CFP: STM'10 |
- CFP: STM'10
- Former Con Man Helps Feds Thwart Alleged ATM Hacking Spree
- Fast-spreading P2P worm targets USB drives
- LoveBug worm hit 10 years ago during a simpler time
- Google tutorial lets developers play malicious hacker
- Cybersecurity Summit Targets Public, Private Cooperation
- Hacked US Treasury websites serve visitors malware
- [Dataloss Weekly Summary] Week of Sunday, April 25, 2010
- XSS Vulnerabilities Happen To Everybody
- Federal mortgage watchdog agency struggles with its information security
- Laptop stolen from mammo suite with data on 5,400 patients
- Glype proxy may not cloak your identity
| Posted: InfoSec News: CFP: STM'10: Forwarded from: "M. Carmen Fernández Gago" <mcgago@ (at) cc.uma.es> ** Apologies for multiple copies ** *Call for Papers* *6th International Workshop on* *SECURITY and TRUST MANAGEMENT (STM'10)* Athens, Greece 23-24 September 2010 http://www.isac.uma. [...] |
| Former Con Man Helps Feds Thwart Alleged ATM Hacking Spree Posted: InfoSec News: Former Con Man Helps Feds Thwart Alleged ATM Hacking Spree: http://www.wired.com/threatlevel/2010/05/thor/ By Kevin Poulsen Threat Level Wired.com May 4, 2010 A North Carolina grocery worker is being held without bail in Houston on attempted computer hacking charges after inadvertently partnering with an undercover FBI agent in an alleged citywide ATM-reprogramming caper. Thor Alexander Morris, 19, was arrested at a Houston flea market last month after trying a default administrative passcode on a Tranax Mini-Bank ATM there, according to the FBI. Morris, who was wearing a wig to disguise his appearance, allegedly hoped to reprogram the machine to think it was loaded with $1 bills instead of $20 bills. That would let him pull $8,000 in cash with $400 in withdrawals from a prepaid debit card. Details of the federal case are laid out in a criminal complaint (.pdf) filed in Houston in late April. Morris allegedly hoped to hit more than 30 Houston ATMs and clear at least $250,000. But he made the mistake of approaching a reformed Texas con man for help with the scheme, who helped the feds set up a sting operation. Cash-machine-reprogramming scams were first noticed in the financial industry in 2005, and surfaced publicly in 2006 when a cyber thief was caught on video looting an ATM at a Virginia gas station. Threat Level later confirmed that default administrative passcodes for retail ATMs manufactured by Tranax and Triton were printed in owner's manuals easily found online. [...] |
| Fast-spreading P2P worm targets USB drives Posted: InfoSec News: Fast-spreading P2P worm targets USB drives: http://news.techworld.com/security/3222479/fast-spreading-p2p-worm-targets-usb-drives/ By John E. Dunn Techworld 04 May 10 A crafty new P2P worm appears to be spreading quickly among users of a range of popular file-sharing programs. So far the countries affected by the worm variant BitDefender calls Palevo.DP - Romania, Mongolia or Indonesia . suggest that the worm is being driven by factors specific to those countries. However, the file-sharing and IM services affected, said to include LimeWire, Ares, BearShare, iMesh, Shareza, Kazaa, DC++, and eMule, are wirdely used around the world by a mainly young audience, so the warning for users outside these countries is clear. The worm lures victims using a link embedded in a spam IM message, which leads to what appears to be an image file but is actually the malicious payload. From that point on, the malware burrows into the host by installing a number of files that compromise the Windows XP firewall. By this point the criminals have control over the system and can open backdoors to install further malware or capture passwords entered using Internet Explorer or Mozilla Firefox. [...] |
| LoveBug worm hit 10 years ago during a simpler time Posted: InfoSec News: LoveBug worm hit 10 years ago during a simpler time: http://www.networkworld.com/news/2010/050410-lovebug-worm-anniversary.html By Tim Greene Network World May 04, 2010 When the LoveBug worm hit 10 years ago, it was a different time when people believed admirers were really reaching out to say "I love you", [...] |
| Google tutorial lets developers play malicious hacker Posted: InfoSec News: Google tutorial lets developers play malicious hacker: http://www.theregister.co.uk/2010/05/05/google_web_app_security_course/ By Dan Goodin in San Francisco The Register 5th May 2010 Google has released a free online tutorial that gives developers the chance to play the role of malicious hacker by exploiting real security [...] |
