Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Erin Devoto, Director
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

View Archived Newsletters


Information Security News

PLEASE NOTE: We have made another change that we hope will provide you with more accessiblity and features by moving our newsletter to a Web 2.0 Blogging environment.

We will still be posting new items as they arise and as we are able, and will use email notifications now and then to remind you to check out the newsletter and to inform you of any particularly dangerous or imminent threats. We highly recommend that you subscribe to the RSS feed to which you will find links on the newsletter site and on the widget on our home page. That will ensure that you are notified of new postings immediately. If you choose not to do so, please check back regularly on your own so you don't miss anything important.

You can get to our new version of the newsletter from our home page, or go directly there by following this link: DoIT Tech Talk

All of our earlier postings are still available in our archives.

As noted, all of our content is now available via RSS feed. In case you don't know how to subscribe to RSS feeds and missed the tip where I gave instructions on how to do so - I've archived that tip here.

'Geek Word O' the Day'!Rootkit:

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

For more definitions check out our Glossary


Bulletins posted 06/17/2010

Police bust massive global credit card fraud ring

Police in 12 countries have arrested 178 individuals linked to an international credit card fraud ring. According to a statement from the Spanish Interior Ministry, the arrests were the result of a two-year investigation that included 84 raids carried out in France, Italy, Germany, Ireland, Romania, Australia, Sweden, Greece, Finland, Hungary and the United States.

Angela Moscaritolo, SC Magazine

Eastern European banks under attack by next-gen crime app

Banks in Russia and Ukraine are under continued siege by criminal gangs wielding a sophisticated, next-generation exploitation kit that hacks the financial institutions' authentication system and then hits it with a denial-of-service attack.

Dan Goodin, The Register

Feds block sale of crooks favourite messaging client

AOL's sale of ICQ messaging software to Russian firm Digital Sky Technologies might yet be blocked by US authorities, which fear losing access to transcripts from the criminal fraternity's favoured messaging product.

John Oates, The Register

Bulletins posted 06/14/2010

Linux Trojan Raises Malware Concerns

I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise.

Tony Bradley, PC World

Security Alert for Windows XP Users

Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.

Brian Krebs, krebsonsecurity

Red Condor Detects Sophisticated One-Two Punch Malware Campaign

Scammers using spoofed brands, social engineering, and phishing tactics to distribute malware on PCs via drive-by download.

Dark Reading

Bulletins posted 06/11/2010

Brute force script snatched iPad e-mail addresses

The harvesting of over 100,000 iPad 3G owners' e-mail addresses was not a hack or a classic data breach, but a brute force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday.

Gregg Keizer, Computerworld

Adobe Flash Update Plugs 32 Security Holes

As promised, Adobe has released a new version of its Flash Player software to fix a critical security flaw that hackers have been exploiting to break into vulnerable systems. The update also corrects at least 31 other security vulnerabilities in the widely used media player software.

Brian Krebs, krebsonsecurity

Bulletins posted 06/09/2010

Apple launches Safari 5, patches record 48 bugs.

Apple on Monday shipped the latest version of its Safari browser, patching a record 48 vulnerabilities, including one that a pair of hackers exploited in March to win a $15,000 prize.

Gregg Keizer, Computerworld

ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.

Brian Krebs, krebsonsecurity

Bulletins posted 06/04/2010

Tens of thousands of bots are cracking CAPTCHAs and joining websites in order to steal information, extort money

Botnets increasingly are creating phony online accounts on legitimate websites and online communities in order to steal information from enterprises. This alternative form of targeted attack by botnets has become popular as botnet tools have made bots easier to purchase and exploit. Merrick Furst, botnet expert and distinguished professor of computer science at Georgia Tech, says bots are showing up "en masse" to customer-facing websites -- posing as people.

Kelly Jackson Higgins, DarkReading

warning

For more information on what a CAPTCHA is, visit: http://www.captcha.net/

Attempts to Infect Computers Increases

Attempts to infect computers has increased more than 25 percent according to Kaspersky Lab. In the first three months of 2010, more than 327 million attempts were made to infect user computers in a variety of countries around the globe. From the previous quarter, this is an increase of 26.8 percent.

Michael Cheek, thenewnewinternet

ATM Skimmers: Separating Cruft from Craft

ATM skimmers –or fraud devices that criminals attach to cash machines in a bid to steal and ultimately clone customer bank card data — are marketed on a surprisingly large number of open forums and Web sites. For example, ATMbrakers operates a forum that claims to sell or even rent ATM skimmers. Tradekey.com, a place where you can find truly anything for sale, also markets these devices on the cheap.

