Browse Blog Posts by Tags

Showing related tags and posts for the Blogs application. See all tags in the site
  • Online Fraudsters Prey Upon the Media and Public Interest in Current Events to Launch "Cease-Fire Trojan Attack"

    Yesterday morning, the RSA FraudAction Research Lab discovered a social engineering scam designed to lure people, via an email spam attack, to a fake news website designed to look like CNN.com. This “Cease-Fire Trojan Attack” attempts to bait readers leveraging recent news and “graphic...
    Posted to DP's Security Bits by Don on Fri, Jan 9 2009
    Filed under: Filed under:
  • Shangdu Web site in China: Mass Injection

    Websense® Security Labs™ ThreatSeeker™ Network has discovered that a large regional-based portal site named Shangdu in China is infected with a mass JavaScript injection that delivers a malicious payload. The reported page on the site has been mass-injected, attempting to deliver malicious...
    Posted to DP's Security Bits by Don on Tue, Jan 6 2009
    Filed under: Filed under:
  • Compromised Site: The Consulate of the Republic of Kazakhstan in Toronto

    Websense® Security Labs™ ThreatSeeker™ Network has discovered that the official Web site of the Consulate of the Republic of Kazakhstan in Toronto has been compromised. Multiple pages on the site, including the home page, contain malicious JavaScript code. The code de-obfuscates into...
    Posted to DP's Security Bits by Don on Tue, Jan 6 2009
    Filed under: Filed under:
  • Twitter phishing scam may be spreading

    There's a scam spreading through Twitter . Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, "hey! check out this funny blog about you..." The URL in the message then redirects to a page that looks like the Twitter...
    Posted to DP's Security Bits by Don on Mon, Jan 5 2009
    Filed under: Filed under:
  • Rogue MD5 SSL Certificate Vulnerability

    US-CERT is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could...
    Posted to DP's Security Bits by Don on Wed, Dec 31 2008
    Filed under: Filed under:
  • Download Site of China.com Compromised

    Websense® Security Labs™ ThreatSeeker™ Network has discovered that the download site under china.com has been compromised. Malicious code has been inserted into the homepage of the site. This code has been changing over the course of last week, leading to different exploit sites. The...
    Posted to DP's Security Bits by Don on Mon, Dec 29 2008
    Filed under: Filed under:
  • Trend Micro Releases Updates for HouseCall

    Trend Micro has released a patch to address a vulnerability in HouseCall 6.6. This vulnerability may allow an attacker to execute arbitrary code. Visitors to the publicly available HouseCall application may receive an older, vulnerable version of the control. US-CERT encourages users to review Hot Fix...
    Posted to DP's Security Bits by Don on Wed, Dec 24 2008
    Filed under: Filed under:
  • Mass Injection On John Sands Greeting Card Company Site

    Websense® Security Labs™ ThreatSeeker™ Network has discovered that the Web site of John Sands Greeting Card Company is infected with a mass JavaScript injection that delivers a malicious payload. Multiple pages on the site has been found to contain the said malicious code. John Sands...
    Posted to DP's Security Bits by Don on Wed, Dec 24 2008
    Filed under: Filed under:
  • Apple Releases Security Updates for Multiple Vulnerabilities - December 15, 2008

    Apple has released Security Update 2008-008 and Mac OS X v10.5.6 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, or information disclosure. US-CERT encourages users to...
    Posted to DP's Security Bits by Don on Mon, Dec 15 2008
    Filed under: Filed under:
  • Airline Ticket Email Scam

    US-CERT is aware of public reports of an email scam circulating that is targeting holiday travelers. The email messages related to this scam appear to come from legitimate major airlines and contain a .zip attachment. This .zip attachment appears to contain a purchase invoice and flight ticket. If a...
    Posted to DP's Security Bits by Don on Fri, Dec 12 2008
    Filed under: Filed under:
  • Malware Spreading via Social Networking Sites

