InformationWeek Security Weblog

Bank Login Stealing Trojan Threat Grows

George Hulme — Tue, 08 Dec 2009 13:07:03 -0500

Cisco released its Cisco 2009 Annual Security Report this morning, and it contains some interesting insight on many of the vulnerabilities and threat vectors we face today.

Researcher: iPhone Data Easy To Cultivate

George Hulme — Sun, 06 Dec 2009 13:50:53 -0500

While there hasn't been any attacks on iPhones that haven't been jailbroken, one researcher has shown that once a rogue application makes its way onto the device - there's not much it can't do with your data.

Texas Hospital District Fires 16 For HIPAA Violations

Mitch Wagner — Wed, 02 Dec 2009 12:43:01 -0500

The Harris County Hospital District of Houston, Texas, fired 16 employees, accusing them of violating patient privacy laws by inappropriately accessing the records of a medical resident who'd been admitted to the hospital after she was shot in a grocery store parking lot.

New Ransomware Attack Underway

George Hulme — Tue, 01 Dec 2009 11:35:10 -0500

Security researchers at CA have found a new so-called "ransomware" attack underway. There are many things you can say about malware writers. Most of it would be NSFW. But you can't say they don't work hard at what they do.

Famous Password Auditing Tool, L0phtCrack Is Back

George Hulme — Mon, 30 Nov 2009 11:33:29 -0500

After a couple of years of rest, L0phtCrack, one of the most famous password auditing and recovery tools is back.

Microsoft Provides Insight Into Password Attacks

George Hulme — Sun, 29 Nov 2009 19:11:49 -0500

For about a year now, Microsoft has been trying to gather data on real-world attacks, the types of attacks normal users might encounter in their day to day Internet use - and the software maker just released some interesting data on password attacks.

Exploit Code Targets Internet Explorer Zero-Day

George Hulme — Tue, 24 Nov 2009 17:42:14 -0500

There's exploit code circulating that can be used to target certain versions of Internet Explorer, Microsoft says it's working on a fix.

Chrome OS Security: Initial Impressions

George Hulme — Fri, 20 Nov 2009 16:15:02 -0500

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.

Phishers Target Apple Customers In New Attack

George Hulme — Wed, 18 Nov 2009 18:30:21 -0500

While OS X is targeted by a far fewer number of viruses than other operating systems, that's not stopping fraudsters from trying to hit Mac users with fraud.

Reporting Health IT Security Compliance Gets Easier

Marianne Kolbasuk McGee — Mon, 16 Nov 2009 15:15:06 -0500

The Health Information Trust Alliance (HITRUST) has unveiled a new program that helps streamline how healthcare organizations report to their business associates their status of compliance to security regulations such as HIPAA and others.

InformationWeek's RSS Feed is brought to you by

Mon, 16 Nov 2009 15:15:06 -0500

The Web Application Security New Top 10 Risks

George Hulme — Sun, 15 Nov 2009 21:23:31 -0500

With a focus on risks, rather than only ranking software vulnerabilities, the Open Web Application Security Project (OWASP) has made a significant - and welcomed - change in how the organization rates Web application security weaknesses.

Despite Security Concerns, Social Networks Soar

George Hulme — Mon, 09 Nov 2009 11:24:36 -0500

Security firm Palo Alto Networks peeked at the application use of more than 200 organizations around the globe, and found social networking growth on corporate networks is on fire. Will security concerns be the extinguisher? Don't count on it.

JailBroken iPhones Targeted By Rick-Rolling Worm

George Hulme — Sun, 08 Nov 2009 13:26:29 -0500

The SANS Institute Internet Storm Center is warning users of jailbroken iPhones that a new worm is targeting their hacked phones. So how dangerous is it, really?

Microsoft To Patch 15 Vulnerabilities

George Hulme — Thu, 05 Nov 2009 22:48:12 -0500

As part of its monthly ritual, Microsoft in its Security Bulletin Advanced Notification for this month warned of a number of nasty vulnerabilities in its operating systems and productivity software.

Tech Pros Want Security, Healthcare, Green Certifications

Marianne Kolbasuk McGee — Wed, 04 Nov 2009 13:37:45 -0500

Techies are seeking professional certifications in emerging areas like healthcare and green IT, and especially old standbys like IT security, according to a new survey.

Manhattan DA Announces Major ID Theft Indictment

George Hulme — Mon, 02 Nov 2009 21:53:16 -0500

A Manhattan DA brought an 149-count indictment accusing a computer technician of stealing the identities of more than 150 employees of the Bank of New York Mellon and using those identities to orchestrate more than $1.1 million in thefts against charities and non-profits, among other institutions.

New Project Takes Aim At Web Vulnerabilities

George Hulme — Sat, 31 Oct 2009 19:06:59 -0500

New open source honeypot sets bait to lure attackers and to gain first hand information on current attack techniques underway.

Blue Coat Identifies Halloween Trick

Adam Ely — Fri, 30 Oct 2009 19:14:20 -0500

Blue Coat has identified a new malware trick just in time for Halloween. Unsuspecting victims are redirected to one of two malware sites after searching for Halloween related sites. These distribution sites are typically used for hosting of warez, pirated digital content, but have been switched to malware distribution in the past 12 hours.

Patch Your Firefox

George Hulme — Tue, 27 Oct 2009 23:09:50 -0500

Mozilla just released 16 patches for vulnerabilities in Firefox. Eleven of the flaws are critical, and affect a number of components in the browser.

UK Jobs Website Hacked

George Hulme — Mon, 26 Oct 2009 17:22:10 -0500

The news site Guardian is warning members of its UK jobs site that the site has been breached, and that personal data may been snagged.

Application Security Is National Security

George Hulme — Fri, 23 Oct 2009 19:25:07 -0500

Hacks targeting U.S. government computers are coming from China. We knew that. The Chinese hackers are relying on zero-day software vulnerabilities to exploit critical systems. So, tell me again: why aren't we doing more to require applications be built secure from the start?

My Hat Is Blue

Adam Ely — Thu, 22 Oct 2009 17:14:13 -0500

For the past two days I have been back in Seattle. It was almost two years ago I left the city, and was not sure when I'd get a chance to return. Microsoft's BlueHat security conference was a great reason to come back to my favorite rainy city.

What is BlueHat?

Gumblar: Back With A Vengeance

George Hulme — Tue, 20 Oct 2009 14:03:37 -0500

Earlier this year, the botnet Gumblar made a splash when it infected more than 2,300 Websites, including popular destinations such as Tennis.com, Variety, and Coldwellbanker.com. Now, security researchers say Gumblar is back in strength and is changing its tactics.

Scammers Up The �Rogueware� War

George Hulme — Sat, 17 Oct 2009 16:44:03 -0500

Attackers have been known to encrypt user files (such as happened with Gpcode), and then demand payment for the decryption key, for some time. These so-called rogueware, including scareware, attacks have been underway for some time. Now scammers have upped their attack tactics.

RAND: U.S. Should Not Prioritize Cyberwarfare

George Hulme — Tue, 13 Oct 2009 22:17:10 -0500

The think tank RAND came out with an Air Force funded paper that concludes spending money on operational cyberwarfare is a waste of budget. I agree.

InformationWeek's RSS Feed is brought to you by

Tue, 13 Oct 2009 22:17:10 -0500