Other News

Questions, Doubts greet Researcher’s Claim to have Chrome Zero Day

Questions, Doubts greet Researcher’s Claim to have Chrome Zero Day

Google says that it will wait to see what transpires at a New Delhi hacking conference this week before responding to a researcher’s claim that he has discovered a remotely exploitable vulnerability in its Chrome web browser. Speaking with Security Ledger, Google spokeswoman Jessica Kositz said that the company was aware of claims by Georgian researcher Ucha Gobejishvili that he has discovered a previously unknown (zero day) security hole in Chrome and will demonstrate it at this week’s MalCon hacking conference. Gobejishvili described the security hole in Chrome as a “critical vulnerability.” “It has silent and automatically (sp) download function…and it works on all Windows systems” he told Security Ledger in an online chat session. While the Tbilisi-based researcher won’t say much about the hole, he told Security Ledger that he discovered it in July. The vulnerability is in a DLL (dynamic link library) that is part of the browser […]

Profile Poisoning the Next Frontier for Hackers

Google and Facebook already know everything about you – your interests, friends, tastes and even your movements. That’s already a privacy nightmare, but researchers at the Georgia Institute of Technology’s Information Security Center (GTISC) think it could soon be a security nightmare, also. Automated information systems already determine what version of the news most of us see. But researchers at Georgia Tech warn that the power of such systems to shape what each of us see online could soon become a powerful tool in the hands of sophisticated attackers, who might look for ways to manipulate victims’ online profile to steer them to certain sites, according to the report “Emerging Cyber Threats Reports 2013.” Researchers at Georgia Tech said attacks that manipulate a victim’s search history, part of their online profile, using cross-site request forgery are already technically feasible. In practice, they would allow for a kind of super-search engine […]

U.S. Government also Targeted by Malware Used In Attacks on Israelis, Palenstinians

U.S. Government also Targeted by Malware Used In Attacks on Israelis, Palenstinians

The recently reported malicious software attacks against Israeli and Palestinian targets have expanded to hit other targets, including individuals working within the U.S. Congress, the UK government and government workers in countries ranging from Turkey to Slovenia and New Zealand, according to a report from security firm Trend Micro. In a blog post on Wednesday, Trend Senior Threat Researcher Nart Villenueve wrote on the company’s Security Intelligence blog that  those attacks are ongoing and involve a much wider list of targets that initially reported. The attacks first came to light after a Times of Israel report revealed on October 28 that computer systems used by that country’s police departments were taken offline following a virus infection. Subsequent analysis by Trend and others (PDF) revealed that the malware used in the attacks was a variant of the common Xtreme Remote Access Trojan (Xtreme RAT) – an information stealing program that can be […]

Adobe Acknowledges Hack of User Forum For Connect Service

Adobe Acknowledges Hack of User Forum For Connect Service

Software giant Adobe on Wednesday confirmed claims by a self-proclaimed “Egyptian” hacker to have compromised a user support forum frequented by customers of its Connect web conferencing technology, stealing user account information and posting some of it online. Adobe’s Director of Connect, Guillaume Privat, acknowledged in a blog post on Wednesday that the compromise of the Connectusers.com forum by an “unauthorized third-party” was for real and that the company has disabled the forum while it investigates the incident. The breach was first disclosed on Tuesday when a hacker calling himself “ViruS_HimA” posted what appeared to be account e-mail and password information online through web sites like pastebin.com and sendspace.com. The hacker claimed to have compromised a database server used to maintain the Connnectusers.com forum and downloaded information on 150,000 account holders, including the users names, login IDs, hashed password values, employer and e-mail address. The motive for the hack was […]

Report: Insecure SEC Laptops Toted To Black Hat

Report: Insecure SEC Laptops Toted To Black Hat

What’s worse than neglecting to encrypt the data on the government-issue laptop you use to handle sensitive data related to the workings of U.S. equities markets? How about hopping on a plane and bringing said laptop with you to the Black Hat conference in Las Vegas, one of the world’s largest gatherings of hackers. That’s just one of the allegations in an as-yet unreleased Inspector General report on irregularities at the U.S. Securities and Exchange Commission (SEC), according to a report on Friday by Reuters. The Inspector General’s report, a copy of which was reviewed by Reuters, found evidence of widespread lapses in information security within the agency that acts as a watchdog over stock markets and exchanges within the U.S. Among other errors, staff at the SEC failed to encrypt laptops containing sensitive stock exchange data or even install antivirus software on those systems, Reuters reported. The Inspector General […]