ISR News: Google Adsense, Bank Hijacked

Excerpts From WashingtonPost.com

DNS based attacks can be devastating because they undermine everything we take for granted about Web browsing. Late last year, attackers hijacked the DNS records of Checkfree.com, the largest online bill-paying service, redirecting would-be visitors to a site in Ukraine that served up malicious software.

ISR News: 33% Would Steal Sensitive Data

Excerpts From CIO.com

“Criminals are very adept at finding the vulnerable workers who can be tempted into betraying their employers, therefore, organisations should ensure that they have trained their people to protect sensitive information and have adequate technology and processes in place to help them enforce security policies that comply with current regulation and legislation,” said Tamar Beck, group event director, Infosecurity Europe.

ISR News: Federal Reserve Tech Arrested

Excerpts From CIO.com

A former IT analyst at the Federal Reserve Bank of New York and his brother were arrested Friday on charges that they took out loans using stolen information, including sensitive information belonging to federal employees at the bank.

ISR News: DOD’s Cyber Warfare Command

Excerpts From InformationWeek.com

Last week, Secretary of Defense Robert Gates testified that the military had spent $100 million on cybersecurity in the last six months alone responding to attacks, which are on the rise. Federal agencies reported to the U.S. Computer Emergency Readiness Team that they had been victims of 18,050 cybersecurity attacks in fiscal 2008, more than triple the number from 2006.

ISR News: Credit Card Cloners Steal £3.5m

Excerpts From Finextra.com

The accused allegedly went on a spree between 28 September and 8 October last year as Barclaycard migrated cardholders from the Goldfish credit card business it acquired from Discover Financial Services earlier in the year.

ISR News: Tech Layoffs Reach 2002 Levels

Excerpts From Forbes.com

It’s ugly out there in tech land. The recession has so far forced Yahoo! and Microsoft to lay off thousands; Oracle, Intel, Cisco and others are pruning their workforces too. Even the august Google has pared away at least 200 jobs in sales and several thousand part-time contractor jobs.

ISR News: Sustained Attacks on Register.com

Excerpts From WashingtonPost.com

The outage was the result of what’s known as a distributed denial of service (DDoS) attack, in which attackers cause hundreds or thousands of compromised PCs to flood a target with so much junk traffic that the Web site can no longer accommodate legitimate visitors. Typically, DDoS attacks are waged as a way for criminals to extort money from the targets, who are told the attack will cease when a ransom demand is paid.

ISR News: PowerPoint Hit By Zero-Day Hack

Excerpts From PC World

Malicious PowerPoint files (.ppt) are currently being used to exploit a newly reported security hole in the Office app. The isn’t yet any patch available for the zero-day flaw, but Microsoft says the attacks are currently limited and targeted.

ISR News: Contractor Steals 1600 Identities

Excerpts From Nashville City Paper

A former child support worker was arrested after attempting to sell the personal information — including names, Social Security numbers and bank account numbers — of 1,600 people.

ISR News: Next-gen SQL Injection Flaws

Excerpts From The Register

Research to be presented at the Black Hat security conference in Amsterdam later this month will show how so-called SQL injection attacks open the door to much more serious exploits that give hackers unfettered access to a website’s database and the operating system that runs it. Penetration tester Bernardo Damele Assumpcao Guimaraes says his techniques prey on design flaws in three of the most popular databases, including MySQL, PostgreSQL, and Microsoft SQL Server.

Next Page »

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (114)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (602)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (311)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (588)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (374)
  • Greg George (5)
  • H1N1 (15)
  • hackers (540)
  • healthcare (135)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (536)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (39)
  • Insider Threat (491)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (72)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (502)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (212)
  • national security (454)
  • PCI (309)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (553)
  • Rachel James (10)
  • reach (12)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (503)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (102)
  • Webcast (49)

• ISR Headline Index

  • Why We Did It and Don’t Want Any Money
  • Hackers Lurking in Hotel Networks
  • 7 Month Vulnerability in Windows Virtual PC
  • How to Secure a Cisco Router
  • On HTML Insecurities…
  • When Social Networking Clashes with Security
  • Spam Block: Public Servants or Vigilantes?
  • Sticky Situations in Social Media
  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs