Sign up for our Technology Newsletter 
WordPress Attacked By Hackers
March 14, 2012 by admin
Filed under Around The Net
Comments Off on WordPress Attacked By Hackers
Security outfit Websense said that more than 200,000 infected pages that redirect users to websites displaying fake antivirus scans have been created. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said.
Cybercriminals gangs have switched to drive-by download attacks that exploit vulnerabilities in outdated browser plug-ins to automatically download and install their rogue software. The large number of infected Web pages seen in this campaign is an indication that these scams still work. Vulnerable websites are a rich source of opportunity for cybercriminals. More than 85 percent of the compromised sites were located in the US, but their visitors were geographically dispersed.
Can Hackers Attack A Trains Network?
January 7, 2012 by admin
Filed under Around The Net
Comments Off on Can Hackers Attack A Trains Network?
Security expert Professor Stefan Katzenbeisser of Technische Universität Darmstadt told a security conference in Berlin that the GSM-R which is being installed in train networks makes them vulnerable to hackers.
Katzenbeisser said that the new system was vulnerable to “Denial of Service” attacks and, while trains could not crash, service could be disrupted for quite some time. Speaking to the Chaos Communication Congress he said that Network Rail is currently installing GSM-R across the British railway network.
It uses the similar technical standards to 2G mobile networks and is due to replace older signalling technology in southern England next year, and throughout the whole country in 2014. But train switching systems, which enable trains to be guided from one track to another at a railway junction, have historically been separate from the online world. If they were connected to the internet as they are in GSM-R they could be hit by Denial of Service attacks.
Spam Is At A Two-Year High
Spam – particularly the kind with malicious attachments – is enjoying a growth spurt, reaching a two-year high overall, which includes the spike last fall just before the SpamIt operation folded its doors, a security firm says.
In fact spam traffic is about double what it was then, according to M86 Security Labs, which analyzes spam levels across selected domains.
“After multiple recent botnet takedowns, cybercriminal groups remain resilient clearly looking to build their botnets and distribute more fake AV in the process,” the company says in its blog. “It seems spammers have returned from a holiday break and are enthusiastically back to work.”
This report coincides with a report yesterday from Internet security company Commtouch, which says a spike in email-attached malware has just ended, but that further waves are expected.
M86 says in its blog that most of the spam is generated by the Cutwail botnet, and malicious spam accounted for 13% of the mix over the past week, which is unusually high, but even that spiked to 24% yesterday.
Microsoft’s IE Latest Flaw: ‘Cookiejacking’
Comments Off on Microsoft’s IE Latest Flaw: ‘Cookiejacking’
A technology security researcher has discovered a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said may allow hackers to steal credentials to access FaceBook, Twitter and other websites.
He coined the technique as ”cookiejacking.”
“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.
Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta wrote.
Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”
The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.
To take advantage of this flaw, the hacker must first persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.
That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.
“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”
Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.
“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.
Hackers Breach WordPress Servers
April 15, 2011 by admin
Filed under Around The Net
Comments Off on Hackers Breach WordPress Servers
Hackers have gained access to several servers that support WordPress and may have obtained source code, according to the founding developer of Automattic, the company behind the popular blogging platform.
Matt Mullenweg wrote on the WordPress blog that Automattic has been reviewing log records to determine how much information was breached and re-evaluating “avenues to gain access.”
“We presume our source code was exposed and copied,” Mullenweg wrote. “While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”