Information Security Forum

You might not have heard about Dirt Jumper yet, but the bad guys have. In fact, the high-risk and highly-effective DDoS toolkit is probably the most aggressive of the malware tools being employed by DDoS attackers at the moment, and the situation is set to get much worse very quickly …

The latest VIPRE report, detailing the ten most prevalent malware threat detections spotted by [GFI Labs](http://malwareprotectioncenter.com/) and the ThreatNet Detection System, reveals that Google, LinkedIn, Skype and Mass Effect 3 were amongst the big brands being exploited by cybercriminals in order to leverage trust whilst distributing malware-laden emails. As a …

China may be odds-on to top the medal table at the London 2012 Olympic Games, with less than a week to go, but according to a new report South Korea has the Chinese well and truly beaten as far as malware infected PCs are concerned. And unlike at the Olympic …

New research shows that hackers are becoming increasingly lazy in their search for online exploits, with 98% of Remote File Inclusion and 88% of SQL injection attacks now being fully automated. It comes as no surprise whatsoever to DaniWeb administrators and moderators that your average cybercriminal is looking for the …

Whether you travel on business or for pleasure, the chances are pretty high that you will make use of the Internet while abroad. If you are staying at a hotel then, given the high cost of international data roaming on most mobile networks, the chances are that you will make …

With the London 2012 Olympics due to open in just a few days time, the expected push by the bad guys has started. No, I don't mean the banning of wearing Pepsi T-Shirts in the Olympic Stadium as it might upset official sponsors Coke, or the fact that nobody is …

Continuing our round up of 2013 IT security vendor predictions, we've got the thoughts of three of the big Infosecurity Europe exhibitors: Palo Alto Networks, SafeNet and Kaspersky Lab.  Brian Tokuyoshi from Palo Alto Networks predicts that social media, data decryption and virtualised network security will be high …

Anonymous hacktivists took aim at the websites of the UK Justice Department, the Department of Work and Pensions, the Home Office and even the Prime Minister's own Number 10 site. All of them were successfully targeted overnight and went down for a period of time. The attacks were part of …

Apple, Facebook and Twitter have all been the target of hackers recently, and now Evernote has admitted to a potential breach that has forced it to reset the passwords of approximately 50 million registered users. Evernote, a kind of web scrapbook that enables you to take notes, save web pages …

Security vendor Malwarebytes has reported that a new variation of an old password stealing Trojan is out in the wild, but all is not as it may seem. Notably, this particular Trojan is signed with an apparently 'genuine' digital certificate that authenticates the file. Which rather prompts the question: "say …

The 'World's Greatest Anti-Malware Software' is the spurious claim being made by Malwarebiter, which just so happens to sound an awful lot like Malwarebytes which could perhaps justifiably lay claim to that accolade. Take a look at this forum and you will see that Malwarebytes is a very valuable tool …

According to new independent research commissioned by Corero Network Security, and conducted by the Ponemon Institute, two thirds of banks in the United States have suffered a Distributed Denial of Service (DDoS) attack during the last 12 months. The 64% statistic refers to the number of IT and IT security …

Continuing with our round up of the IT security vendor view of the year to come, here's how PandaLabs, the malware research laboratory arm of [Panda Security](http://www.pandasecurity.com/), sees 2013 stacking up in terms of threats and exploits.  Perhaps unsurprisingly, PandaLabs predicts that 2013 will be much the same …

Network security vendor [Stonesoft](http://www.stonesoft.com/en/) predicts that the top infosec threats to watch out for in 2013 will include unseen and unknown targeted cyber-attacks, espionage and hacktivism. Jarno Limnell, director of cyber-security at Stonesoft, reckons that in 2013 the security of the digital world will become an even more pressing issue, …

Microsoft has released YAIESA, or Yet Another Internet Explorer Security Advisory if you prefer. This time, [SA2757760](http://technet.microsoft.com/en-us/security/advisory/2757760) warns about a new zero-day out there in the wild which impacts all users of Internet Explorer 9 and earlier versions. It's the usual case of targeted attacks being spotted which could lead …

The results of a new security survey, which asked some 6,000 people across Europe questions about cybercrime, would appear to suggest that nearly everyone (88% of respondents in fact) is some kind of online victim. Have things really got this bad, or is it just another case of the security …

Earlier this year Jonathan Evans, the Director General of MI5 (the UK Security Service), warned that cyber attacks against UK plc were as much of a security challenge as terrorism as far as Britain was concerned. He claimed that UK businesses were being targeted at an 'astonishing' rate driven by …

Gary McKinnon, an unassuming 46 year old Londoner who suffers from Asperger's syndrome and depression, is an unlikely man to be making headlines the world over once again. Indeed, across the last decade McKinnon has almost seemed to be a permanent fixture in news media feeds online and off, a …

