security_watchdog

Cyber-crooks sting South Africa for £13m

2008-06-11T23:06:18Z

A cyber-crime syndicate is believed to have defrauded the South African government of more than £12.8m in a series of spyware frauds.

The fraud went undetected for three years.

The fraudsters appeared to use a sophisticated combination of attacks that consisted of a physical device and a malware component, as witnessed by the fact they have been getting away with their crimes for nigh on three years, according to Tier-3.

Geoff Sweeney, chief technology officer at IT security vendor Tier-3, warned that, in common with more sophisticated IT security attacks, frauds of this nature are very difficult to stop using a traditional single line of defence.

"Companies need to rethink their strategy in the light of the increasing sophistication on the part of the fraudsters," he said.

Public wants data breach legislation

2008-06-08T21:45:35Z

Public demand for EU or UK legislation mandating the disclosure of data breaches is growing.

The results of a survey from Symantec and Ipsos Morishowed that 96 per cent of the general public would want to be notified in the event of their personal details being lost or stolen. The loss of bank account details topped the list for notification at 85 per cent, followed by passport number at 52 per cent.

Hong Kong becomes most dangerous domain

2008-06-04T23:07:36Z

The Hong Kong .hk domain has jumped 28 places to the most dangerous domain to surf and search on the web according to security experts this week.

Antivirus firm McAfee said Hong Kong takes the mantle from Tokelau, a tiny island of 1,500 inhabitants in the South Pacific.

According to the vendor, 19.2 per cent of all web sites ending in the .hk domain pose a security threat to web users. China (.cn) is second this year with over 11 per cent.

By contrast Finland (.fi) remains the safest online destination for the second year with 0.05 per cent, followed by Japan (.jp).

Scammers targeting LinkedIn

2008-05-22T21:59:27Z

We've been hearing about this for a while already, but Sophos is warning that scammers, particularly of the 419 variety are using LinkedIn to send their messages.

The trick is that using LinkedIn allows scammers to bypass corporate spam filters.

New botnet appears

2008-05-21T22:24:26Z

A new botnet which specialises in sending out phishing spam has prompted security experts to call for enterprises to review their security protection.

The Asprox botnet uses a SQL-injection attack tool to hack websites and add yet more hijacked PCs to its army.

Security experts confirm Linux vulnerability

2008-05-20T22:57:25Z

Security experts have confirmed a suspected vulnerability in the Debian and Ubuntu Linux operating systems.

Application vulnerability specialist Fortify Software confirmed the findings of a research posting to the Debian security list last week, which details a critical security vulnerability in the OpenSSL packages within Debian and Ubuntu.

Fredrick Lee, a researcher with Fortify, said that the posting actually understates the potential seriousness of the flaw, which affects the Open Secure Sockets Layer.

"We're calling this vulnerability `insecure randomness' since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions," he said.

Cyber bullying a common problem

2008-05-19T22:49:41Z

There's been plenty of high profile cases recently where cyberbullying has been identified as the cause of injury and even death. Bullying on the internet and mobile phones is an increasingly common problem among today's youth, according to new research.

A recent study by the US National Crime Prevention Council and research firm Harris Interactive found that more than 43 per cent of US citizens aged 13-17 have experienced cyber-bullying in the past year.

Just last week, a US woman was indicted on federal charges of fraudulently using a MySpace account to pose as a teenaged boy. Prosecutors allege that her actions ultimately caused a 13 year-old girl to commit suicide.

Google Streetview coming to Europe

2008-05-18T16:25:47Z

With blurry faces apparently.

European Union regulators have warned Google that its controversial Street View application could contravene EU privacy laws. The service generated controversy when it was found that the photos often displayed individuals on the street and inside buildings.

Street View is protected from litigation under US laws, although Google allows homeowners to request that photos of their dwellings be taken down from the service.

kraken botnet awakes

2008-05-05T17:43:49Z

A new global botnet menace dubbed Kraken is taking over from the once huge Storm malware network.

The new botnet has usurped Storm as the largest on the web, and there are suggestion that even Storm's operators are moving on to the new piece of malware for their operations.

The Storm botnet has shrunk to a twentieth of its previous size, according to security firm MessageLabs.

Spammers target Grand Theft Auto fans

2008-05-01T06:39:06Z

Gamers desperate to get their hands on Grand Theft Auto IV are being targeted by spam offering free entry to a 'competition' to win a PlayStation 3 and a copy of the much lauded game.

However, the illicit emails actually contain spyware and Trojans designed to steal personal financial information and attack victims' computers.

Infected site found every 5 seconds

2008-04-23T06:36:25Z

A new malware infected webpage is being discovered every five seconds, security experts warned this week.

Sophos identified an average of more than 15,000 newly infected web pages each day from 1 January to 31 March 2008, and 79 per cent of these malware-hosting sites are found on legitimate websites that have been hacked.

In contrast, just one in every 2,500 emails is now infected, compared to one in every 909 in 2007.

Remote workers biggest security threat

2008-04-13T16:52:24Z

Remote and branch workers are judged to be the highest security risks by IT managers, according to research from Blue Coat Systems.

While remote workers were voted least likely to use bandwidth for non-business uses, they were seen as the main protagonists in introducing malware onto the corporate network, with 50 per cent of network managers and 48 per cent of security managers naming them as most likely to introduce malware.

HP hardware infected by virus

2008-04-10T21:56:57Z

HP has issued a security notice after USB keys shipped with some of its ProLiant servers were found to have been infected with viruses. "This vulnerability could cause a local 'W32.Fakerecy' or 'W32.SillyFDC' virus infection," the company said.

The W32.Fakerecy is written primarily for removable drives and was first reported last year. W32.SillyFDC is also adapted for removable drives but can also be used to download more malicious files onto an infected machine.

Red Hat opens up security code

2008-03-24T21:39:19Z

In a bid to prove that open source software is more secure, Red Hat is freeing up the source code behind its identity management and security platform. The move is seen as offering a carrot to developers who will be more likely to embrace open source if they can more easily integrate their technology with Red Hat's security and network management products.

Another data loss

2008-03-11T23:37:36Z

This time a USB memory stick containing 165,000 pages of suspects' details has been found by a member of the public outside a betting shop in Stevenage. The data was unencrypted and the finder was able to access all the information when he plugged it into his PC.

Good job the finder was a good citizen and handed it in.