- UK Council Loses Memory Stick with Details of 18,000 Residents
Rochdale Metropolitan Borough Council somehow managed to lose a memory stick that contained information on 18,000 of their residents. The stick, which was lost in May, contained details such as names, addresses and payment info but fortunately, no bank account records were present. As it turns out, the USB storage device had been used by an officer from the institution’s finance department to collate information required for final accounts.
The ICO began an investigation and found that the data protection practices were in breach with the Data Protection Act. While most of the info was of public interest and was already published online, the Commissioner’s Office considered the council failed to provide data protection training for its staff.
“Storing the details of over 18,000 constituents on an unencrypted device is clearly unacceptable. This incident could have been easily avoided if adequate security measures had been in place. Luckily, the information stored on the device was not sensitive and much of it is publicly available. Therefore, the incident is unlikely to have caused substantial distress to local people,” said Acting Head of Enforcement, Sally Anne Poole.
Source: - Microsoft releases temporary fix for critical Windows bug
Microsoft has issued a temporary fix for a critical Windows vulnerability that has already been exploited to install highly sophisticated malware that targeted manufacturers of industrial systems.
In an advisory issued late Thursday, Microsoft said the previously unknown flaw in the Win32k TrueType font-parsing engine affected every supported version of Windows, including Windows 7 and Windows Server 2008, which are the most secure to date. The critical vulnerability was recently exploited to spread Duqu, malware that some researchers say was derived from last year’s Stuxnet worm that sabotaged Iran’s uranium enrichment program.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode,” the advisory warned. “The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” The accompanying Fix it is designed to protect against exploits until a permanent patch is issued. The company didn’t indicate when that would happen, except to say it wouldn’t be before next Tuesday’s regularly scheduled security update release.
Source: - Cyber-espionage attempts on US businesses are on rise
The Office of the National Counterintelligence Executive has just published a report to Congress that presents a frightening picture of the degree to which other countries use cyber espionage to attempt to gain business and industrial secrets from US companies. And while the biggest perpetrators of cyber-espionage against American business are no surprise—China and Russia—some US allies have engaged in efforts to obtain sensitive business and technology information as well. The report projects that China and Russia will “remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace.”
The same technological advances that many companies see as increasing productivity and reducing cost of operations are creating a huge risk of additional cyber-espionage by the ONCE’s assessment. The persistence of Internet-connected devices such as smartphones, the use of cloud computing and the rise of telework all elevate the risk of data theft, the report suggests. And the globalization of business through IT lowers the threshold further. “National boundaries will deter economic espionage less than ever as more business is conducted from wherever workers can access the Internet,” the report states. “The globalization of the supply chain for new—and increasingly interconnected—IT products will offer more opportunities for malicious actors to compromise the integrity and security of these devices.”
The biannual report is mandated by a provision of the 1995 law funding US intelligence organizations. But this edition is the first to focus heavily on cyber-espionage, reflecting how most critical data now passes over networks. The research behind the report also draws heavily from Defense Department intelligence resources as well as those of other US government agencies and the private sector.
The report pointed out that attribution of cyber-espionage efforts is difficult at best, and that while “Chinese actors are the world’s most active and persistent perpetrators of economic espionage” and the vast majority of attacks on US businesses have come from within China, the intelligence community cannot confirm who was responsible for them, let alone whether they were state sanctioned and funded.
However, the report classified the Chinese government as a “peristent collector,” and said that the Chinese frequently tried to exploit Chinese citizens or people with family or other connections to China working within US companies to steal electronic data from their employers. The the report also singled out Russia’s intelligence services as “conducting a range of activities to collect economic information and technology from US targets.”
Read the comments on this post
- Microsoft expected to offer hot fix for Duqu soon
The big zero-day exploit on everyone's mind is Duqu, or "son of Stuxnet" – but researchers don't expect Microsoft to include a patch for it in next week's Patch Tuesday. Instead, a manual fix could be out as soon as this week.
- Microsoft to patch critical Windows 7 bug in ‘upside down’ update next week
Microsoft today said it will issue four security updates next week to patch four vulnerabilities in Windows.
- Romanian eBay hacker and prosecutor both unhappy with appeal ruling
Romanian eBay hacker Vlad Duiculescu, known online as “Vladuz,” lost the appeal to get his three-year suspended prison sentence reduced on Tuesday.
- MIT server hijacked and used in drive-by attack campaign
A server belonging to the Massachusetts Institute of Technology was commandeered by hackers who used it to launch attacks against other websites as part of a larger drive-by download campaign, according to antivirus vendor BitDefender.
- Is .info the New .cc?
By Kurt Baumgartner
In April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv. That DNS setup later led to FakeAv downloads for the Mac as forecast. But FakeAv distribution has been steadily declining since the beginning of the year, and a few related major events have occurred over the past six months. Blackhole operators have migrated to .info domains, along with other related malicious site operators. Have they pushed .info to become the new .cc? - What Is Duqu Up To?
As researchers debate a Duqu-Stuxnet connection and study a new zero-day Duqu exploit, still no word on the actual targets or its mission.
- MIT server hijacked and used in drive-by attack campaign
A server belonging to the Massachusetts Institute of Technology was commandeered by hackers who used it to launch attacks against other websites as part of a larger drive-by download campaign, according to antivirus vendor BitDefender.
- MIT server hijacked and used in drive-by attack campaign
A server belonging to the Massachusetts Institute of Technology was commandeered by hackers who used it to launch attacks against other websites as part of a larger drive-by download campaign, according to antivirus vendor BitDefender.
Digest powered by RSS Digest
Update your antivirus and be careful out there because there is “A new exploit targeting Internet Explorer was published to the 
Hackers always think of innovative ways to deliver malware to