Over the last few hours of the day GoDaddy's (and GoDaddy managed) websites have been [on the fritz](http://blogs.wsj.com/digits/2012/09/10/godaddy-has-glitches-anonymous-claims-responsibility/) as webmasters and visitors alike are unable to access millions of websites held within GoDaddy's datacenters in an apparent Denial of Service [(DDOS)](http://en.wikipedia.org/wiki/Denial-of-service_attack) attack. GoDaddy is currently scrambling to restore service to …

If the news that the Yahoo! Contributor Network user-generated content site has been breached and more than 450,000 usernames and passwords compromised as a result wasn't bad enough, look behind yesterdays headlines and the situation is revealed to be much, much worse. If you were one of those folk who …

One of the Internet's biggest online dating sites, eHarmony, has confirmed that security has been breached and member passwords compromised. eHarmony spokesperson Becky Teraoka says that "a small fraction of our user base has been affected" although I am led to understand that the 'small fraction' in question is actually …

The FBI took claims by new hacking group The WikiBoat that it was going to bring down the likes of Apple and Tesco last Friday at 4pm so seriously that it sent email warnings to those targeted. It's now Sunday morning, and the threatened DDoS attacks do not appear to …

An investigation by UKFast has revealed that it is possible to build a super-cracker computer for around the same price as your average low-spec budget desktop PC. Yet unlike your average budget PC, it is claimed that this cybercrime dream machine is capable of processing billions of password combinations per …

The head of the UK MI5 intelligence agency, Jonathan Evans, has this week warned that the [London 2012 Olympic Games](http://www.london2012.com/) "present an attractive target for our enemies and they will be at the centre of the world's attention in a month or so". But most of the concern, and indeed …

As a three times winner of the IT Security Journalist of the Year award in the UK, I am used to writing about all kinds of scams. Whilst most of them try and weasel their way into the bank accounts of the victim through purely online means, increasingly the bad …

Acronis responds to DaniWeb questions regarding a leak of customer data which, [as we exclusively reported over the weekend](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/427455/breaking-acronis-blames-technical-issue-for-customer-data-leak), resulted in some information being indexed by search engines and accessible to anyone on the Internet.  Although the leak itself was identified by Acronis on Friday 29th June, the …

Following on from the news earlier this month that [LinkedIn had suffered a major security breach](http://www.daniweb.com/internet-marketing/social-media-and-web-communities/news/425019/linkedin-confirms-six-million-password-hack-check-if-yours-is-one-of-them) involving the compromise of at least six million user passwords, and then dating site [eHarmony apparently falling victim to the same password hacking compromise](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/425118/dating-disaster-eharmony-confirms-passwords-exposed-by-linkedin-hacker), the latest to be hit would appear to be the …

Recently we have all become somewhat over-exposed to the leaking of customer data courtesy of inadequate security allowing hackers to gain access to databases. The [LinkedIn LeakedOut leak](http://www.daniweb.com/internet-marketing/social-media-and-communities/news/425019/linkedin-confirms-six-million-password-hack-check-if-yours-is-one-of-them) and [eHarmony dating data disaster](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/425118/dating-disaster-eharmony-confirms-passwords-exposed-by-linkedin-hacker#post1817377) are good examples of the genre. However, let's not forget that sometimes no hackers are required to …

A password is defined as being a "secret word or string of characters" that is used to authenticate identity and enable access to a resource. The emphasise being on the word secret, although 'unique' is equally important when it comes to password security. Which is why the list of the …

If you are a user of Adobe Flash, be sure to apply the latest security update if you want to avoid becoming part of an in-the-wild attack exploiting a vulnerability which currently seems to be exploiting users of Internet Explorer on the Windows platform only. Adobe has, however, issued an …

Security researchers are warning that some 30,000 WordPress websites, 85% of them based in the US, have been compromised by a mass-injection hijack attack which sees visitors to any of more than 200,000 individual pages redirected to a Trojan infected rogue AV scam. [ATTACH=RIGHT]24076[/ATTACH]The senior security researcher with Websense Labs, …

The Ainslot.L Trojan appears to be much the same as any other at first glance; logging user activity and sending Gmail and Facebook passwords to the bad guys, downloading further malware, taking over your computer and the main payload of being a Banking Trojan stealing account login data. But Ainslot.L …

Using newly registered domains with a very short lifespan to host malware websites is so last year. It would appear that these days such things are far more likely to be hosted on much older compromised web sites instead. Could this be down to a decline in domain tasting? The …

A new botnet has been discovered which is not only targeting users of UK banks, but doing so in a new and worrying manner. Said to comprise of in excess of 100,000 infected machines, the Zeus 2 botnet is operated and controlled from Eastern Europe according to [URL="http://www.trusteer.com/company-overview"]secure browsing security …

Have you ever thought about measuring the Internet in terms if malware per minute? Me neither, but someone has and it makes for uncomfortable reading if you are a Microsoft Windows user. [attach]17145[/attach]How fast is the Internet? It depends on the metric being used, of course, but one new report …

