Security News
Malware/Phishing
Server-side Polymorphism: How Mutating Web Malware Tries to Defeat Anti-virus Software
July 31, 2012
Server-side polymorphism is a technique used by malware distributors in an attempt to evade detection by anti-virus software.
Source: Sophos
How PDFs Can Infect Your Computer Via Adobe Reader Vulnerabilities
July 17, 2012
Something as simple as opening a PDF file can infect your computer, and potentially allow malicious hackers to gain access to your organization's network.
Source: Sophos
New Java Exploit to Debut in BlackHole Exploit Kits
July 5, 2012
Malicious computer code that leverages a newly-patched security flaw in Oracle's Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit pack. The addition of a new weapon to this malware arsenal will almost certainly lead to a spike in compromised PCs, as more than 3 billion devices run Java and many of these installations are months out of date.
Source: Krebs on Security
Malware App Made Its Way Into App Store
July 5, 2012
An app, named Find and Call, sneaked its way into both Apple's App Store as well as Google Play, but the two digital stores removed the Trojan horse after being highlighted by a cyber security company.
Source: Los Angeles Times
Security News
Court Documents Left in Recycling Bin Behind County Building
August 1, 2012
Court records containing names of victims, date of birth, and Social Security numbers were left in a recycling bin outside a court building.
Source: The Telegraph
Settlement for California Department of Corrections and Rehabilitation Data Breach
July 28, 2012
A settlement has been reached in a lawsuit against the state for exposing employee personnel information to prison inmates. The settlement awarded a total of $175,000 to 23 plaintiffs to pay for credit-monitoring services and court costs.
Source: Triplicate
Cybersecurity Bill Shows Signs of Life in Senate
July 17, 2012
Key lawmakers are racing to broker a compromise on a Senate cybersecurity bill, insisting that floor action is still possible as early as next week.
Source: Politico
Yahoo Confirms Theft of 450,000 Users' Passwords
July 12, 2012
Some 450,000 Yahoo users' email addresses and passwords have been leaked because of a security breach.
Source: The Associated Press
New York Utilities Told To Improve Protection of Customer Information
July 12, 2012
The New York Public Service Commission instructed two utility companies to take action to address vulnerabilities in their computer billing and records systems.
Source: State of New York Public Service Commission
Having Trouble Getting Online? Call Your Provider
July 9, 2012
Thousands across the United States who waited too long, or simply didn't believe the warnings, lost Internet access just after midnight because of malware on their computer.
Source: The Associated Press
Software\Hardware
Dropbox Confirms Data Leak
August 1, 2012
Cloud storage service provider Dropbox has acknowledged that a file containing private customer data was stolen from the Dropbox account of one of the company's employees and that the information was subsequently used to send out spam messages to users.
Source: H Security
Snort 2.9.2.0 Released
July 18, 2012
An update to the open source intrusion prevention and detection system has been released.
Source: Snort
Android Security Overview
July 17, 2012
The Android Open Source Project released an Android Security Overview.
Source: Android Open Source Project
Oracle Security Update
July 17, 2012
Oracle released 87 new fixes across a number of product families including: Oracle Database, Oracle Application Express, Oracle Secure Backup, Oracle Fusion Middleware, Oracle Enterprise Manager, Oracle Applications, and the Oracle Sun product suites.
Source: Oracle
Skype Confirms Privacy Bug That Sends IMs to Unintended Recipients
July 17, 2012
Skype has confirmed that its VoIP software contains a bug which could result in instant messages (IMs) being sent to unintended recipients.
Source: H Security
VMware Security Update
July 12, 2012
VMware issued a security advisory and update for VWware ESXi.
Source: VMware
Chrome 20 Update Fixes High-risk Security Vulnerabilities
July 12, 2012
Chrome update fixes security vulnerabilities.
Source: Google
HP Warns of Critical Holes In Its Server Monitoring Software
July 10, 2012
HP is warning its customers about two security vulnerabilities in its Operations Agent server monitoring software.
Source: HP
IM Client Update Fixes Buffer Overflow Vulnerability
July 6, 2012
An update to the open source Pidgin instant messaging program closes a vulnerability which could lead to a buffer overflow. The vulnerability could be exploited by an attacker to execute arbitrary code on a victim's system.
Source: H Security
Research
Privacy
July 31, 2012
Federal agencies reported 13,017 security incidents resulting in the compromise of personal information in 2010 and 15,560 in 2011, an increase of 19 percent.
Source: Government Accountability Office
Challenges in Securing the Electricity Grid
July 17, 2012
The electric power industry is increasingly incorporating information technology (IT) systems and networks into its existing infrastructure (e.g., electricity networks, including power lines and customer meters). This use of IT can provide many benefits, such as greater efficiency and lower costs to consumers. However, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers.
Source: Government Accountability Office
A Cyberwar of Ideas? Deterrence and Norms in Cyberspace
July 2012
This article relates US efforts to develop strategic 'cyber deterrence' as a means to deter adversarial actions in and through global cyberspace.
Source: King's College London
Guidelines For Managing And Securing Mobile Devices
July 2012
This publication provides recommendations for securing particular types of mobile devices, such as smart phones and tablets.
Source: National Institute of Standards and Technology
Information Crime
Phishing Activity
July 2012
The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG. APWG also measures the evolution, proliferation, and propagation of crimeware by drawing from the research of our member companies.
Source: APWG
Dropbox Calls in Outside Team to Investigate Possible Breach
July 18, 2012
Dropbox has called in an outside team of experts to help the company investigate spam targeted at its users that could be related to a possible breach.
Source: Los Angeles Times
Over 1 Million User Credentials Compromised In Android Forums Hack
July 13, 2012
Phandroid, a popular Android news site, has confirmed that its Android Forums web site was compromised and that private user data has been accessed.
Source: H Security
"High Roller" Online Bank Robberies Reveal Security Gaps
July 5, 2012
Many online banking systems dangerously rely on PCs being secure, but banks should instead presume all customer PCs are infected.
Source: European Network and Information Security Agency
Contact
Security News is compiled by the State of Iowa - Information Security Office (ISO).
For more information about the ISO please visit http://secureonline.iowa.gov/
Please send questions or comments regarding the Security News to SecurityAwareness@iowa.gov
To subscribe to the Security News, please send a blank email to Join-Security-News@lists.ia.gov
|
