More than three quarters of IT managers are concerned about the security risks posed by remote working, new figures suggest. A study by networking company ZyXEL found that IT managers are worried about the possibility of hackers exploiting remote working practices to access the company network.
“Today we have technologies that allow us to connect from home and abroad with much greater ease than was previously possible,” said James Walker, sec… read more »
Cybercriminals are downsizing their botnets to try and trick software security companies. Computers infected with a virus unknowingly become “zombies” in a botnet — which is a network used to send out spam and to mount further attacks on other machines. The zombie army can be controlled remotely, with the botnet creators usually trying to build the largest possible botnet of compromised computers to rent out to gangs for as little a… read more »
Symantec has delayed its virtualised security system for Intel’s vPro platform because of licensing issues around the Windows CE platform, the company said on Tuesday. The delay is the latest setback for vPro, a bundle of Intel technologies aimed at business users. Among vPro’s capabilities are virtualisation — which is built into the Core chips used in vPro — and the ability for management tools to access features that are outsid… read more »
August 27th, 2007 in
Random Security Source:
zdnet.co.uk
Microsoft on Thursday blocked an application which could have allowed malicious code into the Vista kernel. The software giant blocked Atsiv, which circumvented a significant security feature in the 64-bit version of the operating system. The security feature — which is intended to prevent unsigned code from being loaded into the Vista 64-bit kernel — is designed to help mitigate malicious kernel drivers typically used by rootkits.
This was &… read more »
A security firm has detailed six ways to hack into VoIP phone systems that use the H.323 and Inter Asterisk eXchange protocols. Himanshu Dwivedi, principal partner at iSec, and Zane Lackey, security analyst there, also released exploit tools to back up their claims about the weaknesses in H.323 and IAX. Their presentation was made at the Black Hat conference in Las Vegas.
The researchers said they concentrated on H.323 and IAX phones because ther… read more »
Security researchers at the Black Hat show in Las Vegas are debating whether rootkits that mimic virtual machines can ever be detected. Joanna Rutkowska, researcher at Invisible Things, famously ignited interest in virtualised rootkit attacks after she showed off her creation, a rootkit called Blue Pill, at last year’s Black Hat.
She returned to Black Hat this year to acknowledge that researcher Edgar Barbosa has come closest to devising a … read more »
Media players in personal computers have serious vulnerabilities that could allow online criminals to attach malicious code and infect computers without the users’ knowledge, a researcher said Thursday. As a result, audio and video downloads can be turned into digital weapons that hackers could use to hijack or corrupt computers, said David Thiel, senior security consultant with San Francisco-based researcher iSEC Partners.
Thiel, who expos… read more »
Poor detection of the MPack data-theft toolkit by anti-virus software has allowed it to run riot on the Internet, a new analysis from Finjan has claimed. The company says that the malware system has been used to successfully infect 500,000 consumer and corporate users since it appeared some months ago, achieving unusually high infection rates of 16 percent from an attack profile of 3.1 million web-borne attempts.
To make matters worse, as of 29 J… read more »
Researchers at Core Security Technologies are to demonstrate an attack that could allow hackers to extract private information from databases - without requiring any bugs in the database management software. The demonstration, on Wednesday at Black Hat USA in Las Vegas, will involve timing attacks, a technique for breaking ciphers. It’s effective against databases using BTREE, the most popular database indexing algorithm and data structure,… read more »
Security vendors have warned email users to be as vigilant about PDF attachments as they would for other documents, after seeing a sharp rise in spam embedded within PDF documents. Email security vendor Messagelabs reports that PDFs made up 20 percent of image-based spam messages in July, up 10 percent on the month prior. Image-based spam makes up around 22 percent of total spam, the company said.
The security company believes attackers are using… read more »
