Vulnerabilities & attacks

Microsoft tightens Windows 7 security for USB drives

In the wake of the Conficker worm spreading via removable storage devices among other methods, Microsoft said on Tuesday it is making a change to the way Windows 7 handles USB drives.

As a result of the change, most USB drives will not be able to automatically launch a program using a Windows feature known as AutoRun, Microsoft said in a post on its Security Research & Defense Blog.

So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microsoft said.

Fixed removable media, such as CDs and DVDs will still … Read more

Phishing with swine flu as bait

Phishers and spammers have caught swine flu fever and are exploiting fears around the outbreak to try to sell pharmaceutical products or steal information, security experts said Tuesday.

The e-mail scams have a subject line related to the swine flu and typically contain either a link to a phishing Web site or an attachment that contains malicious code, the US-CERT said in an advisory.

One scam features a malicious Adobe PDF document titled "Swine influenza frequently asked questions.pdf," according to Symantec. The malicious PDF file has been recognized as "Bloodhound.Exploit.6" and it drops … Read more

Another Adobe Reader security hole emerges

Updated 4:35 p.m. PDT with Adobe saying Windows, Mac and Unix versions of Reader are affected and more details.

Security experts are recommending that people disable JavaScript in Adobe Reader following reports of a vulnerability in the popular portable document format reader on Tuesday.

The vulnerability appears to be due to an error in the "getAnnots()" JavaScript function and exploiting it could allow someone to remotely execute code on the machine, according to an advisory from the US-CERT.

"US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk," … Read more

McAfee launches free online cybercrime help center

Is your computer acting funny? Are you worried that you may have visited a malicious Web site or opened an e-mail attachment with malware?

Instead of worrying about it you can now go to a new Web site McAfee is launching on Tuesday that is designed to help computer users figure out if they have legitimate reason to be concerned.

The new Cybercrime Response Unit offers a forensic scanning tool that checks for malware on the computer and cookies left by suspicious Web sites to help determine if the machine has been compromised. A toll-free number is available for people … Read more

Puerto Rico sites redirected in DNS attack

An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva.

Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, Amichai Shulman, chief technology officer at Imperva, said on Monday.

A group calling itself the "Peace Crew&… Read more

RSA 2009: A yawner at best

In my humble opinion, the RSA 2009 security conference, held this week in San Francisco, was extremely flat compared with past years. Yes, the economy had a lot to do with it. I believe last year's attendance was around 17,000 people, and I've heard that this year was off about 12 percent to 13 percent. Personally, I can't believe there were more than 10,000 folks there.

Beyond economic woes however, RSA 2009 was still rather lifeless for a few reasons:

The speakers. The keynote speakers really had nothing new to say. This was especially troubling … Read more

RSA 2009: Security pros stay on message

The RSA Conference 2009 brings security professionals together in San Francisco to talk about the latest developments in protecting consumers and businesses online.… Read more

Google fixes severe Chrome security hole

Google released a new version of its Chrome browser Thursday to fix a high-severity security problem.

The problem affects Google's mainstream stable version of Chrome and is fixed in the new version 1.0.154.59 (download). Google has built Chrome so it updates itself automatically with no user intervention, though the software must be restarted for the new version to run.

The security problem, reported April 8 by Roi Saltzman of the IBM Rational Application Security Research Group, allowed cross-site scripting attacks. Such methods can make a Web browser process unauthorized code such as JavaScript, enabling a variety … Read more

Hacking online games a widespread problem

SAN FRANCISCO--It will likely come as no surprise to anyone familiar with virtual worlds and online games that they can be hacked. But what might come as a shock is the sheer breadth of types of exploits that are possible.

That was the broad message of a Thursday panel called, appropriately, "Exploiting Online Games" at the RSA 2009 security conference here.

Moderated by Gary McGraw, CTO of software security consulting firm Cigital and an author of several books, the panel took the audience on a deep dive into the diverse ways that hackers and others have figured out … Read more

Conficker infected critical hospital equipment, expert says

Updated 7:50 a.m. PDT April 24 to specify that the infection was in the U.S.

SAN FRANCISCO--The Conficker worm infected several hundred machines and critical medical equipment in an undisclosed number of U.S. hospitals recently, a security expert said on Thursday in a panel at the RSA security conference.

"It was not widespread, but it raises the awareness of what we would do if there were millions" of computers infected at hospitals or in critical infrastructure locations, Marcus Sachs told CNET News after the session. Sachs is the director of the SANS Internet Storm … Read more