State of Iowa Information Security Office (ISO)

Security News

Malware/Phishing

Server-side Polymorphism: How Mutating Web Malware Tries to Defeat Anti-virus Software
July 31, 2012
Server-side polymorphism is a technique used by malware distributors in an attempt to evade detection by anti-virus software.
Source: Sophos

How PDFs Can Infect Your Computer Via Adobe Reader Vulnerabilities
July 17, 2012
Something as simple as opening a PDF file can infect your computer, and potentially allow malicious hackers to gain access to your organization's network.
Source: Sophos 

New Java Exploit to Debut in BlackHole Exploit Kits
July 5, 2012
Malicious computer code that leverages a newly-patched security flaw in Oracle's Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit pack. The addition of a new weapon to this malware arsenal will almost certainly lead to a spike in compromised PCs, as more than 3 billion devices run Java and many of these installations are months out of date.
Source: Krebs on Security

Malware App Made Its Way Into App Store
July 5, 2012
An app, named Find and Call, sneaked its way into both Apple's App Store as well as Google Play, but the two digital stores removed the Trojan horse after being highlighted by a cyber security company.
Source: Los Angeles Times

Security News

Court Documents Left in Recycling Bin Behind County Building
August 1, 2012
Court records containing names of victims, date of birth, and Social Security numbers were left in a recycling bin outside a court building.
Source: The Telegraph 

Settlement for California Department of Corrections and Rehabilitation Data Breach
July 28, 2012
A settlement has been reached in a lawsuit against the state for exposing employee personnel information to prison inmates. The settlement awarded a total of $175,000 to 23 plaintiffs to pay for credit-monitoring services and court costs.
Source: Triplicate 

Cybersecurity Bill Shows Signs of Life in Senate
July 17, 2012
Key lawmakers are racing to broker a compromise on a Senate cybersecurity bill, insisting that floor action is still possible as early as next week.
Source: Politico 

Yahoo Confirms Theft of 450,000 Users' Passwords
July 12, 2012
Some 450,000 Yahoo users' email addresses and passwords have been leaked because of a security breach.
Source: The Associated Press

New York Utilities Told To Improve Protection of Customer Information
July 12, 2012
The New York Public Service Commission instructed two utility companies to take action to address vulnerabilities in their computer billing and records systems.
Source: State of New York Public Service Commission

Having Trouble Getting Online? Call Your Provider
July 9, 2012
Thousands across the United States who waited too long, or simply didn't believe the warnings, lost Internet access just after midnight because of malware on their computer.
Source: The Associated Press

Software\Hardware

Dropbox Confirms Data Leak
August 1, 2012
Cloud storage service provider Dropbox has acknowledged that a file containing private customer data was stolen from the Dropbox account of one of the company's employees and that the information was subsequently used to send out spam messages to users.
Source: H Security

Snort 2.9.2.0 Released
July 18, 2012
An update to the open source intrusion prevention and detection system has been released. 
Source: Snort 

Android Security Overview
July 17, 2012
The Android Open Source Project released an Android Security Overview.
Source: Android Open Source Project 

Oracle Security Update
July 17, 2012
Oracle released 87 new fixes across a number of product families including: Oracle Database, Oracle Application Express, Oracle Secure Backup, Oracle Fusion Middleware, Oracle Enterprise Manager, Oracle Applications, and the Oracle Sun product suites.
Source: Oracle

Skype Confirms Privacy Bug That Sends IMs to Unintended Recipients
July 17, 2012
Skype has confirmed that its VoIP software contains a bug which could result in instant messages (IMs) being sent to unintended recipients.
Source: H Security 

VMware Security Update
July 12, 2012
VMware issued a security advisory and update for VWware ESXi.
Source: VMware

Chrome 20 Update Fixes High-risk Security Vulnerabilities
July 12, 2012
Chrome update fixes security vulnerabilities.
Source: Google

HP Warns of Critical Holes In Its Server Monitoring Software
July 10, 2012
HP is warning its customers about two security vulnerabilities in its Operations Agent server monitoring software.
Source: HP

IM Client Update Fixes Buffer Overflow Vulnerability
July 6, 2012
An update to the open source Pidgin instant messaging program closes a vulnerability which could lead to a buffer overflow.  The vulnerability could be exploited by an attacker to execute arbitrary code on a victim's system.
Source: H Security

Research

Privacy
July 31, 2012
Federal agencies reported 13,017 security incidents resulting in the compromise of personal information in 2010 and 15,560 in 2011, an increase of 19 percent.
Source: Government Accountability Office 

Challenges in Securing the Electricity Grid
July 17, 2012
The electric power industry is increasingly incorporating information technology (IT) systems and networks into its existing infrastructure (e.g., electricity networks, including power lines and customer meters). This use of IT can provide many benefits, such as greater efficiency and lower costs to consumers. However, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers.
Source: Government Accountability Office 

A Cyberwar of Ideas? Deterrence and Norms in Cyberspace
July 2012
This article relates US efforts to develop strategic 'cyber deterrence' as a means to deter adversarial actions in and through global cyberspace.
Source: King's College London

Guidelines For Managing And Securing Mobile Devices
July 2012
This publication provides recommendations for securing particular types of mobile devices, such as smart phones and tablets.
Source: National Institute of Standards and Technology

Information Crime

Phishing Activity
July 2012
The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG. APWG also measures the evolution, proliferation, and propagation of crimeware by drawing from the research of our member companies.
Source: APWG

Dropbox Calls in Outside Team to Investigate Possible Breach
July 18, 2012
Dropbox has called in an outside team of experts to help the company investigate spam targeted at its users that could be related to a possible breach.
Source: Los Angeles Times 

Over 1 Million User Credentials Compromised In Android Forums Hack
July 13, 2012
Phandroid, a popular Android news site, has confirmed that its Android Forums web site was compromised and that private user data has been accessed.
Source: H Security

"High Roller" Online Bank Robberies Reveal Security Gaps
July 5, 2012
Many online banking systems dangerously rely on PCs being secure, but banks should instead presume all customer PCs are infected.
Source: European Network and Information Security Agency

Contact

Security News is compiled by the State of Iowa - Information Security Office (ISO).
For more information about the ISO please visit http://secureonline.iowa.gov/ 
Please send questions or comments regarding the Security News to SecurityAwareness@iowa.gov   
To subscribe to the Security News, please send a blank email to Join-Security-News@lists.ia.gov

 

Last updated: 08-06-2012