Archive for January, 2011

One-Third of All Malware in Existence Appeared in 2010

January 13, 2011

One-Third of All Malware in Existence Appeared in 2010: “‘More than a third of all malware that has ever existed was created by criminal gangs in 2010 alone according to the latest PandaLabs Annual Report.

To be precise, the company found that 34 percent of all existing malware has been concocted by cybercriminals in the last year, banishing forever the image of the disgruntled geek creating viruses in his bedsit.’

Read more…

 

(Via .:[ Layered Security ]:..)

‘Patriot Act’ Phishing E-mails Resurface, FDIC Warns

January 13, 2011

‘Patriot Act’ Phishing E-mails Resurface, FDIC Warns: “Scammers are trying to steal banking information using fake e-mails that look like they’ve come from the U.S. Federal Deposit Insurance Corporation, the FDIC…

(Via PC World Latest Technology News.)

Infected PC Compromises Pentagon Credit Union

January 12, 2011

Infected PC Compromises Pentagon Credit Union: “

The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.

 

(Via threatpost – The First Stop for Security News.)

Microsoft Plugs Three Windows Security Holes

January 12, 2011

Microsoft Plugs Three Windows Security Holes: “

Microsoft today released security updates to fix at least three vulnerabilities in its Windows operating systems, including one labeled ‘critical,’ the company’s most serious rating. However, none of the patches address five zero-day flaws that can be used to attack Windows users.

The critical update targets two weaknesses present in all versions of Windows that Microsoft said hackers could exploit to break into unpatched systems just by getting users to visit a compromised or malicious Web site. A second update fixes a security issue in the Windows backup tool that affects Windows Vista machines.

The vulnerability in the Windows backup tool stems from a weakness that extends to hundreds of third-party, non-Microsoft applications built to run on Windows. I discussed this issue at length in a blog post in September, but the upshot is that Microsoft has made available a FixIt tool to help fortify a number of these applications against a broad swath of security threats that stem from a mix of insecure default behaviors in Windows and poorly-written third party apps. If you haven’t already done so, take a moment to read at least the short version of that post, and apply the supplied FixIt tool from Microsoft.

Microsoft chose not to address a number of outstanding, known vulnerabilities for which exploit code is publicly available. Redmond’s Jonathan Ness explains the company’s thinking in holding off on fixing these flaws in a post to the Microsoft Security Research and Defense blog.

Microsoft has released two separate FixIt tools to help users mitigate the threat from a couple of the more pressing outstanding vulnerabilities. If you use Windows, and especially if you browse the Web with Internet Explorer, you should take a moment to take advantage of these stopgap fixes, available here and here.

The updates are available through Windows Update or via the Automatic Update capability built into all supported Windows versions. As always, if you experience any problems or glitches that appear to be related to applying these updates, please drop a note in the comments section.

 

(Via Krebs on Security.)