Peaches

Update Experts
  • Content Count

    2130
  • Joined

  • Last visited

Everything posted by Peaches

  1. Kaspersky Antivirus Crash VulnerableDOS exploit found in Kaspersky Internet Security 2010 and Kaspersky AntiVirus 2010 A recent security report from Maksymilian Arciemowicz presented on the SecurityReason website details how remote users could crash PCs running Kaspersky-owned products. Pointing the antivirus to parse a URL, the users' CPU can be tricked to consume excessive resources and eventually crash. The vulnerability affects Kaspersky Internet Security 2010 9.0.0.459 antivirus and its brother, the Kaspersky Antivirus 2010 9.0.0.463 version. The exploit was discovered on August 18th 2009
  2. Aug21 Laptop Delivery Note Contains Malware 10:49 pm (UTC-7) | by Maydalene Salvador (Anti-spam Research Engineer) Just today, we at the Content Security team received a large number of spam with a ZIP attachment that contains a backdoor. The said email informs the user that the product he/she has ordered/purchased online is already sent. It then asks the user to view the tracking document details by opening the attachment. The attachment is not an Office file, it is instead an executable which Trend Micro detects as BKDR_REDOLAB.AL. This backdoor’s main duty appears to be to download TR
  3. 22 August 2009, 03:04 Deadly pings for Cisco routers and switches A bug in the Firewall Services Module (FWSM) software allows Cisco routers and switches to be disabled by a series of crafted ICMP packets. Catalyst 6500 series switches and Cisco 7600 series routers equipped with a Firewall Services Module are affected. All FWSM software versions 2.x, 3.x and 4.x without the specific fix for this bug are vulnerable. In a security advisory, Cisco states that processing ICMP packets can lead a processor to use all available execution threads, with the result that the system will not forward any
  4. Eight Indicted For $22M Identity Theft Scam Against AT&T, T-Mobile Defendants allegedly hijacked customers' identities to steal millions of dollars in wireless gear Aug 20, 2009 | 05:08 PM By Tim Wilson DarkReading Eight defendants were arraigned in a Brooklyn court yesterday for allegedly using the stolen identities of AT&T, T-Mobile, and Asurion customers to steal some $22 million worth of wireless equipment and services. An indictment was unsealed in Brooklyn federal court yesterday morning charging Courtney Beckford, Gabe Beizem, Rawl Davis, Lennox Lambert, Marsha Montayne, Sau
  5. Aug19 2009 Facebook Applications Used For Phishing by Jonathan Leopando (Technical Communications) It would be easy to think that once someone has logged in successfully to Facebook—and not a phishing site—that the security threat is largely gone. However, that’s not quite the case, as we’ve seen before. Earlier this week, however, Trend Micro researcher Rik Ferguson found at least two—if not more—malicious applications on Facebook. (These were the Posts and Stream applications.) They were used for a phishing attack that sent users to a known phishing domain, with a page claiming that users n
  6. 19 August 2009, 17:12 Report: Web 2.0 site attacks on the rise In its bi-annual report the Web Application Security Consortium (WASC) has reported that attacks on Web 2.0 sites have increased significantly compared to last year. Over the last ten years, the report has analysed and commented on the information provided from the Web Hacking Incidents Database (WHID), a WASC project dedicated to maintaining a list of web applications related security incidents. According to the report, in the first half of 2009, attacks against Web 2.0 sites, such as social networking sites like the popular Twitt
  7. Cyveillance Testing: Leading AV Vendors Not Keeping Pace with Influx of Malware and Phishing Attacks More than half of active malware and phishing threats on the Internet continue to go undetected Aug 20, 2009 | 11:55 AM ARLINGTON, Va., August 18, 2009 -- Cyveillance, a world leader in cyber intelligence, today announced the availability of their "1H 2009 Cyber Intelligence Report," which reveals that traditional antivirus (AV) vendors and Web browser anti-phishing filters continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving threa
  8. Windows XP customers positive but split on Windows 7 Reading about it is enough By Gavin Clarke in San Francisco , 18th August 2009 A majority of Windows XP users are positive about Windows 7 but are split on whether to upgrade, with a large number keeping an open mind. That's according to preliminary results from a PC World and Technologizer survey of 5,000 Windows XP users, who also want Microsoft to keep offering their operating system of choice. Seventy per cent of Windows XP users that tried Windows 7 listed their reaction as very positive while 55 per cent who'd only read about the pla
