normal-brittany-murphyEver since the news of Brittany Murphy’s untimely death has made its rounds, the internet has surged with search queries under her name. Never missing an opportunity, hackers have used her death as a new method of performing Black Hat SEO attacks for directing web site visitors to scareware portals.

These attacks can easily affect Windows users who search for Brittany Murphy and click on one of the many links to poisoned search results. These search results expose the user to a fake anti-virus scan. The fake anti-virus scan is designed to make users panic into downloading rogue anti-virus software with little or no value.

Read More →

fbwormThe more popular Facebook becomes, the more dangerous it becomes to use. As if you didn’t already have to be wary of Facebook’s emails, now a worm is spreading via Facebook user’s walls. According to anti-virus maker, AVG, the worm spreads when users click on a provocative photo that is being placed on infect dusters walls. By clicking on that image, users are then opening themselves up to attack.

Below is an explanation of how this nasty works according to one of AVG’s bloggers:

“For those unfamiliar with Facebook (is there anyone other than me in that set?) the thumbnail of the worm’s infective page is a link to the page. The worm’s objective, of course, is that others viewing the victim’s wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim’s wall, and so on…
This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post and clicked on the “Share” button to confirm the post.”


(Via Mashable)

Read More →

faaA computer glitch at the Federal Aviation Administration (FAA) has caused the automated flight plan system to crash, forcing airports to revert back to manually entering the flight takeoff and landing data. This caused airports around the country to slow down to around 40%-50% of what they could accomplish in a day. All of their flights have been delayed, and some even canceled.

Officials are not sure what caused this crash, but  they say this system is the same one that previously crashed in August of 2008.

“The system — the National Airspace Data Interchange Network, or NADIN — appears to be the same one that failed in August 2008. The FAA said flight plans are being processed through the network’s Salt Lake City, Utah office,” -CNN

(Via BusinessPundit)

Read More →

1026_barackobama_pass_398x206A blogger who prefers to remain anonymous, has successfully hacked into Barack Obama’s campaign site, BarackObama.com. It appears that the blogger did not have any malicious intent by making the hack known to the public, but rather he released the information about the attack in order to bring attention to the site’s lack of database security.

Read More →

uscyberchallengeInstead of prosecuting hackers, the US government is hoping to wrangle these people into working for the US government. Organizers of the event called the US Cyber Challenge, invited 10,000 of America’s best computer whizzes in an attempt to persuade them from illegal activities and turn them into security “top guns.” A similar conference is planned for next year in Britain.

Entrants are asked to play a series of video games to highlight their potential hacking skills. Using games to look at the kids’ abilities, the kids are asked to analyze hard drives, collect evidence, and extract passwords from the computer.

If eventually recruited, they could earn up to six figures from the US government.

“Government and business need more and better security experts to protect intellectual property and business continuity and keep private communications private,” Judy Baker, a security consultant and organizer of the UK branch stated.

The winner of the first US Cyber Challenge was 17-year-old Michael Coppola from Connecticut. What sealed the deal was his ability to break into the scoring system to award himself 10,000 extra points.

(The TimesOnline)

Read More →

gmail-security-issue-300x300Google’s Gmail has become the target of an industry-wide phishing scam. Phishing is when hackers create fake websites in an attempt to get voluntary information like e-mail or bank account passwords. Although this particular phishing scheme originally targeted Hotmail accounts, BBC News has seen lists detailing more that 30,000 Gmail accounts that have been hacked into and posted online.

A Google spokesperson stated “We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts. As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.” The company spokesperson stressed the fact that the attack was “not a breach of Gmail security.”

Google discovered the scam after a list of 20,000 victims emerged containing Hotmail, Aol, Yahoo, and Gmail accounts. Though some of the accounts are unused or fake, it has been confirmed that several of the accounts are real and are in use daily. A spokesperson for Microsoft stated that phishing was an “industry-wide problem.” A Yahoo spokesman urged customers to “take measures to secure their accounts whenever possible, including changing their passwords.”

