Monthly Archives: May 2011

Blackhat SEO poisoning topping the charts

Mal/SEORed-A threat alert

Blackhat SEO attacks account for over 30% of all detections seen by Sophos customers protecting their web traffic.

Learn what you need to do at your company to protect yourself and your fellow users.

Apple malware evolved - No password required

MacSecurity245

A new variant of the fake security software for OS X was discovered today and it no longer requires administrators to enter their passwords. We take a brief look at the advancement of malware on the Mac over the last month.

Dear Apple: Welcome to team anti-malware

Image (3) trojan250.png for post 2790

Apple has posted a knowledge base article detailing how to remove the MacDefender Trojan, but it seems that they may not understand the terminology of the security industry... We would like to welcome them to the team and encourage them to work with us more closely.

Jason Allen / Amy Allen virus hoax spreads on Facebook

Jason Allen / Amy Allen virus hoax spreads on Facebook

Messages being shared across Facebook warn users not to add as a Facebook friend people called "Jason Allen" or "Amy Allen".

But in truth, it's a new hoax spreading like a chain letter across the social network.

Sony Ericsson acknowledges Canadian e-commerce site hacked

SonyEricssonLogo245

Sony Ericsson is the latest Sony property to be compromised through a SQL injection attack. Over 2,000 password hashes, email addresses and full names were disclosed. This is the tenth hack in 5 weeks, will Sony stop bleeding our data soon?

Apple support to infected Mac users: "You cannot show the customer how to stop the process"

FakeMacAVFeat

ZDNet reports that Apple is instructing tech support contractors not to help customers who are infected with Mac Defender fake anti-virus. This builds on ZDNet's report from last week, but provides insights that 60,000 or more Apple users may be affected.

Sony Music Japan hacked through SQL injection flaw

Sony Music Japan hacked through SQL injection flaw

Sony Music Japan has been hacked by a group known as Lulz Security. The latest breach did not expose sensitive user details, but adds to the growing list of Sony websites vulnerable to SQL injection attacks.

Do-not-track off to a slow start, Mozilla adds support for Android

Private245

At a recent privacy conference the conclusion was that the voluntary adoption of the do-not-track feature in browsers is off to a slow start. Mozilla announced support for do-not-track on Android, and Google's privacy counsel doesn't know what it means...

Sony BMG Greece the latest hacked Sony site

SonyBMGgr245

Another Sony website has succumbed to an attack disclosing personal details of Sony customers. SonyMusic.gr was attacked through SQL injection and information disclosed on pastebin.com.

SSCC 60 - Obama Proposals, Square Enix, Mac threats

Sophos Security Chet Chat 41

In this week's podcast Chester Wisniewski and Ben Jupp discuss the hype and the truth behind the recent Mac rogue security attacks and discuss Obama's proposed changes to RICO, Square Enix and Sony.

What is Zeus? Notorious malware under the microscope

What is Zeus? Notorious malware under the microscope

Zeus, also known as ZBot, has grown into one of the most popular (or should that be unpopular?) and widespread crimeware kits on the internet.

Download our technical paper which takes a closer look at the infamous malware.

Profile Stalkers on Facebook? Check out the viral scam that's spreading

Check out your profile stalkers on Facebook, and you'll be scammed

Will you really see who views your Facebook profile? Will you really discover who your top profile stalkers on Facebook are?

Maybe it's time for a reality check.

Converting currency on Google can lead to malware attack

Converting currency on Google can lead to malware attack

Blackhat SEO techniques are being used to infect users doing online currency conversions.

Hottest & Funniest Golf Course Video scam spreads virally on Facebook - beware!

Hottest & Funniest Golf Course Video scam spreads virally on Facebook - beware!

A video of a man showing a scantily clad young woman how to play golf is in fact a fast-spreading Facebook scam.

Make sure that you don't click on the link, or you could be helping scammers earn money.

Microsoft study asserts social engineering more common than exploitation

OKButton245

Microsoft published numbers this week highlighting the success of it's SmartScreen reputation filtering. I look at the numbers and draw a rather different conclusion.

TinKode hacks into NASA servers, posts evidence of breach online

TinKode hacks into NASA servers, posts evidence of breach online

A hacker with a history of breaking into high profile websites to expose poor security has claimed to have broken into servers belonging to NASA's Goddard Space Flight Center.

Are your web servers properly secured?

Google rolls out silent fix for Android security vulnerability

Google rolls out fix for Android security vulnerability

Good news for any owners of Android devices worried about the recently announced security vulnerability that could allow allow unauthorised parties to snoop on your Google Calendar and Contacts information.

President Obama's cybersecurity plan - Part 2 Data Breach Notification Act

IDTheft245

As part of last week's cybersecurity announcements President Barack Obama and Howard Schmidt detailed their proposal to unify data breach notification laws in the United States. Here we present the details and explain what this proposal means if it is passed into law.

Malware on your Mac? Don't expect AppleCare to help you remove it

Malware on your Mac? Don't expect AppleCare to help you remove it

Technology writer Ed Bott has interviewed an AppleCare support representative, who reveals that the overwhelming majority of calls they are receiving are about malware.. on Mac computers.

Mac App Store exposes users to security risks, claims researcher

Mac App Store exposes users to security risks, claims researcher

If you are using the Apple Mac App Store you might be putting your computer's security at risk, because of the service's tardy attitude to critical updates.