British authorities have launched an investigation into the recent cyberattacks that crippled Web sites in the U.S. and South Korea, as the trail to find the perpetrators stretches around the world. (source: Computerworld) - RSS and News widget on Feedzilla.com
Read more »Microsoft Patches Nine Security Flaws
Microsoft Corp. today issued software updates to plug at least nine different security holes in its various Windows operating systems and other software. Today's patch batch includes fixes for two very serious flaws that are actively being exploited by attackers to break into vulnerable PCs. Redmond issued patches to fix the vulnerability in itsVideo ActiveX Control for Internet Explorer, as well as the DirectShow flaw in Windows. Criminals currently are using both security holes to plant rogue software on PCs when users visit certain hacked or malicious Web sites. Contrary to what Microsoft itself said, the company did not release an official patch to plug the other ActiveX flaw hackers are actively exploiting -- which I first wrote about yesterday. Instead, it has released an interim workaround to blunt the threat from that weakness. Unfortunately, someone at Redmond seems to be a little confused about this point. In its advisory,
Vuln: Hitachi Web Server Client SSL Certificate Handling Unspecified Vulnerability
Hitachi Web Server Client SSL Certificate Handling Unspecified Vulnerability
Read more »U.S. And S. Korea Attacks: "Source Located In United Kingdom"
When the U.S. and South Korea became victims of cyber attacks last week, logic and not a little evidence pointed to North Korea as the culprit. However, a new report traces the attacks to the U.K., instead.
U.S. And S. Korea Attacks: Source Located In U.K.
Bkis, a Vietnam-based security company, stated on its corporate blog, "In order to locate the source of the attacks, we have fought against C&C servers and have gained control of 2 in 8 of them. After analyzing the logs of these 2 servers, we discovered the IP address of the master server, which is 195.90.118.xxx. This IP is located in UK."
Bkis then sprung another surprise by painting the attacks as being far more powerful than experts first thought.
The blog post continued, "During the past few days, the number of zombies has been estimated to be 50,000 by Symantec and about 20,000 by Government of South Korea. But, by taking control of two C&C servers and analyzing logs on these servers, we count the exact number of zombies that have been querying C&C servers to receive commands. . . . [T]here have been 166,908 zombies from 74 countries around the world that have been used for the attacks."
Read more »SSL certificates used by phishers in hacking toolkits
Symantec is tracking the use of phishing toolkits that hack a Web server and use stored SSL certificates to masquerade as a legitimate site.
Read more »Turkish government site hacked amid spat with China
An attacker who defaced the Web site of Turkey's embassy in China on Monday left behind a pro-China note as the two countries worked through a diplomatic spat.
Read more »Stopgap Fix for Critical Firefox 3.5 Security Hole
Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, Security Fix is posting instructions to help readers protect themselves from this vulnerability. The security hole has to do with a flaw in the way Firefox 3.5 handles Javascript, a powerful programming language heavily used on popular Web sites. Specifically, the vulnerability was introduced with the addition of the Tracemonkey, a new feature in 3.5 that is designed to dramatically speed up the rendering of Javascript. Vulnerability watcher Secunia rates this flaw "highly critical," noting that it is the type of flaw that criminals could use to remotely install rogue software, merely by convincing users to visit a hacked or booby-trapped Web site. Fortunately, there is a relatively easy fix for this that can be reversed once
Bringing campus banking to community colleges
Community colleges haven’t always been considered ideal candidates for campus banking services. That’s changing. Partnerships between banks and the two-year schools through their student ID cards, are out there and brick and mortar facilities are showing up on campus as well.
CR80News’ 2008 campus card banking partners survey identified at least 10 partnerships between banks and ID programs at community colleges or community college districts.
Still, community colleges and their bank partners face challenges.
Since many community colleges don’t require a student to obtain an ID card, banks and colleges have to come up with ways to make the card attractive to students. Linking it to a bank is one of those ways because it means additional services, such as ATM and debit card capability.
Another challenge is that since community college students are typically older than those attending four-year schools, many students are already tethered to a bank and are reluctant to change.
Read more »Microsoft Warns of New Attack as Patch Tuesday Nears
Microsoft is warning of limited attacks targeting a vulnerability in Microsoft Office Components. The warning comes the day before Patch Tuesday, which this month is slated to include fixes to a number of critical vulnerabilities. - On the eve of Patch Tuesday, Microsoft is warning users about a flaw in Microsoft Office Web Components that is under attack.
Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing and viewing charts, spreadsheets, and databases on the Web. In thi...
Microsoft warns of new Office Web Components vulnerability
A Spreadsheet ActiveX Control vulnerability in Microsoft Office Web Components is being actively exploited by attackers.
Read more »