An RSA study released on Wednesday claims that most major U.S. corporations — including up to 88% of Fortune 500 companies — may be affected by botnet activity from computers compromised by the Zeus Trojan.
In the article, “88 percent of firms show Zeus botnet activity,” RSA’s FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers that included IP addresses and emails that belonged to the corporations. Among the stolen data found on the sites where infected computers drop the stolen data was compromised email addresses from about 60% of the firms. Continue reading this post…
November was a busy month for security stories. The month kicked off with more stories of massive security patches from both Microsoft and Apple leaving me to wonder when the patching madness will ever end. Windows 7 was found to have a flaw that allows denial of service attacks. Internet Explorer v7 (IE7) even made it into the news with the latest vulnerability, but I question efforts to patch an aging application, why not just upgrade or use Firefox? If they aren’t willing to upgrade, do people really think they will patch IE7?
Without further delay, here are the stories that caught my eye in November: Continue reading this post…
In the wake of the 60 Minutes story there has been both a significant amount of attention given to the story online as well as expected complaints that the story was over hyped. The specific complaint was the citation by “prominent intelligence sources” that the Brazilian power outage was caused by cyber attacks. I even received some tweets dinging me for propagating the hype from my last post on the original 60 minutes story.
The complaint is that 60 Minutes didn’t do their homework and that there is no proof that the actual outage was caused by hackers. I won’t get dragged into that dispute here, but I would like to address the conclusion that some have made that hacking in general is overstated.
To those who work in the security industry and say that the cyber threat to both Government and private systems is over hyped, my answer is have they even been paying attention? Both foreign governments and organized online crime have been carrying out attacks with specific purposes with increasing frequency and the evidence is all around us. Continue reading this post…
Last month I kicked off a post focusing on the top endpoint security stories in the past month. This month brought a number of endpoint security events ranging from the latest Microsoft zero-day vulnerabilities without a fix to botnet and phishing news. The theme of the month is that both individuals and corporations are simply losing the battle against online criminals when it comes to desktop security.
- Sept 1, 2009 – IIS FTP flaw announced with exploit code
Microsoft kicked off the month by confirming the publication of exploit code for the IIS FTP vulnerability that could allow remote code execution on affected systems. The vulnerability affected systems running the IIS web server and was particular dangerous to FTP servers that had anonymous accounts for uploads. Continue reading this post…
There have been many cases of social networks overlapping security software this year. Whether they are using