Tuesday, July 1, 2008
Daily Report
• Alltech opened a state-of-the-art Center for Animal Nutrigenomics and Applied Animal Nutrition at its corporate headquarters in Kentucky. Researchers will analyze the health and performance status of livestock and the best nutritional interventions for peak production potential. (See item 18)
• The Federal Emergency Management Agency reports that hundreds of levees must be certified as sound over the next few years in order to be registered on government flood maps that are being updated. (See item 40)
Banking and Finance Sector
10. June 29, ZDNet – (National) HSBC sites vulnerable to XSS flaws, could aid phishing attacks. HSBC Holdings plc-owned domains are vulnerable to XSS flaws which could easily aid in a phishing attack. Evidently, major unwanted consequences could be a result of multiple cross-site scripting vulnerabilities affecting bank web sites. Scammers can register domains and set up fake bank web sites in a few minutes. With the help of bulk e-mailers they can phish personal sensitive data from thousands of unsuspecting web users. If they want to own HSBC’s e-banking customers, all they have to do is to register a “suspicious” looking domain like hscsbc.com which is currently available and then serve a phishing page. Source: http://blogs.zdnet.com/security/?p=1365
11. June 28, 13 Orlando – (Florida) Online e-mail scams. Two new scams are creating lots of problems. The first scam says it comes from Bank of America, with official looking letterhead with links that connect you with actual Bank of America sites. There is an e-mail explaining why you received this e-mail though Bank of America, which says it does not send out unsolicited e-mails. It also has the privacy and secure message that assures your account information is safe. Again, there are copies from the real Bank of America site that are pasted in to look official. Neither Bank of America, nor other banks, ever asks for any personal information over the Internet. If you click on the reply link and fill in the blanks, your account information will be stolen. The latest scam says a person has money and wants to send it to you. This time the e-mail claims to come from a U.S. Army sergeant who has found $8 million of Saddam’s money in barrels outside Saddam’s old palace. His brother-in-law was killed by a roadside bomb, and a dying British medical doctor gave him the package of money. He has survived two suicide bomb attacks, shot, and wounded. He can get it home to the U.S. to split with you if you just contact him as soon as possible. Source: http://www.cfnews13.com/Technology/YourTechnology/2008/6/28/online_email_scams.html
Information Technology
33. June 30, The Baltic Times – (International) Hackers place Soviet symbols on hundreds of websites. Foreign hackers broke into more than 300 Lithuanian websites and covered them with former Soviet symbols. The majority of websites were hosted on the servers of Hostex (formerly known as Microlink), the chief expert with the networks and information security department with the Communications regulatory authority (RRT), told BNS. “It seems to be a planned attack. Yet we cannot tell as yet which country it comes from”, he said. The head of RRT networks and information security department told a public radio station that the attackers mostly targeted the websites of private companies. While Lithuanian head of the Cabinet assures that state institutions are prepared for potential cyber attacks, the hackers also broke into the webpage of ruling Social Democrat party, chaired by the prime minister himself. Swear word filled Russian text was displayed with the flag of former Soviet Union in the background in the official website of the Lithuanian Social Democrat party. An analogous break in with the same text and same symbols took place Saturday morning in the official website of the Chief Official Ethics Commission. The Communications Regulatory Authority said Saturday it has no information on who might have broken into the commission’s website and defiled it. Source: http://www.baltictimes.com/news/articles/20723/
34. June 27, Wired Blogs – (National) Hacker launches botnet attack via P2P software. A 19-year-old hacker is agreeing to plead guilty to masterminding a botnet to obtain thousands of victims’ personal data in an anonymous scheme a federal cybercrime official described Friday as the nation’s first such attack in which peer-to-peer software was the “infection point.” The defendant launched the assault last year from his Cheyenne, Wyoming residence, and anonymously controlled as many as 15,000 computers at a time, said the chief of the Cyber and Intellectual Property Crimes Section for federal prosecutors in Los Angeles. As part of the deal, in which a judge could hand him up to five years imprisonment, the defendant has agreed to pay $73,000 in restitution, the government said. “It’s the first time that we know of that peer-to-peer software was used as the infection point,” the cyber chief said in an interview with Threat Level. The malware infection became commonly known as the Nugache Worm, which embedded itself in the Windows OS. According to the plea agreement, the worm was installed in various ways. “All of the data stored on the compromised machines would be available to defendant, including, but not limited to, credit card information,” according to the plea agreement. The agreement also said that he took control of financial accounts of his victims. Source: http://blog.wired.com/27bstroke6/2008/06/hacker-launches.html
Communications Sector
35. June 30, Computerworld – (International) NEC, Tyco plan Japan-U.S. cable. NEC Corp., based in Tokyo and Tyco Telecommunications based in Morristown, New Jersey, announced last week they have begun joint planning work on the Unity undersea high-speed fiber-optic link between the U.S. and Japan. The $300 million effort is funded by Google Inc., Bharti Airtel in New Delhi, Global Transit Communications in Kuala Lampur, KDDI Corp. in Tokyo, Pacnet Internet in Singapore, and Singapore Telecommunications Ltd. The cable will initially contain dual optical-fiber cables for both primary service and backup. It will link Chikura, located off the Japanese coast near Tokyo, to Los Angeles and other sites on the West Coast. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=networking_and_internet&articleId=321299&taxonomyId=16
36. June 27, SC Magazine – (National) Researchers reveal VoIP vulnerabilities. VoIPshield Laboratories has alerted companies that market voice over internet protocol (VoIP) systems of new security vulnerabilities. VoIP vulnerabilities, if successfully exploited, could affect brand reputation, internal productivity, and competitive advantage, researchers said. VoIPshield does not reveal specifics about the vulnerabilities to the public, VoIPshield Laboratories’ chief technology officer, told SCMagazineUS.com on Friday. “We don’t want to give hackers information to work from,” he said. Instead, under its disclosure policy, VoIPshield works with VoIP vendors to assist them in reproducing the vulnerabilities in their labs. VoIPshield classifies the vulnerabilities into different categories -- remote code execution; unauthorized access; denial of service; and information harvesting – and rates them according to their severity. The company said that by passing the information of their vulnerability research, the company hopes that vendors will be able to take action to create patches for potential exploits. Avaya, Cisco, and Nortel have acknowledged the latest vulnerabilities on their websites, and are issuing their own security advisories. VoIP vulnerabilities appear to be increasing because more security researchers are focused on finding them, a Gartner representative told SCMagazineUS.com. “Three to four years ago, there was far less focus on IP telephony vulnerabilities because the IP telephony installed base was much smaller,” he said. “In 2008, most of the widely deployed telephony systems have vulnerabilities that permit DOS attacks, privilege escalation and code execution attacks.” Source: http://www.scmagazineus.com/VoIPshield-reveals-VoIP-vulnerabilities/article/111918/
No comments:
Post a Comment