User-provided password retrieval hints in Windows 7 and 8 operating systems are vulnerable to being retrieved and decoded by attackers.
That finding was made by two security researchers who’ve been studying ways to increase the reliability of tools designed to extract Windows registry information.
via Windows Password Clues Easy To Crack – Security – End user/client security – Informationweek.
New configurations of the Shylock financial malware inject attacker-controlled phone numbers into the contact pages of online banking websites, according to security researchers
via Shylock malware injects rogue phone numbers in online banking websites.
Microsoft last week warned IT administrators that critical vulnerabilities in code licensed from Oracle could give attackers access to Exchange Server 2007 and Exchange Server 2010 systems.
Oracle patched the vulnerabilities in its “Oracle Outside In” code libraries as part of a massive update on July 17 that fixed nearly 90 flaws in its database software.
via Microsoft warns of critical Oracle code bugs in Exchange.
A tool for testing if Web application firewalls WAFs are vulnerable to around 150 protocol-level evasion techniques was released at the Black Hat USA 2010 security conference on Wednesday
via Tool released at Black Hat contains 150 ways to bypass Web application firewalls.
Beware financial malware that’s trying to harvest usernames and passwords from a major newspaper’s website.
That unusual warning comes by way of security firm ESET, which said it’s observed financial malware known variously as Gataka and Tatanga being used in four recent attack campaigns.
via Banking Trojan Harvests Newspaper Readers’ Credentials – Security – Vulnerabilities and threats – Informationweek.
Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
via FTC Sues Wyndham Hotels Over Data Security Failures – Security – Privacy – Informationweek.
The US Department of Homeland Security DHS has implemented authentication-as-a-service AaaS across more than 100 applications, according Richard Spires, the department’s chief information officer
via Infosecurity – DHS implements authentication-as-a-service across 100 apps.
In April 16, 2011, meanwhile, the indictment said that Miller chatted with the undercover agent and said hed accessed two nersc.gov supercomputers owned by the National Energy Research Scientific Computer Center NERSC, which provides computer resources for the U.S. Department of Energy. In July 2011, authorities said that for $50,000, he offered to sell the undercover agent “login credentials to a series of computer networks that would enable remote access to the domain nersc.gov.”
via Feds Bust Hacker For Selling Government Supercomputer Access – Security – Attacks/breaches – Informationweek.
Improved online bank security has driven cybercriminals to start using a type of Trojan tool that automates money theft from compromised accounts in ways that are invisible to account holders, Trend Micro has discovered
via New generation of bank Trojans can make invisible transfers.
Security researchers have published detailed information about how Flame malware spreads through a network by exploiting Microsoft’s Windows Update mechanism.
Their findings answer a key question: How could Flame infect fully patched Windows 7 machines?
via Experts show how ‘Flame’ malware fakes Windows.