About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Archive: October 2008

Virtual Heist Nets 500,000+ Bank, Credit Accounts

A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be...

By Brian Krebs | October 31, 2008; 7:00 AM ET | Comments (12)

GAO: Localities Expose Social Security Numbers Online

Many county governments across the U.S. are providing citizen's full or partial Social Security Numbers available online or in bulk to private companies, according to a Government Accountability Office report released last week. At a time when states are seeking...

By Brian Krebs | October 30, 2008; 11:20 AM ET | Comments (1)

ICANN De-Accredits EstDomains for CEO's Fraud Convictions

The entity responsible for overseeing the Internet's domain name system said Tuesday that it was revoking the right of registrar EstDomains.com to process new domain names, citing the company CEO's recent conviction on cyber crime charges. The move by the...

By Brian Krebs | October 29, 2008; 11:11 AM ET | Comments (5)

Java Update Promises to Remove Older Versions

Sun Microsystems has released another version of its Java software client. The update, JRE6 Update 10, contains no new security fixes to the most recent version, JRE6 Update 7, but it does appear to fulfill a promise the company made...

By Brian Krebs | October 27, 2008; 7:05 AM ET | Comments (17)

Data-Stealing Trojan Exploiting Just-Patched Windows Flaw

Microsoft Windows users who have not yet applied the security update that Redmond released yesterday should take a minute to do that now: Security experts are warning that at least one Trojan horse program with apparent spreading capabilities is in...

By Brian Krebs | October 24, 2008; 2:56 PM ET | Comments (7)

Microsoft to Issue Emergency Security Update Today

Microsoft said late Wednesday that it plans to break out of its monthly patch cycle to issue a security update today for a critical vulnerability in all supported versions of Windows. Redmond rarely releases security patches outside of Patch Tuesday,...

By Brian Krebs | October 23, 2008; 10:58 AM ET | Comments (12)

A Primer on Web Browser Privacy Tools

The biggest contenders in the Web browser wars have been tripping over themselves to offer new privacy protections for users, and that's largely a good thing. But making sense of these features is a bit like trying to compare mobile...

By Brian Krebs | October 22, 2008; 3:11 PM ET | Comments (1)

FBI, FTC Take Down Scammers & Spammers

I was traveling to speak at a couple of conferences most of the past week, so I missed out on covering some of the bigger cyber-security justice developments to come in a long while: The FBI announced it has busted...

By Brian Krebs | October 22, 2008; 8:30 AM ET | Comments (9)

Adobe Flash Patch Addresses 'ClickJacking' Flaw

Adobe last week issued a critical update for its Flash multimedia player, including a fix for a dangerous class of vulnerabilities that gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable....

By Brian Krebs | October 20, 2008; 5:00 PM ET | Comments (17)

Atrivo Shutdown Hastened Demise of Storm Worm

The infamous Storm worm, which powered a network of thousands of compromised PCs once responsible for sending more than 20 percent of all spam, appears to have died off. Security experts say Storm's death knell was sounded by the recent...

By Brian Krebs | October 17, 2008; 4:11 PM ET | Comments (4)

Report: Russian Hacker Forums Fueled Georgia Cyber Attacks

An exhaustive inquiry into August's cyber attacks on the former Soviet bloc nation of Georgia finds no smoking gun in the hands of the Russian government. But experts say evidence suggests that Russian officials did little to discourage the online...

By Brian Krebs | October 16, 2008; 3:15 PM ET | Comments (42)

Microsoft's Patch Tuesday Includes New Rating Index

Microsoft today released 11 software updates to fix at least 20 security flaws in its Windows operating systems and other software. Windows users can grab the latest updates from Microsoft Update or by turning on Automatic Updates. This month's bundle...

By washingtonpost.com Editors | October 14, 2008; 5:41 PM ET | Comments (8)

Security Software Suites No Match for Custom Attacks

The all-in-one security software suites from the major anti-virus vendors fail spectacularly at detecting custom-made malware that exploits the latest software vulnerabilities, according to testing done by security analysis firm Secunia. Secunia tested how well nearly a dozen security suites...

