| Looking for the latest story on botnets? What about rootkits? Or maybe that IM worm you heard about? SpywareGuide News is your one-stop destination for the latest spyware, instant messaging, p2p and greynets headlines from respected sources such as eWeek, CNet, ZDnet and others. If you have a news feed, press release or product announcement you would like to see included on the SpywareGuide Greynets News page please contact us. | Eweek News | China Closes Hacker Training School, Arrests 3
China officials have shut down Black Hawk Safety Net, the country's biggest hacker training Website, and arrested three people for making hacker tools available online. - China announced it has arrested three people in connection with operating a hacker training school that distributed malware and hacking tools to its members in online forums. According to Xinhua, China s state-run newspaper, three people were arrested in connection with making the tools availabl... ... Researchers Present Web Application Attack Targeting Database Connection
At Black Hat DC, security researchers present a way to hack the connection between Web applications and the database, a method they call connection string parameter pollution. - Two security researchers unveiled a new attack at Black Hat DC that targets the connection between Web applications and databases. Independent researcher Jose Palazon and Chema Alonso of security vendor Informatica64 presented their finding, which they called a CSPP (connection string paramete... ... Microsoft Plans Massive Patch Tuesday Security Update
Microsoft is planning to fix 26 vulnerabilities for February's Patch Tuesday. Most of the vulnerabilities are related to Windows. - Microsoft is planning to release 13 security bulletins Feb. 9 as part of this month's Patch Tuesday. Five of the 13 bulletins are rated critical, seven are rated important and one is rated moderate. All but two of the bulletins address security issues in Windows, with the other two dealing with ... ... Report: Google to Partner with NSA for Cyber-Security
Google is reported to be finalizing a deal to partner with the National Security Agency to analyze the cyber-attack that hit the company in December so Google can prevent future attacks. - According to media reports, Google and the National Security Agency are planning to partner to improve cyber-security at the company in the wake of an attack that struck Google in December. The Washington Post reported that the NSA is working on an agreement with Google to help analyze the ... ... Microsoft Warns of IE Security Vulnerability
Microsoft releases an advisory about a new vulnerability affecting Internet Explorer that could allow an attacker to access files on a PC if the user is running Windows XP or using IE with Protected Mode disabled. - Microsoft is investigating claims of an Internet Explorer vulnerability that could allow an attacker to access victims' files. While Microsoft said it is not aware of any attacks targeting the vulnerability, the company warned Feb. 3 that if a user is not running IE in Protected Mode or is runn... ... Google, China and the Anatomy of the Aurora Attack
When Google reported in January that it had been the victim of a cyber-attack, it sparked what has turned out to be weeks of discussions and investigation. But what has become yet another entry on the list of cyber-security incidents between the United States and China began with a vulnerability in Internet Explorer. The December attack against Google turned out to be the tip of the iceberg. More than 30 enterprises are believed to have been impacted by what has since become known as Operation Aurora. At the center of Aurora is the IE vulnerability, which Microsoft had known about since September. Here, eWEEK looks at how the attack unfolded, including key events in the ongoing controversy between the United States, Google and China. eWEEK also looks at what enterprises can do to help prevent similar incidents. - ... ... Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days. - Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas... ... Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections. - Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September.... ... PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities. - PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati... ... Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington. - Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will... ... | | | CNet | Microsoft, Google split over browser bug bounty
Google follows Mozilla in launching program to pay researchers who find bugs, but critics say it won't necessarily pay off.... Verizon temporarily blocks some 4chan sites
Verizon spokesman says carrier blocked sites associated with online forum to thwart network attacks. It's not clear which sites were affected and exactly what the trouble was.... Security software maker Vitamin D exits beta
The software, created by three former Palm executives, lets people use an ordinary Webcam as a security system.... China breaks up Black Hawk hacking ring
The Xinhua news agency says police arrested three people suspected of running a group that disseminated hacking tools and Trojans to its members.... PCI compliance: What it is and why it matters (Q&A)
