With the arrival of every new console comes a race for hackers to crack their way through the new toy’s security, and the PS3, after just over six months, has finally been defeated. An exploit has been found in versions 1.10 and 1.11 of the PS3 firmware which has allowed one cunning hacker to boot up copied versions of PS3 games. The fight isn’t over though – the game boots, but it doesn’t actually play, so there’s some way to go. And the exploit doesn’t allow for the running of unofficial (homebrew) programs, which is where the real meat of modding lies.
Read more…
Websense has discovered a new crimeware technique on the YouTube video clips website. When viewed, clips on the site activate a Trojan Horse via a file called âYouTube04567â, which is then downloaded onto the userâs PC. The payload code is an information stealing Trojan Horse which is designed to grab information from the userâs PC. It then uploads any sensitive information from the userâs PC to an undisclosed remote location.
Read more…
So here it is, iPhone month. At last. It’s been on the mind of many a gadget geek ever since Steve Jobs announced it in January. That’s a long time to make us wait, by the way, Steve. But will it be worthy of our expectations? Of course I’m referring here to our security expectations. Weâve all heard more than enough about the iPhoneâs features, revolutionary user interface, and so on, right? Perhaps my optical grep isnât what it used to be, but I sure donât recall even seeing the word security in that myriad of coverage about this new must-have gadget. Are we all being drawn into the functional specification trap that so many software developers fall for also? Are we paying too much attention to what this thing does and not enough about what can go wrong? Seems likely to me.
Read more…
MENTION the words IT security to a small-business owner and the chances are that he or she will start yawning. But IT security matters to small firms. Studies by Microsoft have found that seven out of ten small firms that suffer a big loss of company information go out of business within a year. Most of us know about viruses and spam, but what about phishing, key-logging and botnets? The number of cyber attacks is rising, with 62% of small firms saying they have suffered an information-security incident in the past year. And recent research by Business Link, the advisory service for companies, shows that almost half of small businesses expect a breach of their IT security in the next year.
Read more…
Hackers have broken into the capital city of the State of Nevadaâs general fund bank account and stolen $450,000. Investigators believe the hackers obtained the Carson City account log-in details after successfully uploading spyware to a city-owned computer. City treasurer Karen Avilla said she and her staff acted quickly after discovering the theft and, as a result, the bank was able to freeze 90% of the funds, although officials are still looking for the remaining $45,000. While she was investigating the first transfer, Avilla said she discovered a second unauthorised transfer worth $358,500, but that transfer was blocked at source.
Read more…
From a PIRT submission just a couple of days ago, we have three new brands that are being phished (never before seen in PIRT), Elsa State Bank & Trust, Premier America Credit Union, and Tyndall Federal Credit Union. Customers of these banks/credit unions should be on alert. The IP address that these phish reside on (compromised 219.248.62.85) comes back to AS9318, HANARO-AS Hanaro Telecom Inc. As you can see in the report link above, we have already sent out emails to all respective parties. If you have fallen victim to any of these phish we suggest you contact authorities immediately.
NEW YORK (Reuters) – A jewelry company on eBay Inc. that allegedly bid on its own auctions to illegally drive up prices by as much as 20 percent agreed to pay $400,000 in restitution and penalties, the New York state attorney general’s office said on Saturday. Ezra Dweck and employees of his company, EMH Group, placed more than 232,000 such bids worth some $5 million over about a one-year period, Attorney General Andrew Cuomo’s office said.
Read more…
GLOBAL – Microsoft has unveiled a partnership with Linux vendor Xandros that mimics the controversial Novell deal. The Redmond giant will provide Xandros users with a patent covenant that protects users from intellectual property claims. Microsoft will provide the patent licence directly to the end user, which allows it to circumvent patent licensing requirements in the General Public Licence (GPL) which governs Linux. Both companies said that they will collaborate to improve interoperability between Xandros and Microsoft software for servers and systems management.
Read more…
iDEFENSE has reported a vulnerability in Adobe Acrobat Reader, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error in the “mailListIsPdf()” function when checking input files. This can be exploited to cause a buffer overflow by e.g. sending an e-mail with a malicious PDF document attached or a link to one. Successful exploitation allows execution of arbitrary code.
Read more…
Singapore – Companies in Singapore sending e-mail advertisements will have to tag their messages with an “ADV” label and allow e-mail users to unsubscribe from the messages starting next Friday. Under the new law aimed at curtailing unsolicited commercial electronic messages, those who continue to send spam to people who have opted out will face penalties of 25 Singapore dollars (16 US dollars) for each message, up to a total of 1 million Singapore dollars (658,000 US dollars).
Read more…