[ATTACH=RIGHT]16752[/ATTACH]Intel announced on Thursday their agreement to purchase all of McAfee’s common stocks at $48 a share, a deal approximately worth $7.68 billion. McAfee will act as a wholly-owned subsidiary and report to Intel’s Software and Services Group. The endeavor marks what is sure to be a harmonious relationship for …

Security company [URL="http://www.barracudalabs.com/"]Barracuda Networks[/URL] has named Google the "king of malware," in [URL="http://www.barracudalabs.com/downloads/BarracudaLabs2010MidyearSecurityReport.pdf"]a report released this month[/URL] that shows the popular search site linking to twice as many malware sites and files as its chief competitors, Bing, Twitter, and Yahoo combined. [ATTACH]16328[/ATTACH]Barracuda points to a growing need for online reputation …

[ATTACH=right]16305[/ATTACH]No more shortcuts for hackers - that's the word from Microsoft, which plans to release a patch today that the company says will fix a security loophole. The issue is tied to the way the Windows OS handles shortcuts, or .lnk files, or as Microsoft explains it in the [URL="http://www.microsoft.com/technet/security/advisory/2286198.mspx"]official …

[attach=right]14422[/attach]File under oops. The website of The Telegraph newspaper has been defaced by hackers, apparently upset at a cult British television show and the newspaper itself for mocking their country. The 'Romania National Security' hacking group has claimed responsibility for the attack which hit a couple of third party services …

The good news is that security savvy Windows users will, more than likely, have already disabled the AutoRun and AutoPlay features. The bad news is that a new zero-day vulnerability could care less, and executes automatically anyway. [attach]15918[/attach]The zero-day vulnerability in question was first spotted by Sergey Ulase, a researcher …

For the longest time there has been an implied, some might even say explicit, connection between computer infection and online pornography. According to one developer of AntiVirus software that connection has now been well and truly broken. Ondrej Vlcek, the CTO at [URL="http://www.avast.com"]AVAST Software[/URL], has announced the results of research …

Stand up if you like paying your income tax. To all of you who have remained seated, which I will assume is indeed all of you, I have some more bad news: the bogus tax collectors want your money as well, and now they have botnets helping them. [attach]15770[/attach]According to …

New [URL="http://www.getsafeonline.org"]research carried out on behalf of Get Safe Online[/URL], a national Internet security awareness initiative backed by the UK Government and the Serious Organised Crime Agency, has revealed that 30 percent of Internet users are putting themselves at risk when they book a holiday online. [attach]15742[/attach]Get Safe Online and …

I am told, by those who follow the sport, that the Netherlands soccer team stands a pretty good chance of lifting the FIFA 2010 World Cup trophy. The bad news for any Netherlands fans is that their side has already been defeated by India, in the World Cup of security …

A study by a computer security lab has found that porn sites "harboured malware or used "shady" practices to squeeze money out of their visitors," according to an [URL="http://news.bbc.co.uk/2/hi/technology/10289009.stm"]article [/URL]by the BBC on the study. (In other news, rocks are hard and water is wet.) Researchers from the [URL="http://iseclab.org/about.html"]International Secure …

It seems that the world has gone football crazy now that the World Cup is underway in South Africa, [URL="http://en.wikipedia.org/wiki/Vuvuzela"]vuvuzelas[/URL] and all. But with ticket sales not having been as successful as expected, and [URL="http://www.independent.co.uk/news/world/africa/seats-to-spare-ndash-but-fifa-wont-let-south-africans-fill-them-2002630.html"]reports[/URL] of rafts of empty seats which FIFA won't sell tickets to South Africans for, overseas …

Symantec today launched a new hosted security as a service solution for small and medium sized business in the form of its '[URL="http://www.messagelabs.com/trials/hep"]Symantec Hosted Endpoint Protection[/URL]' offering. Delivering a simple and convenient cloud-based service covering Windows-based laptops, desktops and files servers, the solution aims to protect these endpoint systems using …

According to the [URL="http://www.symantec.com/connect/pt-br/blogs/password-survey-results"]latest poll[/URL] into password habits conducted by security vendor Symantec, some 26 percent of folk have told their spouse what their passwords are. Perhaps less surprisingly, 12 percent have told their IT admin and 5 percent their boss. However, why 10 percent let their friends and 8 …

According to the latest market research coming out of security vendor [URL="http://www.ncircle.com"]nCircle[/URL] the cost of security auditing is heading in one direction, and that's upwards. Some 47 percent of IT security professionals to the nCircle survey expect that security auditing costs will increase during 2010 while only a very optimistic …

Eugene Kaspersky will today be inducted into the Infosecurity Europe 2010 Hall of Fame in recognition of his contribution to the advancement of the IT security industry during more than twenty years in the business. It's not the only award he has received, as the SC Awards Europe 2010 also …