  9. Social Networks Number One Web Attack Target Web Hacking Incidents Database (WHID) report finds that one-fifth of Web incidents are aimed at Web 2.0 sites in the first half of 2009 Aug 18, 2009 | 09:44 PM By Kelly Jackson Higgins DarkReading Most real-world Web attacks in the first half of the year hit Web 2.0 and social networking sites, according to a new report that logs actual attacks on Web applications. The Web Hacking Incidents Database (WHID) -- which tracks Web application-security related incidents that have been reported publicly -- in the first half of the year recorded a big j
  10. after reading this .. think I shall hide under the mattress & hope no one finds me. August 17, 2009 6:01 AM PDT How 10 digits will end privacy as we know it by Ari Juels Editors' note: This is a guest column. See Ari Juels' bio below. Internet denizens and urban dwellers alike need to recognize that an era of anonymity is ending. The population of the world stands at about 7 billion. So it takes only 10 digits to label each human being on the planet uniquely. This simple arithmetic observation offers powerful insight into the limits of privacy. It dictates something we might call th
  11. Microsoft's Browser Best at Beating Malware Gregg Keizer, Computerworld Microsoft's Internet Explorer 8 (IE8) again trounced rival browsers in a test of their malware-blocking abilities, catching 81% of attack code-infected sites, according to a testing company. IE8's skills at sniffing out malware sites improved by 17% since March, said Rick Moy, president of NSS Labs, the firm that conducted the benchmarks. The testing was sponsored by Microsoft's security team. IE8's improvement, and its dominance over competitors, could make some users reconsider their decision to abandon Microsoft's brow
  12. PandaLabs: 35 Million Computers Infected With Rogueware Each Month Rogueware is being distributed through Facebook, MySpace, Twitter, Digg, and targeted blackhat SEO attacks Aug 13, 2009 | 10:33 AM London, August 13, 2009: PandaLabs, Panda Security's malware analysis and detection laboratory, announce the general availability of a multi-year study that examines the proliferation of rogueware into the overall cybercriminal economy. The report, "The Business of Rogueware," by PandaLabs researchers, Luis Corrons and Sean-Paul Correll, reviews the various forms of rogueware that have been create
  13. New Virus Appears As Response To Craigslist Ad Currently undetected virus appears as a response to craigslist ad with link to fake "Picasa" photo album, according to Red Condor Aug 14, 2009 | 03:45 PM Rohnert Park, Calif. " August 13, 2009 " Email security experts at Red Condor are warning email users about a new virus currently undetected by most virus scanners. The virus is embedded in an email that appears to be a response to a craigslist advertisement. The email containing the virus, which was detected August 12, 2009 by Red Condor's Zero Minute Defense Network, includes the subject line
  14. Reader's Digest, caught industrywide advertising slump, to file for Chapter 11 Andrew Vanacore, THE ASSOCIATED PRESS August 17, 2009 NEW YORK - The publisher of Reader's Digest, the country's most popular general interest magazine, said Monday it will file for Chapter 11 protection with a plan to swap a portion of its debt for ownership of the company. Reader's Digest Association Inc., owned by the New York private equity firm Ripplewood Holdings since 2007, said Monday it has reached an agreement in principle with a majority of secured lenders to erase a portion of the US$1.6 billion they ho
  15. Software Updates Vulnerable To Hijacking Public Wi-Fi networks present a risk to connected users even if they're not surfing the Internet, thanks to applications that try to update themselves automatically. By Thomas Claburn InformationWeek The security risks posed by the use public Wi-Fi networks have been known for years, but even cautious computer users may be vulnerable to attack when connected to public Wi-Fi networks as a result of the widespread insecurity of automated software updates. In a recent presentation at the DEFCON security conference in Las Vegas, Radware security resear
  16. Windows 7: What A Lovely Hidden Interface Posted by Dave Methvin, Aug 15, 2009 11:25 AM Each time a new version of Windows comes out, Microsoft takes an opportunity to change user interface items that seemed to be working fine already. I call it "rearranging the furniture" because it often results in metaphorical stubbed toes. One example of this was renaming a Control Panel item from "Add/Remove Programs" in XP to "Programs and Features" in Vista. Well, they're at it again with Windows 7. I've been using Windows 7 for a couple of months, but I hadn't noticed the new features that Larry Oster
  17. New Virus Appears As Response To Craigslist Ad Currently undetected virus appears as a response to craigslist ad with link to fake "Picasa" photo album, according to Red Condor Aug 14, 2009 | 03:45 PM Rohnert Park, Calif. " August 13, 2009 " Email security experts at Red Condor are warning email users about a new virus currently undetected by most virus scanners. The virus is embedded in an email that appears to be a response to a craigslist advertisement. The email containing the virus, which was detected August 12, 2009 by Red Condor's Zero Minute Defense Network, includes the subject line
