newspaper.jpg Below is a round up of news stories relating to information security that we have collated from the past few days.  For ease of use we have categorised the stories under the most appropriate headings.  If there are other stories that may be of interest please let us know via the comments feature.

 

VULNERABILITIES & BUGS

Exchange Server 2007 Bitten By Leap Year Bug
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206901542
http://www.theregister.co.uk/2008/03/04/sql_server_hit_by_leap_year_bug/

Systems disclose sensitive data via SNMP
http://www.heise-online.co.uk/security/Systems-disclose-sensitive-data-via-SNMP–/news/110229

Another unpatched vulnerability in MS Access
http://www.heise-online.co.uk/security/Another-unpatched-vulnerability-in-MS-Access–/news/110227
http://www.scmagazine.com/uk/news/article/788608/new-ms-access-exploit-wild-panda/

Vulnerabilities in Trend Micro OfficeScan
http://www.heise-online.co.uk/security/Vulnerabilities-in-Trend-Micro-OfficeScan–/news/110222

New fraud risk for chip and PIN revealed
http://business.timesonline.co.uk/tol/business/money/consumer_affairs/article3448386.ece

PATCHES

Windows Vista Ultimate SP1 delayed
http://www.theregister.co.uk/2008/03/04/vista_ultimate_sp1_language_packs/

COMPUTER VIRUSES, WORMS & TROJANS

New virus tries to dupe victims into googling its name
http://www.scmagazine.com/uk/news/article/788655/new-virus-tries-dupe-victims-googling-its-name/

Chinese mobile users targeted by Trojan
http://www.theregister.co.uk/2008/03/05/mobile_ransomware_trojan/

Ransomware attacks target Symbian mobiles
http://www.vnunet.com/vnunet/news/2211194/ransomware-goes-mobile

Hybrid Trojan/worm attacks turn nasty
http://www.vnunet.com/vnunet/news/2211052/hybrid-worms-turn-nasty

EXPLOITS & ACTIVE ATTACKS

Windows Vista Hack Circulating
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206901318

Hack into a Windows PC – no password needed
http://www.theage.com.au/cgi-bin/common/popupPrintArticle.pl?path=/articles/2008/03/04/1204402423638.html
http://blogs.nzherald.co.nz/blog/griffins-tech-blog/2008/3/5/blog-kiwi-lets-loose-with-windows-hack/
http://www.theregister.co.uk/2008/03/04/windows_password_bypass_tool/
http://news.zdnet.co.uk/security/0,1000000189,39362134,00.htm

iPod envy sparks ‘iCrime wave’
http://www.smh.com.au/news/technology/ipod-envy-sparks-icrime-wave/2008/03/05/1204402500288.html

Windows-based cash machines ‘easily hacked’
http://www.zdnetasia.com/news/security/0,39044215,62038510,00.htm

GOVERNMENT SECURITY ISSUES

SCAP narrows security gap
http://www.gcn.com/print/27_5/45909-1.html

DOD continues offensive for cyberwarfare authority
http://www.fcw.com/online/news/151837-1.html

GCSB confirms action on spyware
http://www.stuff.co.nz/stuff/4423845a28.html

US government forces military secrets on Brit webmaster
http://www.theregister.co.uk/2008/03/03/mildenhall_website/

Nato beefs up cyber defences
http://software.silicon.com/security/0,39024655,39170263,00.htm

Dh3b ‘Shield’ infrastructure project for Abu Dhabi
http://www.khaleejtimes.com/DisplayArticleNew.asp?xfile=data/theuae/2008/March/theuae_March159.xml&section=theuae&col=

2008 Pentagon Report Identifies Key Developments In China’s Military, Cyber Might
http://www.allheadlinenews.com/articles/7010224315

Foreign Software: Security Threat?
http://www.military-information-technology.com/article.cfm?DocID=2354

DHS Doesn’t Want to Monitor Net, Chertoff Tells Bloggers
http://blog.wired.com/27bstroke6/2008/03/dhs-not-wanting.html#more

Met Police chief calls for European DNA database
http://www.vnunet.com/computing/news/2211158/met-police-chief-calls-european

SPAM, PHISHING & ONLINE SCAMS

Google Groups Grapples With Porn Spam
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206901462
http://www.theregister.co.uk/2008/03/03/google_groups_crud/

Oxfam Charity Spoofed By Lottery Scammers
http://www.securitypronews.com/insiderreports/insider/spn-49-20080304OxfamCharitySpoofedByLotteryScammers.html

PIRACY & COPYRIGHT

Most British filesharers would stop if warned – survey
http://www.theregister.co.uk/2008/03/05/wiggins_media_survey/

DATALOSS/INFORMATION SECURITY BREACHES

Unknown hacker hijacks Macao’s government website
http://news.xinhuanet.com/english/2008-03/03/content_7710750.htm

