Virus Information News

[First]  [Previous] |    162     163     164     165     166     167     168     169     170     171    | [Next]  [Last] of 172 page(s)

Nuclear Plant Email Bogus; Possible Virus

San Clemente Times

April 9, 2008

A bogus email claiming that a nuclear incident had occured at the "San Clemente Nucklear Power Station" is completely false, according to SDGE officials.

Further, alerts have been issued on the Internet warning of a possible virus attached to the spam email. San Onofre Nuclear Generating Station (SONGS) officials first learned of the inflammatory and erroneous email at 3:55 p.m. PT Monday.

Superintendent Trojan

Heise Security

October 9, 2006

The Swiss Department of the Environment, Transport, Energy and Communications (UVEK) is examining the use of spy software to allow it to listen in on conversations on PCs.

The software comes from Swiss security company ERA IT Solutions, which intends to supply it solely to investigation agencies. This should also prevent antivirus manufacturers from incorporating it into their databases and having their tools recognise it. According to the manufacturer, firewalls do not present a problem.

Sony PSP TIFF Image Viewing Code Execution Vulnerability

Secunia

August 31, 2006

A vulnerability has been discovered in Sony PlayStation Portable, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in libTIFF and can be exploited to execute arbitrary code when a specially crafted TIFF image is viewed in the Photo Viewer. The vulnerability has been confirmed in version 2.60 and has also been reported in versions 2.00 through 2.80.

Debian Server restored after Compromise

Debian

July 13, 2006

One core Debian server has been reinstalled after a compromise and services have been restored. On July 12th the host gluck.debian.org has been compromised using a local root vulnerability in the Linux kernel. The intruder had access to the server using a

At least one developer account has been compromised a while ago and has been used by an attacker to gain access to the Debian server. A recently discovered local root vulnerability in the Linux kernel has then been used to gain root access to the machine. At 02:43 UTC on July 12th suspicious mails were received and alarmed the Debian admins. The following investigation turned out that a developer account was compromised and that a local kernel vulnerability has been exploited to gain root access. At 04:30 UTC on July 12th gluck has been taken offline and booted off trusted media.

MySpace hacked: Samy is my Hero

fast.info

October 13, 2005

An aquaintance of mine recently managed within 24 hours to become the most popular civilian on myspace with the help of a clever bit of viral javascript imbedded into his myspace page.

Let's see here...what would make my profile rock. Well, the most popular profiles on myspace pretty much consist of people with the limited english skills so I don't want to mimic those, but popularity begets popularity. I need some more friends. I need people to love me. I delved in and found that I could basically control the web browsing of anyone who hit my profile. In fact, I was able to develop something that caused anyone who viewed my profile to add my name to their profile's list of heroes. I was ecstatic. But it wasn't enough. I needed more. So I went deeper. A Chipotle burrito and a few clicks later, anyone who viewed my profile who wasn't already on my friends list would inadvertently add me as a friend. Without their permission. I had conquered myspace. Veni, vidi, vici.

Brazilian police arrest 85 in crackdown on hackers

Reuters

August 25, 2005

Brazilian police arrested 85 people on Thursday accused of stealing more than $33 million by hacking into the online bank accounts of unwitting Internet users, authorities said.

The raid -- dubbed Operation Pegasus -- was carried out by 410 federal police officers in seven states, making it one of the biggest crackdowns on electronic crime in Brazil. In all, 105 arrest warrants were issued after a four-month investigation found that the suspects had pocketed about 80 million reais in the scam.

Cisco Intrusion Detection Products May Allow Intrusion

Netcraft

August 23, 2005

A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory . An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC)

A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco. The announcement continues a trend in which security products are emerging as a potential entry point for attackers. Last year the Witty Worm spread rapidly using a security weakness in BlackIce IDS products from Internet Security Systems. Serious security holes have also been discovered in Symantec antivirus products and the ZoneAlarm family of firewalls from Computer Associates, among others.

Banks Shifting Logins to Non-SSL Pages

Netcraft

August 23, 2005

After years of training customers to trust only SSL-enabled sites, banks are shifting their online banking logins to the unencrypted home pages of their websites. Although the data is encrypted once the user hits the "Sign In" button, the practice runs co

Web sites are generally reluctant to use "https" on busy home pages, since SSL involves a tradeoff: improved security, but slower response time. Consumers, meanwhile, prefer easy to-remember URLs for their online banking. In placing login screens on non-SSL home pages, banks are trying to have it both ways: fast page loading without the SSL-related performance hit. The login form's "action" URL points to an SSL-enabled https URL. Since the introduction of SSL, Internet users have been urged to check for the "golden lock" icon to ensure a web session is encrypted before conducting e-commerce transactions. As phishing has grown rampant, the Anti-Phishing Working Group and Federal Trade Commission have warned consumers to be sure a web page is using SSL before sharing personal information.

The OS X Zombies

J/R/S

March 29, 2005

A certain institution of higher learning has discovered that fleets of their OS X boxes have been compromised. They do not yet know the vector of attack, meaning it is officially a 'zero day exploit'. They do however have several theories - all of which h

The OS X boxes, when compromised, end up running rogue IRC bot controllers and FTP servers. Naturally these rogue processes are capable of accessing sensitive data - which can be destroyed, modified, or stolen. Some of the victimised boxes were exploited through weak passwords for SSH-enabled accounts; still others through their Apache servers. Apache needs to be patched too and Apple have the patches out there for their contribution to the Apache community and they should be downloaded. Worse: if the holes in Apache are publicised and the sysadmins do not download them, the script kiddies will know how to attack.

Virus Prize 2005

DVForge

March 26, 2005

Please... Infect Our Computers!

Contest goal: To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system. Please... Infect Our Computers!

[First]  [Previous] |    162     163     164     165     166     167     168     169     170     171    | [Next]  [Last] of 172 page(s)