ISR News: Google’s Top 10 Malware Sites

Excerpts From IT Pro

Google identifies the ten domains responsible for compromising the most number of sites on the internet. In response to a recent surge in websites being infected with malware, Google has revealed the top ten most popular malware sites in the last couple of months.

ISR News: Credit Card Fraud Explodes

Excerpts From PC World

In 2008, 39 percent of victims saw such charges, more than twice the 15 percent from 2007, according to the study. Opening a new credit account in the victim’s name is still the most common use of a victim’s identity, involving about two-thirds of all ID theft cases. The data is based on the experiences of ID theft victims who contact the ITRC.

ISR News: Twitter Gets Phished Hard

Excerpts From CIO

Both Twitter and Facebook have been hit with phishing attacks in recent days. “The social networking attacks are becoming increasingly common,” said Jamie De Guerre, chief technology officer with antispam vendor Cloudmark. “Spammers are really moving to attack social networks because of the popularity of the social networks and also because they’re not as well defended as most e-mail platforms.”

ISR News: MasterCard’s New P2P Platform

Excerpts From Finextra

Senders initiate transfers to any domestic mobile phone number via SMS message, mobile Web browser or a downloadable MoneySend application. Upon initiation of the transfer, the sender approves the request by entering the MoneySend mobile PIN which only the accountholder knows. Pre-registered recipients then receive a text message confirmation of the transfer. Non registered users get an SMS informing them the payment is pending.

ISR News: Twitter Security Exploit Active

Excerpts From PC World

The “Twitter porn names” game, currently Twitter’s top-trending topic (things that are twittered the most), may be a fun distraction that gives you and your friends something to tweet about. But it also has a security hole — one that is no technical snafu. It could be simple human error, but it’s also possible that this security hole is an example of truly sneaky social engineering.

ISR News: Cybercrime Targets Consumers

Excerpts From Broadband Finder

One expert has advised consumers and web users to be extra vigilant as tough economic times could lead to some people committing acts of cyber crime. A spokesman for Unisys, an international company which specialises in a host of information technology solutions, said even people who you may think are not capable of such deeds could be tempted as the recession continues.

ISR News: Google Adsense, Bank Hijacked

Excerpts From WashingtonPost.com

DNS based attacks can be devastating because they undermine everything we take for granted about Web browsing. Late last year, attackers hijacked the DNS records of Checkfree.com, the largest online bill-paying service, redirecting would-be visitors to a site in Ukraine that served up malicious software.

ISR News: Cybercrime’s Clever Evolution

Excerpts From SecurityFocus.com

“This has led to the successful execution of complex attack strategies previously thought to be only theoretically possible,” the report’s authors said. “As a result, our 2008 caseload is reflective of these trends and includes more targeted, cutting edge, complex, and clever cybercrime attacks than seen in previous years.”

ISR News: 1.9M Infected by Stealth BotNet

Excerpts From PCWorld.com

The malware spreads when victims visit compromised websites. Then hackers can remotely control the malware to execute almost any command on the end-user computer as they see fit, such as: reading emails, copying files, recording keystrokes, sending spam, making screenshots, Finjan claims. “The sophistication of the malware and the staggering amount of infected computers proves that cybergangs are raising the bar.”

ISR News: UK to Store Internet Use Data

Excerpts From ZDnet.co.uk

“It’s not necessary to retain all of that data,” he said. “Once the data is held under this particular regime, you will probably find it will be used for a whole range of other purposes, just as RIPA has been,” Davies said. “With data preservation, what would not have occurred is the gross infringement of local authorities using that data to investigate dog-fouling or littering.”

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (113)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (601)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (310)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (587)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (373)
  • Greg George (5)
  • H1N1 (15)
  • hackers (539)
  • healthcare (134)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (535)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (38)
  • Insider Threat (490)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (71)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (501)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (211)
  • national security (453)
  • PCI (308)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (552)
  • Rachel James (10)
  • reach (11)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (502)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (101)
  • Webcast (49)

• ISR Headline Index

  • Hackers Lurking in Hotel Networks
  • 7 Month Vulnerability in Windows Virtual PC
  • How to Secure a Cisco Router
  • On HTML Insecurities…
  • When Social Networking Clashes with Security
  • Spam Block: Public Servants or Vigilantes?
  • Sticky Situations in Social Media
  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs