SURFnet: News

Android Malware Surfaces in Chinese App Markets

Fri, 31 Dec 2010 00:00:00 GMT

Named “Geinimi,” San Francisco firm Lookout Mobile Security says the Trojan is the most sophisticated Android malware [the firm has] seen to date.” “Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications,” most of which have been games, the firm says.
The apps are then sold in Chinese third-party Android app markets. Affected apps will request permissions “over and above” those requested by the legitimate version of an app.

Mozilla site exposed encrypted passwords

Wed, 29 Dec 2010 00:00:00 GMT

The database, which contained 44,000 inactive user accounts for the addons.mozilla.org site, was inadvertently placed on a public-facing Web server, wrote Chris Lyon, the Mozilla director of infrastructure security, in a blog posting.

Microsoft produces workaround for IE zero-day vulnerability

Tue, 28 Dec 2010 00:00:00 GMT

The vulnerability, which was originally discovered on Dec. 9 by French security firm VUPEN, could be used by attackers in drive-by attacks. According to Microsoft, it exists due to the creation of uninitialized memory during a Cascading Style Sheet (CSS) function within Internet Explorer. Under certain conditions, it says, the memory could be used by an attacker using a malicious Web page to execute code remotely and gain control of a victim's machine.

Microsoft warns on IE browser bug

Fri, 24 Dec 2010 00:00:00 GMT

If exploited by a booby-trapped webpage the bug would allow attackers to take control of an unprotected computer.

Code to exploit the bug has already been published though Microsoft said it had no evidence it was currently being used by hi-tech criminals.

Hackers steal an alleged 5.5 million euros from Dutch bank

Wed, 22 Dec 2010 00:00:00 GMT

The report of the theft was published in the daily broadsheet,De Telegraaf. However, the amount of the digital heist is disputed by the Dutch Association of Banks (NVB), which says it is nearly impossible to hack a bank from outside.

Microsoft yanks Outlook 2007 update

Mon, 20 Dec 2010 00:00:00 GMT

Microsoft last week pulled an update for Outlook 2007 issued just two days earlier, citing connection and performance problems for the unusual move.

The update was issued mid-day on Dec. 14 as part of the monthly Patch Tuesday. Within hours, users reported trouble with retrieving e-mail and major delays when switching folders.

EU could turn to 'crowd sourcing' in cyber crime fight

Fri, 17 Dec 2010 00:00:00 GMT

The director of Europol told peers he wants to get net users directly involved in catching cyber crime gangs.

Rob Wainwright briefed a Lords EU sub-committee on plans for a European cyber crime centre. He said the extent of the problem was often underestimated in the EU.

McDonald's warns of customer data breach

Wed, 15 Dec 2010 00:00:00 GMT

The security breach affects people who signed up for promotions at McDonald's or registered at any of its online sites. The customer name, postal address, phone number, birth date, gender and information about promotional preferences may also have been exposed, the company said in an FAQ on its website

Gawker Media websites hacked

Mon, 13 Dec 2010 00:00:00 GMT

After bringing the company's websites to a standstill Sunday, one or more hackers operating under the name Gnosis released a 500 MB file apparently containing Gawker's source code, commenter and staff passwords, and internal conversations between the company's employees.

Dutch police arrest suspected pro-WikiLeaks hacker

Fri, 10 Dec 2010 00:00:00 GMT

The Dutch National Prosecutors Office that the teen, who was not named, was arrested by a high-tech crime team last night.

The arrest comes after a group known as Anonymous--a label that's been adopted before by activists who have electronically assaulted the Church of Scientology and the Australian government--organized attacks on Web sites of companies that have distanced themselves from WikiLeaks. Distributed denial-of-service attacks enlist thousands of computers, all making simultaneous connections, in hopes of overwhelming a target.