Mar 30
Friday, March 30th, 2007
If there’s a hole to be found in Windows, the bad guys will find it, and the latest one is definitely unique. A vulnerability in all versions of Windows, including Vista, has been found in how the operating systems handle animated cursors, according to a Microsoft security advisory. The exploit works either by a Web page or e-mail message that contain the malicious code. One need not even open an e-mail, merely previewing it would be enough for the code to be executed. This would allow for what’s called a “drive-by installation,” where code is installed on the user’s computer without them even knowing it. The computer could then become part of a botnet (define) or some other malicious code could be dropped into the computer without the user knowing it.
Read more…
Posted in News | No Comments »
Mar 30
Friday, March 30th, 2007
A new vulnerability affecting animated cursor and icons in Windows that has been announced. No patch exists for the vulnerability and exploit code has been released and there are reports of some malware exploiting this problem. Furthermore, Microsoft has acknowledged the issue raising the potential for an increase in exploitation. According to McAfee, IE version 6 and version 7 running on fully patched versions of Windows XP SP2 are vulnerable. Windows version 2000 SP4 and Server 2003 (non & SP1) are also reportedly vulnerable. Vista is also reported to be vulnerable but only witnessed as a denial-of-service at this point.
Read more…
Posted in News | No Comments »
Mar 30
Friday, March 30th, 2007
TJX Companies said 45.7 million accounts were compromised over nearly a two-year period, in an update of an investigation into a data breach of customer records. The scope of the breach, which was initially disclosed in January, is far wider than previously believed. Avivah Litan, an analyst with research company Gartner, said: “This is the largest security breach we’ve ever had worldwide. There was a case at CardSystems where 40 million records were exposed but this one looks like it was a case where the information was stolen.” TJX, which operates discount retail chains including TK Maxx in the UK and Marshalls and TJ Maxx in the US, released additional details of the breach in a filing with the US Securities and Exchange Commission.
Read more…
Posted in News | No Comments »
Mar 30
Friday, March 30th, 2007
The debate about Soca rages on. The trail had gone a little cold, until a raft of stories came out this week on the back of a few comments made by director general Bill Hughes and Sharon Lemon, head of the e-Crime Unit, yesterday. They admitted it had been a struggle in the first year to assimilate all the disparate agencies comprising the organisation, and that Soca is still falling short of having a “long-term impact on organised crime”, but hit back at accusations that it was not handling online crime effectively.
Read more…
Posted in News | No Comments »
Mar 30
Friday, March 30th, 2007
Eight years ago, the Melissa virus caught antivirus companies flat-footed and propagated rapidly. It was the first real outbreak of many of its kind that spread using Microsoft’s Word and Outlook. In this week’s Security Bites, CNET News.com’s Joris Evers and CNET.com’s Robert Vamosi reminisce. Where were you when Melissa hit?
Read more…
Posted in News | No Comments »