searching for a job?  Be careful where you look . . .

 Alleged Theft of Information of Millions of Monster.com users 
  see also,  Monster warns Victims 

 Personal info on 150,000 job seekers stolen 

 IBM to bury BlackIce by next year 

 Trojan Hidden on Job Search Sites Steals Personal Data 

 Don't Talk to Strangers on Yahoo Messenger Webcam 

 Universities warned of Storm Worm attacks 

 63% of Malware Emerges from U.S. Sites 

 CACI Table of Computer Security Threats 

 MySpace bars 29,000 sex offenders 

 Browser flaw opens iPhone to attack 

 Spammers dump images, switch to PDF files 

 FBI installs spyware to gather evidence 

    Want more in-depth IT security information?
    Visit The Encyclopedia of Computer Security

 Massive stock spam attack uses crafty PDF to lure investors 

 Stolen credit cards traded through online stores 

 Meet Verizon, King of ISP Spammers 

 Massive Web Exploit Emerges 

 Google Stomps Out Malicious Sponsored Links 

 Critical Firefox hole allows password theft 

 Latest IM attacks still rely on social engineering 

 Harden your network services and contain zero-day threats 

 Triple trouble for Microsoft users 

 New attack can flatten XP firewall 

 Compromised PC Leads To Big Fraud Losses For E*Trade 
  → Other online brokers are likewise falling victim...

 Office antipiracy checks to become mandatory 

 DVD Jon Cracks Apple's FairPlay DRM 

 Windows Defender software released, still free 

 PhishTank casts its net for malicious email 

 How can I prevent an FU Rootkit from spreading? 

Special Focus:  Detection and removal of rootkits
 A rootkit is a set of software tools intended to conceal... 
 Experts divided over rootkit detection and removal 
 Rootkit Detection and Removal 
 How can I detect and remove rootkits from Windows? 

 GMER is an application that detects rootkits 
  It is free, and possibly the best of it's type
  You can read more about it  here 

 Sophos offers free Anti-Rootkit tool 

Special Focus:  Terrorism Today
 The Unique Terrorism Threats Posed by Liquid Explosives 
 NYPD to Use Portable EDSs from Smiths Detection in Subways 

Special Focus:  Is "Big Brother" watching you?
 Ten Steps to a Successful IP Surveillance Installation 
 Dispelling the Top 10 Myths of IP Surveillance 

Computer Security News

 Data on 28,000 home care patients stolen 

 AT&T sues data brokers for stolen customer records 

 Army to encrypt computers 

 Windows Worm Warnings No Joke 

 Hacker Sophistication Outpacing Forensics 

 Defending Cell Phones and PDAs Against Attack 

 Worm Hole in McAfee Anti-virus Products 

 Hackers Expose Critical Wi-Fi Driver Flaw 

 Intel Offers Security Fixes for Centrino 

 FBI wants hackers to join fight against Web Mobsters 

 Yet Another Malicious Attack Technique 

 "Image spam" paints a troubling picture 

 SPIKE and BURP for real world computer security 
  (another excellent article by Don Parker)

 PayPal phone phish scam uses voice recording to steal money 

 Google search helps dig up malware 

 Consultant Breached FBI's Computers 

 HP to hack customers' networks 

 VA efforts to bolster laptop security stymied by lawsuits 

 Making your Linux installation (more) malware-proof 

 Microsoft warns of exploit code for dial-up bug 

 Worm appears as Microsoft antipiracy program 

 FBI recovers stolen VA laptop 

 Navy finds personnel data online 

 The Million-Dollar VoIP Scam 

 Cyber Criminals see profit potential in vulnerable IP Telephony Networks 

 At trial, ex-boss describes Paine Webber's saboteur's rage 

 Weird "ghost spam" testing addresses 

 Spam Zombies increase in number 

Developers, here's a multi-platform tool that can
help you create better quality & more secure code.

Facebook Fraud, Hoaxes, Scams and Security Warnings

There are always numerous forms of fraud being perpetrated on Facebook. Learn about them, and make some effort to help minimize their proliferation.

   The latest Facebook scams to watch out for 
   Dissecting the Facebook Gift Scam: How They Get You 
   6 biggest Facebook scams, and how to avoid them 
   Facebook Scams, Hoaxes and Security Warnings 
   How to Spot Facebook Scams 

Some of the fraud being perpetrated is by spreading images, to gain “likes”, which can be converted to monetary gain.  The people who spread these things choose a subject such as religion, wildlife, love, or human compassion. They know that many people will “share” and/or “like” those kind of things.  So, for example, after a bad storm they may create a picture of somebody, and claim they lost their home and all their belongings, and that because of some technicality they are disqualified from receiving any assistance. They will claim that for every “like”, money will be donated to those people. But it is all a scam. When they gather enough “likes”, they make money. No money goes to the cause or victims stated in these fraudulent claims.

Fortunately, Facebook is working to help reduce the number of fradulent posts, but it is a never-ending battle. The people who do these things read legitimate articles written to help small businesses, which turn provide jobs in our economy.

   5 Techniques for Transforming "Likes" into Profit 
   5 Ways to Turn Facebook "Likes" into Marketing Results 
   Facebook cracks down on fake "Likes" 

Keep your computer up-to-date and secure!


Thank you for taking the time to visit Computer Security News.   This site is intended to help people become more aware of potential security threats to their computer and to their personal data that is often stored on-line.  Computer hardware and software changes quickly, with new replacing old. New threats occur, and we shall always present up-to-date information to help you. CSN will always focus on news and articles pertaining to security and/or privacy issues in the digital world.

Computer Security News

http://computersecuritynews.us/ This site was developed and is maintained by Steve Thornburg. Contact via Secure WebForm All site and its content is ©2005—2013 Steve Thornburg       v8.
 computersecuritynews.us  designed & developed  by  Steve Thornburg   ©2005—2012