  18. E-Mail Crooks Target Webmail Accounts A wicked e-mail scheme uses your Webmail address--and your contact list--for scams. Erik Larkin, PC World magine having to explain an e-mail message that asks your friends for money--a message sent from your Webmail account. (Webmail refers to any e-mail service you use via a Web browser rather than through an e-mail client.) That's exactly what's happening: Scammers are breaking into such ac­­counts and, from those addresses, sending e-mail messages to the victims' entire contact list. The messages often tout a Web site (such as an e-commerce site), or ev
  19. 14 August 2009, 12:44 Bot network uses Twitter Apparently, the current hype about Twitter has not passed malware writers by. Jose Nazario of Arbor appears to have discovered a bot-net that users the Twitter micro-blogging service for its communication. In a blog entry, Nazario tells of a Twitter account "upd4t3" (leet-speak for "update") whose messages seem to be Base64 encoded. He suspects the account may be used to control a bot network through allowing its clients to pick up orders. The concept is not entirely new; in 2007, The H reported on a trojan using Web-2.0-sites like MySpace for co
  20. Original Jackson glove to be sold for charity The original glove worn by Michael Jackson when he unveiled his famed moonwalk and performed Billie Jean at the Motown 25th anniversary TV special is set to be sold at a November auction benefiting a music charity. "The world should see this. This is the first," said Walter Clyde Orange, a founding member of singing group the Commodores, to whom Jackson gave the glove after the legendary performance. "Just for the world to see it, that means the world to me," he said, adding that he hoped the iconic glove would end up at an institution like the Roc
  21. 14 August 2009, 12:14 Critical vulnerability in the Linux kernel affects all versions since 2001 Google security specialists Tavis Ormandy and Julien Tiennes report that a critical security vulnerability in the Linux kernel affects all versions of 2.4 and 2.6 since 2001, on all architectures. The vulnerability enables users with limited rights to get root rights on the system. The cause is a NULL pointer dereference in connection with the initialisation of sockets for rarely used protocols. A pointer structure usually defines what operations a socket supports, for example accept, bind and so
  22. eBay To App Developers: Change Your Passwords Security risk could allow bad guys to access eBay's Developers Program user accounts Aug 12, 2009 | 02:24 PM By Kelly Jackson Higgins DarkReading eBay is warning members of its Developers Program to change their passwords on the developers' program site due to a newly discovered threat to their accounts. "eBay has recently identified a means by which someone could gain access to eBay Developers Program account information," blogged Kumar Kandaswamy, manager of the eBay Developers Program. Kandaswamy said the unauthorized access on the site won'
  23. 12 August 2009, 09:27 Apple releases security update for Safari Apple have released Safari 4.0.3, a security update for the Safari web browser, to address a number of issues. Six problems are addressed; critical bugs, including a heap buffer overflow in CoreGraphics when drawing long text strings and a buffer overflow when handling EXIF metadata on Windows XP and Vista which may lead to arbitrary code execution or crashes. Another buffer overflow, this time in WebKit, affects Windows and Mac OS X, and could lead to crashes or malicious code execution. Other issues include the ability for a mal
  24. We all at one time or another we change our cell phone servers. Right? We also end up with a drawer full of cell phones and wonder what to do with them. It is a foregone conclusion that these cell phones contain contact numbers, email addresses, passwords & more. Naturally, you do not want to throw out these cell phones into the dumpster because it is not beneath criminals to search for them there in order to steal your information, so as a result we toss them into a drawer or cardboard box. While searching for something totally unrelated on the internet I came across a free software that
  25. Microsoft Security Bulletin Minor Revisions Issued: August 12, 2009 ******************************************************************** Summary ======= The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS09-043 - Critical * MS09-042 - Important * MS09-039 - Critical * MS09-037 - Critical * MS09-035 - Moderate Bulletin Information: ===================== * MS09-043 - Critical - http://www.microsoft.com/technet/security/...n/ms09-043.mspx - Reason for Revision: V1.1 (August 12, 2009): Corrected the restart requirement for