| Cybersecurity Summit Targets Public, Private Cooperation Posted: InfoSec News: Cybersecurity Summit Targets Public, Private Cooperation: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=224700689 By Mathew Schwartz InformationWeek May 4, 2010 If a foreign entity stalks a local technology firm or power grid, where does the responsibility lie? Given society's increasing connectivity, security experts say that the potential for devastating attacks launched via the Internet continues to rise. Intellectual property, communications infrastructure, financial systems, government services and even power networks are at risk of online attack. Accordingly, the EastWest Institute (EWI) think tank this week in Dallas gathers an expected 400 business leaders, policymakers, technology experts and national security officials from 40 different countries. The goal is to devise new, cross-border strategies for sharing information and combating shared information security challenges. By now, everyone knows the dangers of asymmetrical warfare -- surprise attacks by small, simply armed groups on modern, high-technology nations. And that's exactly what's happening online, where the low cost of attack tools and apparently limitless supply of relatively low-cost talent -- namely, hackers -- makes stealing large amounts of money relatively simple and, at least criminally speaking, cost-effective. [...] |
| Hacked US Treasury websites serve visitors malware Posted: InfoSec News: Hacked US Treasury websites serve visitors malware: http://www.theregister.co.uk/2010/05/03/treasury_websites_attack/ By Dan Goodin in San Francisco The Register 3rd May 2010 Updated - Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on [...] |
| [Dataloss Weekly Summary] Week of Sunday, April 25, 2010 Posted: InfoSec News: [Dataloss Weekly Summary] Week of Sunday, April 25, 2010: ======================================================================== Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 25, 2010 11 Incidents Added. ======================================================================== [...] |
| XSS Vulnerabilities Happen To Everybody Posted: InfoSec News: XSS Vulnerabilities Happen To Everybody: http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224700547 By Tim Wilson DarkReading May 03, 2010 You would think that of all people, the developers of the UK's Cybersecurity Challenge website would be the most scrupulous about [...] |
| Federal mortgage watchdog agency struggles with its information security Posted: InfoSec News: Federal mortgage watchdog agency struggles with its information security: http://gcn.com/articles/2010/05/03/fhfa-security-050310.aspx By William Jackson GCN.com May 03, 2010 The Federal Housing Finance Agency, a fledgling organization created in 2008 to oversee federal mortgage activities, has not fully implemented an information security program, resulting in weaknesses in its information technology security, according to the Government Accountability Office. "FHFA has made important progress in developing and documenting its policies and procedures for the agency's information security program," GAO concluded in its report. "However, policies, procedures, plans, and technical standards related to information security did not always reflect the current agency operating environment; and FHFA did not always effectively monitor its systems." GAO found that FHFA did not always maintain authorization records for network and system access, and did not enforce least-privilege policies for system and application users. It also did not have adequate physical security and environmental safety controls for facilities housing IT resources. "Until the agency strengthens its logical access and physical access controls and fully implements an information security program that includes policies and procedures reflecting the current agency environment, increased risk exists that sensitive information and resources will not be sufficiently protected from inadvertent or deliberate misuse, improper disclosure, or destruction," GAO concluded. [...] |
| Laptop stolen from mammo suite with data on 5,400 patients Posted: InfoSec News: Laptop stolen from mammo suite with data on 5,400 patients: http://www.healthimaging.com/index.php?option=com_articles&view=article&id=21982:laptop-stolen-from-mammo-suite-with-data-on-5400-patients By Editorial Staff HealthImaging.com May 2, 2010 The Medical Center in Bowling Green, Ky., is currently notifying 5,418 [...] |
| Glype proxy may not cloak your identity Posted: InfoSec News: Glype proxy may not cloak your identity: http://news.techworld.com/security/3222227/glype-proxy-may-not-cloak-your-identity/ By Jeremy Kirk Techworld.com 30 April 10 A widely used proxy service thought to provide anonymous Web surfing and used to skirt network administrator bans on access to sites like [...] |
| You are subscribed to email updates from [ISN] InfoSec News Mailing List To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment