In Possible Targeted Attack, Amnesty International Web Site Found Serving Malware

Amnesty International’s United Kingdom website was compromised late last week and was being used to exploit a known Java runtime environment hole on machines belonging to unwitting visitors to the site, according to Barracuda Labs researcher, Paul Royal. Citing historical data, Royal claims that...

Report: Virus Infects U.S. Military Drones

Wired’s ThreatLevel Blog reported on Friday that a computer virus is plaguing the systems used to remotely control the U.S. military’s fleet of unmanned drone aircraft. According to the report, which is unconfirmed, personnel at Creech Air Force Base in Nevada have been battling the persistent an...

Outdated Assumptions

The term “targeted attack” gets thrown around an awful lot nowadays. In fact I’m guessing you’ll be hard pressed to find many public breach disclosures that make it to the news that aren’t labeled as having been “targeted”. It reminds me of an important quote from the character Inigo Montoya in T...

SecurID Attack Was the Work of 'Very Experienced' Attackers

MALAGA, SPAIN–An RSA official on Friday offered more details of the attack the company suffered earlier this year in which thieves made off with key data related to the RSA SecurID two-factor authentication system. The attack, he said, targeted just four employees and was executed by a group he...

Sophisticated Attack Yields Data On IEEE Members

IEEE, the world’s leading society for technical professionals, has warned some 800 members that their credit card and personal information may have been stolen. The FBI has been notified of the breach. The group disclosed the November, 2010 breach in a letter to the New Hampshire Attorney General...

SourceForge Detects Targeted Attack, Resets Millions of Passwords !

Last week, accessible antecedent computer application development and administration ability SourceForge the ambition of a directed attack. Once the advance was detected, the aggregation bound bottom ward the impacted hosts to abate the accident of accretion to added hosts. Thus, this prevented...

New Tabbed Browsing Phishing Attack Exploits User Trust

A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be use...

NYTimes Report: Attackers Hit Google's Password System

The New York Times is reporting that Google’s password system was compromised during a targeted attack last December. The system, called Gaia or Single Sign-On, controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications...

Lenovo Hotkey Driver 5.33 - Local Privilege Escalation

Lenovo Hotkey Driver 5.33 - Local Privilege Escalation Author: Chilik Tamir - Amdocs Power Security Testing Group Website: http://invalid-packet.blogspot.com/2010/03/full-disclosure-security-vulnerability.html Subject: Security vulnerability in Lenovo Hotkey Driver and Access Connections version...

Lenovo Privilege Escalation

Author: Chilik Tamir - Amdocs Power Security Testing Group Website: http://invalid-packet.blogspot.com/2010/03/full-disclosure-security-vulnerability.html Subject: Security vulnerability in Lenovo™ Hotkey™ Driver and Access Connections™ version =v5.33 Impact: A privilege escalation attack can be...

Anatomy of a Targeted, Persistent Attack

A new report published today sheds light on the steps ultra-sophisticated attackers take to gain a foothold inside governments and company networks and remain entrenched in order to steal intellectual property and other data. The bad news is these attacks — including the recent ones on Google,...

Google Attack Should Be No Surprise

The attack that compromised Google’s corporate network and the systems of more than 30 other companies in recent weeks appears to be the work of smart, careful and very well-informed attackers who knew exactly whom to target and what to take once they were inside, security experts say. Google, an...

Information disclosure through cache collisions — Mozilla

Aad reported that two web pages can collide in the disk cache with the result that depending on order loaded the end of the longer document can be appended to the shorter when the shorter is reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal som...

Targeted attack: experience from the trenches

Targeted attack: experience from the trenches Published: 2006-05-19, Last Updated: 2006-05-19 17:36:01 UTC by Chris Carboni Version: 2click to highlight changes Learning lessons from incidents is a very important part of incident handling. Yet with targeted attacks it is very hard as you need to...