    US-CERT is aware of public reports of malware spreading via popular social networking sites. The reports indicate that this malware is spreading through spam email messages appearing to come from Myspace.com, Facebook.com, and Classmates.com. The email contains a message indicating that there is a YouTube...
    Posted to DP's Security Bits by Don on Tue, Dec 9 2008
    Filed under: Filed under:
  • Fake Microsoft Advisory Targeting French Users

    Websense® Security Labs™ ThreatSeeker™ Network has discovered a ploy by scammers to trick users into executing a supposed fix for a Microsoft Security Advisory. The fraudulent email message references a real Microsoft Security Advisory 951306 (also known as CVE-2008-1436 ). The email...
    Posted to DP's Security Bits by Don on Mon, Dec 8 2008
    Filed under: Filed under:
  • Malicious Holiday Coupons and Promotions: McDonald's and Coca-Cola

    Websense® Security Labs™ ThreatSeeker™ Network has discovered another infectious holiday email making the rounds. Victims are receiving messages promoting a coupon from McDonald's or a holiday promotion from the Coca-Cola company. Both messages include a .zip attachment that contains...
    Posted to DP's Security Bits by Don on Wed, Dec 3 2008
    Filed under: Filed under:
  • Christmas Lures Being Distributed Via Spam

    Websense® Security Labs™ ThreatSeeker™ Network has discovered that malware authors are already using Christmas themes this year as a social engineering tactic, in an effort to gain control over compromised machines. This campaign uses email messages in the form of e-greetings, leading...
    Posted to DP's Security Bits by Don on Thu, Nov 27 2008
    Filed under: Filed under:
  • Malicious Code Spreading Through USB Flash Drive Devices

    US-CERT is aware of public reports of an increase in malicious code propagating via USB flash drive devices. Currently, there are two popular methods by which USB flash drives are being infected with malicious code. Please note that these are not the only two methods available. The first of these methods...
    Posted to DP's Security Bits by Don on Thu, Nov 20 2008
    Filed under: Filed under:
  • U.S. Federal Reserve Fraudulent Email Scam

    US-CERT is aware of public reports of a fraudulent email scam circulating via messages that falsely appear to be from the U.S. Federal Reserve. These email messages contain information about a phishing scam and links for users to follow to obtain additional information about the scam. If a user follows...
    Posted to DP's Security Bits by Don on Fri, Nov 14 2008
    Filed under: Filed under:
  • Orkut "Account Usage Notification" Malicious Spam

    Websense® Security Labs™ ThreatSeeker™ Network has discovered a new malicious social-engineering spam campaign masquerading as official emails sent by Google's Web 2.0 social networking site, Orkut. Orkut is one of the most popular social networking sites in Latin America and the...
    Posted to DP's Security Bits by Don on Thu, Nov 13 2008
    Filed under: Filed under:
  • U.S. Presidential Malware - Another Obama Lure

    Websense® Security Labs™ ThreatSeeker™ Network has discovered further activity from malware authors using the news of the U.S. Presidential campaign outcome as bait to attract users into executing malicious executables. So far we have over 25,000 emails through our systems that use the...
    Posted to DP's Security Bits by Don on Wed, Nov 5 2008
    Filed under: Filed under:
  • US Presidential Malware - Barack Obama Interview Lure

    Websense® Security Labs™ ThreatSeeker™ Network has discovered that malware authors are capitalizing on the recently announced results of the 2008 US Presidential election. Malicious email lures are being sent promising a video showing an interview with the advisors to the recently elected...
    Posted to DP's Security Bits by Don on Wed, Nov 5 2008
    Filed under: Filed under:
  • Worm Exploiting Microsoft MS08-067 Circulating

    US-CERT is aware of public reports of a worm circulating that has the capability of exploiting the recently patched vulnerability described in Microsoft Security Bulletin MS08-067. US-CERT encourages users to do the following to help mitigate the risks: Review Microsoft Security Bulletin MS08-067 and...
    Posted to DP's Security Bits by Don on Mon, Nov 3 2008
    Filed under: Filed under:
Page 4 of 14 (275 items) « First ... < Previous 2 3 4 5 6 Next > ... Last »