Bob Russo, general manager of the PCI Security Standards Council, explains what his organization is doing to keep payment card data out of the hands of criminal hackers.... New UI, features highlight McAfee 2010 suites
Security suite vendor McAfee debuts their 2010 product line today, introducing an overhauled interface and new features in a bid to remain competitive.... BlackBerry has spyware risk too, researcher says
Veracode researcher demonstrates spyware that allows someone to steal a stranger's contact list, read text messages in real time, and track the location of the phone.... Mozilla yanks infected add-ons, warns users
Two Firefox add-ons, Sothink Web Video Downloader 4.0 and all versions of Master Filer, were found to contain Trojan horse code aimed at Windows users.... Caught on tape: Pastry thief and a bad dog walker
Video-monitoring software from a trio of former Palm executives has led to some interesting discoveries. CNET has an exclusive look at what Vitamin D turned up during its beta testing.... DOJ not pleased with latest Google Book agreement
Justice Department says amended settlement didn't adequately address antitrust issues that give Google competitive advantages in the digital marketplace.... | | | ZDNet | Rugged Software Organization: Improving Software Quality and Security
Get on the rugged software bandwagon! by Dan Kusnetzky... China breaks up Black Hawk hacking ring
Chinese authorities have broken a hacking-tool dissemination ring, according to state media. by Tom Espiner ZDNet UK... Oracle releases emergency patch
Oracle has released a patch for a server flaw that can be exploited over a network without the use of a username or password. by Tom Espiner ZDNet UK... ISM3 brings greater standardization to security measurement across enterprise IT
BriefingDirect assembled a panel this week to examine the need for IT security to run more like a data-driven science, rather than a mysterious art form. It turns out, rigorously applying data and metrics to security can dramatically improve IT results and reduce overall risk to the business. by Dana...... Oracle rushes out patch for gaping server hole
The patch follows the public release of exploit code as part of the recent Week of Web Server Bugs. by Ryan Naraine... Firefox add-on contained toxic Trojan code
Mozilla has issued users with a warning that two add-on available from the official Add-ons website (addons.mozilla.org) contained code that infected Windows PCs. by Adrian Kingsley-Hughes... Mozilla Firefox hit by malware add-ons
Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months. by Ryan Naraine... Does Blippy really pose a security risk?
Researchers from Cyveillance are calling the recently launched "Twitter of personal service" Blippy, a "spear phisher's dream" due to the real-time purchasing history shared by its users. Does Blippy really pose a security risk? by Dancho Danchev... U.S. House passes cybersecurity research bill
The U.S. House of Representatives overwhelmingly approved a cybersecurity bill that calls for beefing up training, research, and coordination against cyberattacks. by Elinor Mills CNET News... Let compliance lead the way in preventing healthcare data breaches
With a number of security breaches last year - plus new regulations and security requirements - the pressure is on healthcare organizations to better control the security of their records. by Brian Cleary, Aveksa, Special to ZDNet... | | | FaceTime Communications | IBM Software Services for Lotus to Resell FaceTime Communications Security and Compliance Solutions
FaceTime and YellowJacket Partner for Enhanced Energy Trading Compliance
FaceTime's IMAuditor Messaging Compliance Solution Now Incorporates YellowJacket Instant Messaging Traffic... FaceTime Communications Names Tim Conley CFO
Newly Appointed Chief Financial Officer Brings Background in Network Security, IPOs, and Start-Ups to FaceTime's Executive Team... FaceTime Wins Financial-i Leaders in Innovation Award for Messaging Compliance
FaceTime Explores Social Media Compliance for Government Agencies at Gov 2.5 Conference
Government Agencies Need to Embrace Social Networks and Web 2.0 Applications in a Way that is Secure and Complies with Regulations... FaceTime Adds Squid Proxy Support to Unified Security Gateway to Extend Enterprise Security for Web 2.0 Platforms
FaceTime's USG 3.1 Now Supports Both Squid and Blue Coat Proxy Servers and Includes FaceTime Security Labs' Comprehensive Application Signature Database ... FaceTime's application database acquisition highlights need for Web 2.0 control and security
Acquisition of market-leading application signature database strengthens Check Point's network security leadership... FaceTime Communications Integrates Sophos's Anti-Virus Engine With New Unified Security Gateway 3.0
Industry Recognized Virus Scanning Now Part of FaceTime's Comprehensive Web 2.0 Security Appliance for Enterprise Networks... FaceTime Launches Augment, Migrate & Update (AMU) Kit for Blue Coat and Surfcontrol Users
New Unified Security Gateway adds security and control of social networks, twitter, and blogs to Blue Coat proxy environments, provides upgrade path for legacy Surfcontrol customers... "Facebook Face-off" at Work Places Businesses at Risk
| | |
