Computer Security Articles

A carder and hacker that has been arrested in 2009 by the Secret Service for trying to sell 40 stolen card numbers to one of their undercover agents, has pleaded guilty to access device fraud and aggravated identity theft charges.The 26-year-old Georgian native Rogelio Hackett, Jr., has admitted that he has been selling credit card [...]

Read the full story

Another list of fake job domains relating to this long running scam and in addition to these recent ones. Solicitations are sent by spam are are attempting to recruit people for money laundering etc, so best avoided. australia-union.com europ-hire.com europ-union.com next-jobb.com usa-1job.com Registrant details (no doubt fake) are:     Vilechka Pelka     Email: rewerta12@yahoo.com     [...]

Read the full story

We are getting reports that the CBS Money Watch and some ZDNet web sites are currently distributing malware and blacklisted by Google. We are still investigating it, but if you try to visit the CBS Money watch site (moneywatch.com), you will get a warning from Google: What is the current listing status for moneywatch.bnet.com/investing?Site is [...]

Read the full story

It is almost a rule of thumb that everything that might interest a large number of people makes for a good lure for spammers and scammers. From news regarding natural disasters and celebrities to offers that promise to change the user’s dire economic situation, scammers keep a good eye on any recent developments and are [...]

Read the full story

Microsoft has issued a security patch for Silverlight KB2526954. It fixes several security issues. However, the Microsoft link to KB2526954 is still not live. If you have Microsoft update running, it is ready to install. This is rated as important and will auto install.Direct download http://go.microsoft.com/fwlink/?LinkID=149156[1] http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx– Guy Bruneau IPSS Inc. gbruneau at isc dot [...]

Read the full story

The German computer software company Ashampoo has been targeted by attackers that managed to gain access to its customers database and possibly exfiltrated data such as names and email addresses.“Billing information (e.g. credit card information or banking information) is definitely not affected, because our shop service contractors are concerned with this data and it is [...]

Read the full story

As the day of the wedding of Prince William of England and his long-time girlfriend Kate Middleton quickly approaches, scammers have began to exploit the interest of Internet users around the world and pushing out a variety of poisoned links regarding the subject.GFI warns that a search for sites reporting on the upcoming royal wedding [...]

Read the full story

While the number of threats targeting mobile devices is increasing, web browsers for mobile devices are still lacking the security features of their Desktop counterparts. For example, Firefox 4 Mobile (also known as Fennec), does not include Google Safe Browsing to prevent users from navigating to known malicious sites.Zscaler has released 3 Firefox add-ons to [...]

Read the full story

Google search results have traditionally been the target of black hat SEO campaigns. WebsenseR Security LabsT has identified a new trend in which cyber criminals take advantage of Google Image search rankings to spread malware.Websense Security Labs ThreatseekerR network has detected that Google Image search returns poisoned pictures when searching on celebrity child “Presley Walker”. We first found [...]

Read the full story

If you are are owner of an iPhone or a 3G iPad, you’ll probably want to know that your location – along with a timestamp – is at all times recorded by the device and stored into a file called “consolidated.db,” which is then copied on the computer to which you synchronize the device.The file [...]

Read the full story

This month’s Microsoft Patch Tuesday release set a new record. Microsoft released a total of 17 bulletins covering 64 CVEs, the largest number of patches in one month to date. While some users may have configured Windows to automatically apply updates in the background, many organizations must stage and test all patch deployments, which may [...]

Read the full story

On April 11, Malaysian hackers embarrassed Barracuda Networks by exploiting code vulnerability through an SQL injection and triumphantly posting names, email addresses, and passwords belonging to Barracuda’s partners, customers, and employees.California-based Barracuda is a major player in the digital security market, boasting IBM, FedEx, and Coca-Cola among its clients. According to Barracuda’s own assessment, it [...]

Read the full story

A new spam campaign, similar to campaigns we have seen in the past, is spreading on Facebook. This one, however, has some interesting twists to it. The core of the campaign involves a Facebook app that claims to know who your “Top 10 stalkers” are. Our customers are protected from this campaign by ACE, our Advanced Classification Engine.It works by creating [...]

Read the full story

The ParetoLogic URL Clearing House has moved to a new domain: malwareblacklist.com For a while now, I had been thinking of creating a name that can be remembered and googled easily. After jotting down a bunch of ideas I looked up what was available, and surprisingly malwareblacklist.com was there for the taking. We’ve been running [...]

Read the full story

This winter, the Internet passed a major milestone in its twenty-year-old wunderkind evolution from a small, experimental research network to one of the technical foundations of modern society. In a brief Miami hotel conference room ceremony, ICANN allocated the last five IPv4 address blocks on February 3 – the long anticipated endgame towards eventual Internet [...]

Read the full story

Our ThreatSeekerR Network is constantly on the lookout to protect our customers from malicious attacks.  Recently it has detected a new injection attack which leads to an obscure Web attack kit.  The injection has three phases which will be covered in this blog post. Websense customers are protected from this attack by ACE, our Advanced [...]

Read the full story

You’ve probably heard by now that the US Department of Homeland Security is working on an overhaul of its terrorist alert system, which would involve, among other things, alerting people through Twitter and Facebook of changes to the threat level.If you were one of the 140 individuals who took a poll on Internet Evolution last [...]

Read the full story

When something sounds too good to be true I always take it with a grain salt.I came across this tool that “can be used to make western union transfers without any credit card. You even don’t need any phone verification. Also the processes very much secured.” {sic}Taken from: wubug.orgSupposedly, it can hack Western Union’s databases by [...]

Read the full story

I can only assume that this is some sort of strange scam. The email originates from 74.55.158.162 which is flagged as being quite spammy. Subject: CAKE DECORATION LESSON:::::::::::::::::: From: Omiky Aneke <omikychartin@blumail.org> Reply-To: omiky1aneke@yahoo.co.uk Hello, How are you doing today ?  My name is OMIKY ANEKE I want to book for CAKE DECORATION LESSON Workshops [...]

Read the full story

In the wake of Comodo’s announcement of a compromised [1] affiliate Registration Authority (RA) and their subsequent issuance of fraudulent certificates [2], the information security community has given more scrutiny to the process of signing, revoking, and verifying SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificates. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer [...]

Read the full story

Phishing and 419 scams have been around for a while now. However, sometimes they never cease to amaze when it comes to their tactics. We caught this most recent one in one of our Honeypots and thought we would share due to the “over-the-top” images sent. Also note the horrific markup of the passport. —————————————————————————– Email sent from: [...]

Read the full story

In February 2005, John Leyden told the story of Joe Lopez a 42 year old businessman in Miami Florida who sued his bank after having $ 90,348 wired out of his account to Parex Bank in Riga, Latvia. The US Secret Service examined his computer and found that his system was infected with the Coreflood [...]

Read the full story

In January, I talked about high-profile websites, which had been hacked to redirect users to fake online stores. One unique aspect of the hack was the fact that the attackers had set up additional web servers on non-standard ports. Most of the domains I listed in the post were cleaned up pretty quickly. Three months [...]

Read the full story

There is a surprising number of title variations among people who work in the field that I call “information security.” I browsed through various job-search sites to get a feel for the more frequently-seen titles and created a random information security job title generator. Just for fun. The titles I encountered were generally a permutation [...]

Read the full story