Alberto Bartoli's List: Security Incidents

"An unpatched security risk involving Adobe Flash creates a possible mechanism for hackers to load exploits onto websites."

www.theregister.co.uk/...adobe_flash_wallop - Preview

Vulnerable on 2009-11-27 and saved by 2 people

"Makers of Bind have warned of a security vulnerability in versions of the domain name resolution application that could allow attackers to trick servers into returning unauthorized results."

www.theregister.co.uk/...bind_dns_security_bug - Preview

DNS on 2009-11-27

"A new worm has been detected that hits jailbroken Apple iPhones harder than before.

Sophos claimed that this is the most serious malware to date as it turns infected iPhones into zombies, joining them to a botnet. Classifying it as ‘Duh' or ‘Ikee.B', it is designed to upload banking information to a server in Lithuania and to follow orders from remote hackers."

www.scmagazineuk.com/...158305 - Preview

Banking on 2009-11-27

"It culminated a year ago this month—on November 8, 2008—when a wave of thieves fanned out across the globe nearly simultaneously. With cloned or stolen debit cards in hand—and the PINs to go with them—they hit more than 2,100 money machines in at least 280 cities on three continents, in such countries as the U.S., Canada, Italy, Hong Kong, Japan, Estonia, Russia, and the Ukraine.
share.gif

When it was all over—incredibly within 12 hours—the thieves walked off with a total of more than $9 million in cash. "

www.fbi.gov/...atm_111609.html - Preview

Banking Bancomat on 2009-11-26

www.repubblica.it/...postamat.html - Preview

Bancomat Banking on 2009-11-26

www.theregister.co.uk/...spanish_card_payment_breach - Preview

Banking on 2009-11-20

"Innocent people have been branded as child abusers after malware infected their PCs, an AP investigation has discovered.

Technically sophisticated abusers sometimes store images of child abuse on PCs infected by Trojans that grant them illicit access to compromised machines."

www.theregister.co.uk/...re_child_abuse_images_frame_up - Preview

on 2009-11-09 and saved by 2 people

"Mossad reportedly used a Trojan to hack into a Syrian official's laptop while he stayed in a London hotel.

The information extracted was used to plan a bombing raid at a suspected nuclear reactor facility in Syria, "

www.theregister.co.uk/...mossad_syria_trojan_hack - Preview

hacking on 2009-11-09

www.h-online.com/...n-SSL-TLS-protocol-851478.html - Preview

Vulnerable SSL Banking on 2009-11-09

"Researchers say they've uncovered a flaw in the secure sockets layer protocol that allows attackers to inject text into encrypted traffic passing between two endpoints.

The vulnerability in the transport layer security protocol allows man-in-the-middle attackers to surreptitiously introduce text at the beginning of an SSL session, said Marsh Ray, a security researcher who discovered the bug. A typical SSL transaction may be broken into multiple sessions, providing the attacker ample opportunity to sneak password resets and other commands into communications believed to be cryptographically authenticated."

www.theregister.co.uk/...serious_ssl_bug - Preview

Vulnerable SSL Banking on 2009-11-09 and saved by 3 people

"Un virus informático ha dejado inutilizado durante al menos tres días el sistema con el que trabajan a diario empleados y funcionarios del Departament de Justícia de la Generalitat."

www.elmundo.es/...1257513446.html - Preview

on 2009-11-06

"The website of the Swedish Signals Intelligence agency (Försvarets Radioanstalt, or FRA) was taken offline by a massive DDoS attack this week."

www.theregister.co.uk/...swedish_spooks_ddos - Preview

on 2009-11-06 and saved by 2 people

"Online criminals have used the Automated Clearing House (ACH) system to facilitate the theft of more than $100 million from small and medium businesses, the FBI warned this week.

The attacks typically use social engineering via e-mail messages to install malicious software on the computers of managers responsible for a business's financial transactions. The Trojan horse then transfers money from the firm's account, when the manager signs onto the business's bank account. "

www.securityfocus.com/...1032 - Preview

Banking on 2009-11-06

"In the last year five British police forces have suffered major computer failures lasting three days or more as a result of malicious internet attacks.

The spate of intrusions by cybercriminals and the resulting outages was revealed recently by a senior authoritative source, who can't be identified because the disclosure was made under the Chatham House rule."

www.theregister.co.uk/...police_breaches - Preview

hacking on 2009-11-05 and saved by 2 people

"Unidentified hackers have penetrated the Swiss foreign ministry's computer system to seize data, forcing parts of it to be shut down for several days, the ministry revealed Monday."

www.google.com/...M5hgxAGXMxiw5_iBql1wtSs8BEuEBQ - Preview

hacking on 2009-10-29

"California is conducting a months-long investigation into audit logs inside the state’s electronic voting systems after reports of serious flaws with the logs — including the ability for an election official or someone else to delete votes without leaving an electronic trail."

www.wired.com/...audit-log - Preview

hacking on 2009-10-27 and saved by 2 people

"Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack. Their administrative interfaces are viewable from anywhere on the internet and their owners have failed to change the manufacturer’s default password."

www.wired.com/...vulnerable-devices - Preview

Vulnerable on 2009-10-27 and saved by 3 people

"«I professionisti del malware mirano ai dati degli utenti e ai loro soldi. Quindi non hanno interesse a essere "visti"» "

www.corriere.it/...b-11de-856b-00144f02aabc.shtml - Preview

Vulnerable VirusBot Banking on 2009-10-24

According to a report from the Government Accountability Office (GAO), there are weaknesses in NASA's information technology systems that could be exploited to gain unauthorized access to those systems. The controls NASA is implementing under the requirements of the Federal Information Security Management Act (FISMA) are inadequately enforced. The GAO's report gathered information from NASA headquarters in Washington DC, the Goddard Space Flight Center in Maryland, the Jet Propulsion Laboratory in California and several other NASA facilities. The weaknesses noted include failing to require strong passwords, not encrypting password files, failing to restrict user access to least privileges needed, and outdated configuration and patch management.

gcn.com/...-security-controls-broken.aspx - Preview

Vulnerable on 2009-10-23

"Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user's computer, the software maker warned."

www.theregister.co.uk/...adobe_reader_vuln_under_attack - Preview

hacking on 2009-10-09