Brian Krebs, krebsonsecurity

Microsoft plans gigantic Patch Tuesday

Microsoft today said it will deliver 10 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office and SharePoint.

Gregg Keizer, Computerworld

Bulletins posted 06/02/2010

What you don't know about your online reputation can hurt you

Social networking, and the broader concept of online privacy, have been under some rather intense scrutiny over the past couple of weeks. The issues at Google--voracious indexer of all things Internet, and Facebook--the largest social network and number one most visited site (according to Google) have made many users more acutely aware of what information is available about them on the Internet. However, your online reputation is being used in ways you may not be aware of, and could cost you.

Tony Bradley, PC World

warning

A reminder to be mindful of your activities on any social network.

Security firm discovers spyware in MAC software

Intego, makers of security and privacy apps for the Mac, warned on Tuesday that some Mac software include a new piece of invasive spyware. Macworld has obtained a preliminary list of the applications with the spyware.

David Chartier, Macworld

China chases US in latest supercomputer ranking

China has finally achieved its ambition of becoming a calculating superpower with news that one of the country's supercomputers is now the second most powerful number-cruncher on earth.

John E. Dunn, TechWorld

Bulletins posted 05/26/2010

Researcher finds new type of phishing attack

A researcher has found a new method for carrying out phishing attacks "that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab," according to ThreatPost.

Michael Cheek, Thenewnewinternet.com

Four-year-old rootkit tops the charts of PC threats

With nearly 2 million infected systems cleaned, the nefarious Alureon rootkit comes out on top. Since it first appeared in 2006, Alureon (known in various incarnations as TDSS, Zlob, or DNSChanger) has morphed into a mean money-making marvel: a varied collection of Trojans most famous for their ability to invisibly take control of a PC's interactions with the outside world.

Woody Leonhard, InfoWorld

Bulletins posted 05/24/2010

Security woes for Windows, McAfee, and Firefox

The bugs keep marching in, with Microsoft, McAfee, and Mozilla all having to deal with serious security-related software problems in the past month.

James Mulroy, PCWorld

Embedded malware represents a new twist that makes PDF dangers even worse

Attacks employing poisoned PDF files have leaped to the top of the threat list, according to statistics from major security companies. Symantec reports that suspicious PDF files skyrocketed in 2009 to represent 49 percent of Web-based attacks that the company detected, up from only 11 percent in 2008. The next-most-common attack, involving a good old Internet Explorer flaw, was far behind at 18 percent.

Erik Larkin PCWorld

New Threat For Wireless Networks: Typhoid Adware

There's a potential threat lurking in your Internet cafe, say University of Calgary computer science researchers: Typhoid adware.

Tim Wilson - Dark Reading

Bugnets could spy on you via Mobile Devices

Imagine sitting in a cafe and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop; you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence.

Robert Vamosi PC World

Bulletins posted 05/21/2010

IBM red-faced after handing out infected USB drives

You might get more than you bargained for if you attend a security conference. IBM shocked delegates at the Australian AusCERT conference in Queensland by handing out USB sticks infected with malware. The company was forced to write to delegates apologising for its error. "At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

Maxwell Cooter, TechWorld

New Twitter Worm Abuses iPhone App

Twitter's new iPhone app is being used as a lure for a new worm attack that ultimately steals a victim's financial credentials. The attack abuses Twitter trending topics -- a popular source of abuse -- but with a twist: Rather than installing fake antivirus software like most similar attacks, it installs a new banking Trojan that steals online banking accounts, credit card PIN numbers, and online payment system passwords, according to Kaspersky Lab.

Kelly Jackson Higgins DarkReading

Apple Ships Java Security Update

Apple has pushed out an update that fixes at least 30 security vulnerabilities in its version of Java for Mac OS X systems.

Brian Krebs - Krebs on Security

Skimming device found on ATM at New Port Richey bank

Detectives with the Pasco County Sheriff's Office are searching for a pair who placed a skimming device and a pin-hole camera on a New Port Richey, Florida bank's ATM machine Saturday, May 15 in an attempt to steal ATM card account numbers and pin codes.

warning

A simple way to help ensure your PIN can't be seen by a camera is to cover the keypad with the opposite hand while entering the number. Use this process at any device which requires the PIN input (grocery, gas station, bank, etc.).