By Brian Krebs | October 13, 2008; 4:44 PM ET | Comments (14)

Microsoft Stock Price Routinely Dinged by Security Patches

Microsoft's stock price suffers more than usual on days that it ships software updates to plug security holes, new research suggests. With few exceptions, Redmond issues security updates on the second Tuesday of each month. Microsoft implemented what's known as...

By Brian Krebs | October 13, 2008; 8:21 AM ET | Comments (11)

Phishers, Virus Writers Exploit Global Financial Crisis

Security experts and the federal government are warning that scam artists are leveraging public concern over the global financial crisis to steal sensitive financial data and spread malicious software. In an alert posted Thursday, the Federal Trade Commission urged Internet...

By Brian Krebs | October 10, 2008; 4:43 PM ET | Comments (1)

Apple, Opera Ship Security Updates

Apple on Thursday released software updates to fix a slew of security issues in computers powered by its OS X operating system. Separately, a new version of the Opera Web browser is available that addresses a pair of serious security...

By Brian Krebs | October 10, 2008; 11:17 AM ET | Comments (1)

Spam Volumes Plummet After Atrivo Shutdown

Security Fix has spilled quite a bit of digital ink chronicling the demise of Atrivo (a.k.a. "Intercage"), a now-defunct Northern Calif. based Internet service provider that served as home base for a large number of cyber criminal operations. Happily, data...

By Brian Krebs | October 9, 2008; 1:33 PM ET | Comments (21)

Spear Phishing Scam Targets LinkedIn Users

About 10,000 users of LinkedIn.com, the social networking site for professionals, recently were targeted by a tailor-made scam that urged recipients to open a malicious file masquerading as a list of business contacts. Most e-mail-based malware attacks and phishing campaigns...

By Brian Krebs | October 8, 2008; 4:31 PM ET | Comments (11)

Son of Tenn. Lawmaker Indicted in Palin E-Mail Hack

The son of a prominent Democratic Tennessee state lawmaker was indicted Tuesday on charges of hacking into the Yahoo! Web mail account of Alaska Gov. Sarah Palin. David C. Kernell, 20, of Knoxville, was indicted by a federal grand jury...

By Brian Krebs | October 8, 2008; 1:47 PM ET | Comments (182)

Spammers Favor Obama Over McCain 7 to 1

While political polls may show Sens. Barack Obama and John McCain locked in a close race for the White House, junk e-mail purveyors have a clear favorite. According to research by Secure Computing, spammers are seven times as likely...

By Brian Krebs | October 7, 2008; 10:09 AM ET | Comments (44)

Report: Data Breaches Expose About 30M Records in '08

U.S. corporations, governments and universities reported a record 516 consumer data breaches in the first nine months of this year, incidents prompted chiefly by hackers and employee theft, according to a report released today by a nonprofit group that works...

By Brian Krebs | October 6, 2008; 12:01 AM ET | Comments (6)

New State Laws Target Data Encryption, RFID Tracking

The states have been busy of late enacting laws that address a broad spectrum of security protections, from outlawing radio frequency identification (RFID) tag tracking to requiring organizations to encrypt sensitive data whether it is stored on a computer or...

By Brian Krebs | October 3, 2008; 12:36 PM ET | Comments (12)

House.gov Still Plagued by E-mail Deluge

A glut of e-mail from constituents and special interest groups continued to pose problems for the Web sites for members of the U.S. House of Representatives on Thursday, as millions of Americans attempt to voice their opinions on the financial...

By Ju-Don Roberts | October 2, 2008; 6:15 PM ET | Comments (11)

October is Cyber Security (Un)Awareness Month

October is Cyber Security Awareness Month, and it seems many people are in need of some serious awareness-raising on this front. A recent survey indicates that while more than 80 percent of computer users thought they had firewall software installed,...

By Brian Krebs | October 2, 2008; 9:30 AM ET | Comments (11)

New Federal Law Targets ID Theft, Cybercrime

President Bush last week signed into law a bill that seeks to make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced...

By Brian Krebs | October 1, 2008; 4:33 PM ET | Comments (12)

 

©  The Washington Post Company