Latest Internet and Web security News

Facebook needs to do more to stop clickjacking worms
posted on 15/06/2010

Facebook users are being hit by yet another clickjacking worm attack that is exploiting the third-party "Like" button facility (dubbed "likejacking" by Sophos). Many Facebook users' profiles have been updated by the clickjacking attack to say that the user likes a webpage called 101 Hottest Women in the World. If you are curious as to what your online friend "likes" and click on the link you are taken to a webpage containing an image of Hollywood actress Jessica Alba. Sophos has detected the page as Troj/Iframe-ET. Clicking anywhere on the page will - if you are logged into Facebook - update your Facebook page without your permission to say that you also "Like" the page. You are probably oblivious to this, of course, as by now your web browser has been redirect to pictures of attractive female celebrities on the website of men's magazine Maxim. It's quite startling how well these "likejacking" attacks can spread via social networks like Facebook. By hiding an invisible button under... [more]

CRYPTOCard secures remote access at Laterooms online hotel booking service
posted on 14/06/2010

Online hotel accommodation provider Laterooms.com has selected CRYPTO-MAS, the cloud-based two-factor authentication (2FA) solution from CRYPTOCard, to enhance security in its business and ensure PCI (Payment Card Industry)compliance - protecting its network from the risks of data integrity attacks, hackers and ID fraudsters, and enabling secure access from a remote device. The service has so far been rolled out across key areas of the business integral to PCI compliance and currently secures the digital identities of Laterooms’ IT staff. There are plans to extend the service further over the next 12 months following this successful first stage roll-out. The need for businesses to protect their intellectual property and core business assets from hackers is ever increasing; however when the business primarily exists online or in a cloud-based environment, this risk is greatly increased. Standard passwords alone do not provide adequate protection to mitigate this threat, particularly w... [more]

Cybercriminals target England supporters looking for last-minute World Cup internet ticket deals
posted on 11/06/2010

Cybercriminals are targeting England supporters looking for last-minute World Cup internet ticket deals. The warning came after a survey by lF-Secure found nearly a third of fans – 28 per cent – were prepared to click on unauthorised links for information on cheap tickets. F-Secure warned the 2010 tournament was “a major opportunity” for cybercriminals to cash in by selling fake tickets, attracting supporters to drive-by download websites (sites which download malware without the users’ knowledge) and carrying out phishing attacks camouflaged with a World Cup theme to plunder online accounts or steal personal details. The company said fraudsters and hackers are setting up bogus websites designed to appear near the top of search engine results for the World Cup, primed to infect the computers of visitors. Spam emails about star player scandals, sensational South Africa news scoops and World Cup tickets are also certain to multiply as the tournament gets under way. F-Secure said many... [more]

You don't have to be a hacker to be able to hack an iPad
posted on 11/06/2010

The email addresses of more than 114,000 Apple iPad users have been exposed in a targeted hacking attack. One of the key methods used to hack into the recent Apple hack was emulating an iPad via a browser. And you don't have to be a hacker/programmer to switch your user agent. User Agent Switcher is a popular (More than 5M downloads) add-on to FireFox that allow you to switch user agent very easily. This is done by web developers who want to see how the page looks for other browser (without having to install each and every one of them). But there is a more sinister purpose that helped make the iPad hack work. Masquerading as another device can help you get "free lunch”: * Get free WiFi – some networks have free WiFi for iPhone. * Access content behind a “paywall” since some sites allow searchbots (such as googlebot) to view parts that ordinary users need to pay or register to see. * And then to get the Email of IPad users from AT&T, add iPad to User Agent Switcher.... [more]

Cybercriminals are using the 2010 World Cup to snare their victims
posted on 11/06/2010

WatchGuard security analysts have seen an explosive growth of online threats relating to the 2010 World Cup, which kicks off tomorrow and runs to July 11. IT administrators should be aware of these World Cup threats and take appropriate action to mitigate their effects. Key threat findings: * Spam – WatchGuard sees a global increase in spam using World Cup as the theme. In addition to traditional marketing spam, there is an increase in malicious spam with pernicious payloads such as spyware, or spam that lures users to malware-laden websites. * Spear Phishing – WatchGuard sees a multitude of spear phishing threats targeting World Cup ticket holders and related World Cup businesses. Spear phishing attacks target small groups with socially engineered messages to entice victims to open an executable file or click to a site that harbours malware. * PDF attacks – Withvulnerabilities associated with PDF documents beginning to surface, administrators may want to use P... [more]

Other Security news and resources