The biggest risk according to a study by Sophos Security firm, was the fact that 40% of people use their e-mail passwords for every other website they have an account with, making hacking almost easy. Carole Theriault, a Sophos employee, told BBC News “Getting access to one password can give someone access to lots of things. People need to see a difference between an online bank account and booking cinema tickets online.” It is important for computer users to install and continually download updates for their security systems to help protect against scams like these. Users should also be wary of the links given to them in e-mails from people they don’t know and even the ones they do.

(Via BBC News)



Read More →

hitbmalaysiaHackers around the world have stepped up their game by targeting computer applications and services hosted on the Internet such as mobile services and social networking sites like Twitter and Facebook. To combat this development, IT professionals and government officials held a conference in Kuala Lumpur called Hack In The Box that aimed to address the growing concerns in cyber security.

Hackers have been enjoying time in their new playground dubbed “the cloud,” which refers to computer applications and services hosted on the Internet. Dhillon Andrew Kannabhiran, the host of the Hack In The Box conference said, “The focus [of security] is definitely moving towards ‘the cloud’ and to the security of embedded devices (Android, iPhone) to more advanced client-side attacks which leverage on Web 2.0 technologies, such as attacks on Facebook, Twitter and other popular sites.” The conference this week hopes to spend specific time attacking this problem specifically.

Read More →

screen-option-alarmA while back we talked about technologies designed to deal with laptop theft. Here is yet another way to keep your laptop safe by using a simple software application that can help stop a laptop theft in its tracks and also guarantee that your data is safe if it should ever be stolen. The software is called, LAlarm, and it utilizes audible alarm systems, data retrieval, and remote deletion technology to make sure that your laptop and its data remain safe and secure.

The protection begins with the software’s alarm system that notifies you whenever your laptop is taken outside a predetermined safe area, it also sounds an alarm when your laptop has been left alone for too long. As a bonus, LAlarm even helps you save battery life on your laptop by notifying you when your battery is close to depletion. It can also send an alert to a users cellphone notifying them whenever one of the alarms is triggered, effectively guaranteeing that a laptop owner remains in the know at all times. But probably the best feature that LAlarm has to offer is its data recovery and deletion. This feature allows a user to delete and recover information from a laptop that has been stolen.

Read More →

facebook_hacked_by_koobface_mk2_virus_xlarge With the exponential growth of Facebook and Twitter comes the seemingly unstoppable growth of malware spyware and computer hacking. As the use of one rises, so does the other. As a result, social networking sites are coming under constant harassment from malicious programs designed to steal passwords and other personal information.

Yuval Ben-Itzhak, technology chief at a small security software vendor Finjan, has stated that “Cyber criminals continue to follow the money. With the combination of using sophisticated Trojans for the theft and money mules to transfer stolen money to their accounts, they minimize their chances of being detected.”

Symantec Corp has also stated that the use of spam email messages has also increased greatly in the third quarter. According to company reports, the amount of spam emails being sent out has risen to 88.1 percent from last year’s 81 percent. Furthermore, reports show that botnets are now responsible for sending 87.9 percent of all spam.

Read More →

macvirusA group of Russian spammers paid hackers 43 cents for each Mac computer infected with a virus, showing that Macs have become a target for the spammers.

Sophos researcher Dmitry Samosseiko explains that this Russian spamming mob,  “The Partnerka,” collects hundreds of thousands of dollars from infecting computers with malware or what he calls “scareware.” A portion of this group is directing their efforts at Macs.

“Mac users are not immune to the scareware threat,” said Samosseiko in the research paper that he released at the Virus Bulletin 2009 in Geneva, Switzerland. “In fact, there are ‘codec-partnerka’ dedicated to the sale and promotion of fake Mac software.”

Hackers are offering 43 cents for each malicious install on Macs.

“The growing evidence of financially-motivated criminals looking at Apple Macs as well as Windows as a market for their activities, is not good news — especially as so many Mac users currently have no anti-malware protection in place at all,” said Graham Cluley, a senior technology consultant at U.K-based Sophos, in a blog entry Thursday.

Although rare, Mac threats do exist and should be explored by Apple. Until then, be careful what you click on.

(Via ComputerWorld.com)

Read More →