Wave of search results hacks begins
March 31, 2008
{UPDATE: Precursor tech industry analyst Scott Cleland calls this attack vector “a motherlode” for cyber crooks, and takes Google to task for failing to warn consumers about tainted web links.}
Our story today describing what looks to be the start of a wave of cross-site scripting attacks against high-profile news, retailing and college web sites was tough to pull off. We had to explain …More
300 grocery store servers hacked
March 28, 2008
The Boston Globe has just reported that the Hannaford Brothers data breach came via malware installed on servers in each of the grocery store chain’s outlets.
Security Fix blogger Brian Krebs says this breach could presage a trend of bad guys targeting data while its unencrypted and traversing internal IT systems.
Fortify Software’s Brian Chess opines that it is “likely that the attackers found a vulnerability in a piece of code that was common to all of …More
Hannaford data heist shows limits of PCI
March 24, 2008
Placing the burden on merchants to protect our sensitive data clearly is not a panacea. The hack/heist of 4.2 million customer transaction records from the Hannaford Brothers’ supermarket chain emphatically makes that point.
As we’ve previously reported, TJX similarly lost 94 million customer records–partly because it failed to comply with the Payment Card Industry-Data Security Standards, mainly enforced by Visa and MasterCard.
But the Hannaford Brothers were PCI compliant—and still …More
No ‘botnet prophylactic’
March 20, 2008
NPR’s Alison Stewart, host of The Bryant Project, hooked up with SecureWorks researcher Joe Stewart after reading our story on botnet saturation. Alison does a good job of getting Joe (no relation) to explain the basics of bots in this seven-minute interview. The former MTV and NBC reporter asks: “Is there some sort of botnet prophylactic to help keep my computer from getting infected?” Joe’s answer: “Unfortunately no.”
Joe is one …More
‘Fuzzing’ triggers spike in targeted attacks
March 19, 2008
My story today on targeted attacks points out how this phenomenon is occurring on two levels. What I would describe as lower level crime groups are focusing on patrons of companies and organizations with juicy databases, like Monster.com, the FTC and salesforce.com.
Meanwhile, elite crooks, with big R&D budgets, are using fuzzing tools to flush out zero-day holes in Office, Quicktime, Adobe Reader, etc., then going the extra mile …More
Botnets can be used to blackmail targeted sites
March 17, 2008
USA TODAY
By Jon Swartz and Byron Acohido, USA TODAY
Find original copy of this article here:
SAN FRANCISCO – Botnets work beautifully for blackmail.
Cyberextortionists have perfected denial-of-service attacks, in which thousands of bots are directed to bombard a targeted website with nuisance requests, effectively preventing anyone else from connecting to the site.
STORY: Botnet scams are exploding
The crooks threaten to paralyze websites for video games, financial institutions and small e-commerce businesses – unless the website owners pay protection money.
Denial-of-service attacks using …More
Botnet scams are exploding
March 17, 2008
By Byron Acohido and Jon Swartz, USA TODAY
Find original copy of this article here:
SEATTLE – Two days after actor Heath Ledger died, e-mails began moving across the Internet purportedly carrying a link to a detailed police report divulging “the real reason” behind the actor’s death. Ledger had been summarily drafted into the service of a botnet.
Bots are compromised computers controlled by profit-minded crooks. Those e-mails were spread by a network …More