Details on 200 children stolen
http://www.shropshirestar.com/2008/03/05/details-on-200-children-stolen/

103,000 Doctors’ Social Security Numbers Posted on Website by Accident
http://www.weau.com/news/headlines/16061387.html

Missing laptop, data could affect Q-C Oscar Mayer employees
http://www.qctimes.com/articles/2008/03/03/news/local/doc47cc7e171b8bd249394271.txt?sPos=2

Thousands hit by card fraud
http://www.arabianbusiness.com/512710-thousands-hit-by-card-fraud?ln=en

Personal data lost by firm
http://www.lvrj.com/news/16249971.html

Hospital laptop theft sparks patient fears
http://www.borehamwoodtimes.co.uk/misc/print.php?artid=2094388

1,000 government laptops lost or stolen
http://www.24dash.com/news/Communities/2008-03-04-1-000-government-laptops-lost-or-stolen

25,000 student photos had no login protection
http://www.thepost.ohiou.edu/Articles/News/2008/03/04/23239/

Military IDs, Equipment Stolen Over Weekend
http://www.wisn.com/news/15475867/detail.html

O’Toole Renews Call For Immediate Investigation Of Horizon Blue Cross/Blue Shield Data Breach
http://www.politickernj.com/o%E2%80%99toole-renews-call-immediate-investigation-horizon-blue-crossblue-shield-data-breach-16933

ARRESTS, SENTENCING & CONVICTIONS

Italian jailed for emailing nude photos of ex-lover
http://today.reuters.co.uk/misc/PrinterFriendlyPopup.aspx?type=internetNews&storyID=2008-03-04T211856Z_01_L04585971_RTRIDST_0_OUKIN-UK-ITALY-PORN.XML
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10496282

Operation ‘Cisco Raider’ Nets $76 Million In Fake Gear
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206901053

Ex-anti-virus chief in spyware scareware scam charges
http://www.theregister.co.uk/2008/03/04/south_korea_scareware_fraud_charges/

Identity theft ring members indicted
http://www.rockymountainnews.com/news/2008/mar/03/identity-theft-ring-members-indicted/

Montanan accused of ID theft appears in court
http://www.greatfallstribune.com/apps/pbcs.dll/article?AID=/20080303/NEWS01/80303007/1002

US Attorney Reports Prison Sentence For Man Who Hacked Hotel Business Kiosks For Credit Card Data
http://www.lawfuel.com/show-release.asp?ID=17203

COURT CASES AND LEGAL ISSUES

TJX customers to claim eligibility for breach settlement
http://www.scmagazineus.com/TJX-customers-to-claim-eligibility-for-breach-settlement/article/107601/

Judge orders UA to surrender student information in file-sharing case
http://www.azstarnet.com/sn/hourlyupdate/228155.php

FTC Settles Breach Complaint with Student Lender
http://www.cio.com/article/192255/FTC_Settles_Breach_Complaint_with_Student_Lender

DATA PRIVACY & PROTECTION

National Security Trumps Personal Privacy, Government IT Pros Say
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206901345

Privacy watchdog slams European border control plans
http://www.theregister.co.uk/2008/03/05/european_border_controls/

BT targets 10,000 data pimping guinea pigs
http://www.theregister.co.uk/2008/03/05/bt_phorm_trial/
http://www.guardian.co.uk/technology/2008/mar/05/privacy.internet.phorm

French court tells Web site not to mark teachers
http://www.reuters.com/article/internetNews/idUSL0344940520080303

Biometrics screening for Olympics workers
http://www.timesonline.co.uk/tol/sport/london_2012/article3486089.ece

REPORTS & RESEARCH

Adware tops February malware chart
http://www.vnunet.com/vnunet/news/2211239/adware-tops-malware-chart

Researchers point out flaws in Ohio voting system
http://www.tgdaily.com/content/view/36297/118/

Security researchers to unveil pacemaker, medical implant hacks
http://www.cnet.com/8301-13739_1-9883822-46.html

COMMENTARY

AusCERT: Web apps, social networks, virtualisation to attract more attacks
http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=6101222

STUDIES AND SURVEYS

Survey: Enterprises Don’t Know Sensitive Data Flow
http://www.darkreading.com/document.asp?doc_id=147550

SECURITY AWARENESS

E-security lessons for Aussie kids
http://www.australianit.news.com.au/story/0,24897,23323338-15306,00.html

European Commission Proposes New Safer Internet Programme
http://www.itu.int/ITU-D/cyb/newslog/European+Commission+Proposes+New+Safer+Internet+Programme.aspx

MISC

BlackBerry-based SCADA puts plant control in your hands
http://www.drives.co.uk/fullstory.asp?id=2232

Cybercriminals to target Beijing Olympics?
http://www.zdnetasia.com/news/security/0,39044215,62038518,00.htm

Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise MagazineBBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.

About the Author: bhimport

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*