SUNCOAST NEWS STAFF REPORT

Oracle to acquire database security firm Secerno

Oracle will acquire Secerno, which makes firewall products for databases that protect against hackers and data breaches, the companies said Thursday.

Jeremy Kirk, IDG News Service, for networkworld.com

Bulletins posted 05/19/2010

USB worm named biggest PC threat

A worm that is spreading via USB flash drives has been named the biggest security threat to PC users by McAfee.

By Carrie-ann Skinner, PC Advisor UK

warning

Always scan USB devices when plugging them into your computer. NOTE: City users - McAfee does this on our machines.

Microsoft warns of bug in 64-bit Windows 7

Microsoft today warned users of a vulnerability in the 64-bit versions of Wndows 7 and Windows Server 2008 R2 that could be used to hijack systems.

Gregg Keizer, Computerworld

Symantec to buy Verisign security unit

Security vendor Symantec Corp. is reported to be close to buying Internet infrastructure services vendor VeriSign Inc.'s security business for $1.3 billion.

Jaikumar Vijayan, Computerworld

Bulletins posted 05/17/2010

Facebook IDs hacker who tried to sell 1.5M accounts

Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to investigators at the social networking site, the hacker is guilty of both hacking and hyperbole. Kirllos was first spotted by researchers at VeriSign's iDefense group a few weeks after he claimed to have an unusually large number of Facebook accounts for sale at rock-bottom prices. According to VeriSign, Kirllos wanted between $25 and $45 per 1,000 accounts, depending on the quality of the Facebook user's connections. Kirllos appeared to have sold close to 700,000 accounts, although nobody knew for sure if his claims were legitimate, according to VeriSign's Director of Cyber Intelligence.

By Robert McMillan - Network World

Tool lets Twitter be used to control botnet

Researchers have discovered a simple-to-use program that can be used to send botnet commands from Twitter. The builder tool, dubbed Trojan.Twebot by Symantec, allows the creator to construct a copy of the trojan and specify a particular Twitter account to be associated with it.

warning

A reminder to be mindful of your activities on any social network.

Dan Kaplan - SC Magazine

IE6 past its expiration date

Microsoft is urging users to dump the aged Internet Explorer 6 (IE6) with a campaign that claims the browser is past its expiration date.

Gregg Keizer - Computerworld

Bulletins posted 05/12/2010

Windows 7 'compatibility checker' is a Trojan

Scammers are infecting computers with a Trojan horse program disguised as software that determines whether PCs are compatible with Windows 7. The attack was first spotted by BitDefender May 9 and is not yet widespread; the antivirus vendor is receiving reports of about three installs per hour from its users in the U.S. But because the scam is novel, it could end up infecting a lot of people due to the interest in Windows 7.

By Robert McMillan, IDG News Service - Network World

Microsoft, Adobe Push Critical Security Updates

Microsoft Corp. and Adobe Systems each released security updates on Tuesday. Microsoft issued two “critical” patches that address one security flaw apiece, while Adobe’s patches fix a whole mess of serious vulnerabilities in its software. One of the critical updates pushed by Microsoft fixes a flaw in Outlook Express, Windows Mail and Windows Live Mail. On older versions of Windows (Windows XP for example) Outlook Express is installed by default, while Windows Mail and Windows Live Mail generally require users to affirmatively download and install the program.

warning

We recommend applying patches as soon as possible if you use these products.

Brian Krebs - Krebs on Security

Phishing scheme targets Apple gift cards

Hackers have constructed a bogus Web site designed to steal the account numbers and PINs of gift card holders. This latest consumer phishing scam uses a typosquatted Web site disguised as an official Apple site to trick users into entering their card numbers and PINs in order check the available balance on gift cards for Apple products. The scam is just the latest in a line of sophisticate phishing attacks that has security software companies and law-enforcement agencies urging consumers to take their time and pay close attention to where they are actually conducting transactions to avoid being ripped off.

Larry Barrett - internetnews.com

Bulletins posted 05/10/2010

Microsoft plans two patches, no SharePoint fix

Microsoft is planning a light patch load for next week, the software giant announced Thursday. Due to timing, the company was unable to produce a fix for a recently disclosed SharePoint vulnerability.

We recommend applying patches as soon as possible if you use these products.

warning

Dan Kaplan - SC Magazine

Critical zero-day flaw found in Apple's Safari browser

A “highly critical” zero-day vulnerability has been discovered in Apple's Safari web browser, according to Danish vulnerability tracking firm Secunia.

Angela Moscaritolo - SC Magazine

Microsoft plans two patches, no SharePoint fix

Microsoft is planning a light patch load for next week, the software giant announced Thursday. Due to timing, the company was unable to produce a fix for a recently disclosed SharePoint vulnerability.

We recommend applying patches as soon as possible if you use these products.

warning

Dan Kaplan - SC Magazine

Bulletins posted 05/10/2010

Critical zero-day flaw found in Apple's Safari browser

A “highly critical” zero-day vulnerability has been discovered in Apple's Safari web browser, according to Danish vulnerability tracking firm Secunia.

Angela Moscaritolo - SC Magazine

Microsoft plans two patches, no SharePoint fix

Microsoft is planning a light patch load for next week, the software giant announced Thursday. Due to timing, the company was unable to produce a fix for a recently disclosed SharePoint vulnerability.

We recommend applying patches as soon as possible if you use these products.

warning

Dan Kaplan - SC Magazine

FTC warns against credit-card, interest-rate reduction scams

U.S. consumers are being inundated with prerecorded "robocalls" from companies claiming they can negotiate lower credit-card interest rates - for a fee.

The Federal Trade Commission urges extreme skepticism about these offers, because many of them are fraudulent. In a new consumer alert, Credit Card Interest Rate Reduction Scams, the FTC said consumers have just as much clout with their credit card issuers as these companies do. It urges consumers to avoid paying middlemen, and negotiate directly with the credit-card companies.

We have received these calls even within City offices, so they are becoming ubiquitous. Please be very wary of these scams and warn your vulnerable friends and relatives.

warning

Food Consumer dot org

Backdoor malware targets Apple iPad

Apple iPad users are being warned of an email-borne threat which could give hackers unauthorized access to the device.

The technology writer for anti-virus firm BitDefender, wrote in a blog post Monday that the threat arrives via an unsolicited e-mail urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software. "A direct link to the download location is conveniently provided. As a proof of cyber-crime finesse, the Web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads," the writer said. "Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data, as instead of the promised iTunes update they get malware on their systems."

The Backdoor.Bifrose.AADY malware opens up a back door which could let the perpetrator gain unauthorized access to the device, warned the technology writer. It also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any Webmail, IM or protected storage accounts.

warning

iPads and other new technologies will soon be the new attack vector du jour. If you bought one of these fun new toys, make sure it is protected with good antivirus and be wary of these types of scams.

V3.co.uk - Phil Muncaster

Latest phishing scam hides behind BetterBusiness Bureau (BBB) name

Scammers are taking the Better Business Bureau's name in vain, in yet anther version of the phishing scam, according to the agency's Pacific Northwest office.

The scammers are sending out fake complaint notices to businesses that purport to be from the BBB. The e-mails use the return address of seatac@bbb.org and the subject line refers to a "BBB Complaint Case" followed by a nine-digit number.

The e-mails claim that the company receiving the "notice" has not responded to a complaint, the real BBB says. The e-mails ask companies to "click and download" the complaint. If someone at the company does this, their computer is infected with a virus, according to the BBB. "We believe this virus hacked into each computer, stealing personal information like passwords, access to personal e-mail accounts, etc.," said the vice president of marketing for the regional BBB. The BBB for Oregon, western Washington and Alaska says that these notices have been sent to both businesses that are accredited by the BBB and those that are not.

warning

We have seen similar scams from the IRS, DHS, etc. It is very unlikely that any of these organizations would ever contackt someone via email. You should NEVER click on a link or open an attachment unless you are absolutely sure it is legitimate.

The Register Guard - Ilene Aleshire

Twitter issues alert about phishing scam

Twitter issued a warning April 23 about phishing e-mails that tell users they have unread messages on the micro-blogging site.

The e-mails, coming from a support@twitter.com e-mail address, tell members they have unread, delayed, or undelivered messages, and ask them to click a link in the e-mail to view the mystery messages. Twitter denied sending out the e-mails. The e-mail itself does not appear to contain malware, Twitter said.

The link in the e-mail actually takes users to a pharmaceutical site, though to get to that site, users are re-routed through several other sites, which could contain malware. "We're actively pursuing measures to get these sites shut down; in the meantime, we recommend that you not click on the link and instead just delete any such e-mails you receive," Twitter said.

warning

OK - In case you haven't heard this enough - DON'T CLICK ON LINKS IN EMAIL! Watch out for these types of scams coming from popular sites like Twitter and Facebook, etc.

PC Magazine - Chloe Albanesius

Last Updated: June 17, 2010