Date: Fri, 4 Jun 2010 14:43:08 +0530
From: sysman01@mtnl.net.in
Subject: [CCCNews] CCCNews Newsletter - dated 2010 June 09
To: sysman01@mtnl.net.in
June 09, 2010
Editor - Rakesh Goyal (rakesh@sysman.in)
In today's Edition - (This is a news-letter and not a SPAM)
HACKED : Ecuador Government Web Site Attack
PRELOADED : Malware in Olympus Stylus Tough camera
VICTIM : Most businesses are cybercrime victims
5 RISKS : The top five social media risks for businesses
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (control-computer-crimes@googlegroups.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
--
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to control-computer-crimes@googlegroups.com.
To unsubscribe from this group, send email to control-computer-crimes+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
June 09, 2010
Today�s edition ��
HACKED : Ecuador Government Web Site Attack
PRELOADED : Malware in Olympus Stylus Tough camera
VICTIM : Most businesses are cybercrime victims
5 RISKS : The top five social media risks for businesses
(Click on heading above to jump to related item. Click on �Top� to be back here)
HACKED : Ecuador Government Web Site Attack
Jorge Mieres blog
ESET Latin America
http://www.eset.com/blog/2010/06/08/ecuador-government-web-site-attack?
http://blogs.eset-la.com/laboratorio/2010/06/08/sitio-gobierno-ecuatoriano-comprometido-ataque/
Criminal activity that exploits web sites is commonplace these days; nevertheless, when the affected Web site belongs to a governmental organization, the event takes on more relevance and impact, and reinforces the need to maintain strong and positive controls in order to keep data safe.
A while ago we posted an alert pertaining to a phishing attack that deposited fraudulent files on a site relating to a governmental organization in Colombia. Of course we advised the people in charge of the site of the need to take action against the threat.
In this instance, a similar situation has arisen in a governmental site in Ecuador. Taking advantage of a vulnerability on the server where the Web site is hosted, the attackers succeeded in accessing the system remotely.
The attackers belong to a group called the Hacker-Newbie Crew that dedicates itself to gaining unauthorized access by exploiting vulnerabilities in the server, and specialize in web defacement.
These malicious files are uploaded through a backdoor usually written in PHP, which gives them the means to obtain total control of the Web site and in this way they can upload any kind of file to the server.
ESET NOD32 detects this malware as PHP/IRCBot.NAA, PHP/IRCBot.NAD and Perl/Shellbot.B. Nevertheless, it is important to emphasize the importance of protecting file servers, whether they're based on Windows platforms or GNU/Linux, using proactive security solutions of security like ESET Gateway Security.
In addition, it's important to keep monitoring servers and networks so as to detect this� type of activity as early as possible, since, as in many similar and high-profile cases, the compromised Web site can be used as a staging post from which to mount other other attacks on other sites.
PRELOADED : Malware in Olympus Stylus Tough camera
08.06.2010
http://www.net-security.org/malware_news.php?id=1370
Samsung is not the only company that has been lately caught shipping malware-infected consumer electronics - Olympus Japan has admitted that a little over 1700 units of the Stylus Tough 6010 digital compact camera that was available for sale in Japan contain a virus on the memory card shipped with it.
According to Sophos, the camera itself is not at risk - it is your PC that you have to worry about, since the card also contains an autorun worm that would allow the virus to take residence on the computer when you plug the device into it.
For the people who might have bought one of the "infected" cameras, Olympus has provided a widget on their official site where customers can insert the serial number of the camera in order to check if their device is affected:
Unfortunately, for those who don't know Japanese the site is pretty much useless - unless they have someone who can translate the results for them.
VICTIM : Most businesses are cybercrime victims
By AAP
June 8th, 2010
http://www.zdnet.com.au/most-businesses-are-cybercrime-victims-339303704.htm?feed=rss
A majority of small and medium-sized businesses have been victims of cybercrime, a survey has shown.
About 56 per cent of Australian small and medium businesses surveyed had been affected by cybercrime, up from 46 per cent in 2008, according to internet security firm Symantec.
The survey found the top concern, by 52 per cent of respondents, was malicious software created by cybercriminals.
"Cybercrime is a warranted concern for Australian small and medium businesses," Symantec managing director for the Pacific region Craig Scroggie said in a statement.
"In 2009, Symantec identified more than 240 million distinct new malicious programs globally, a 100 per cent increase over 2008."
The latest survey found that 22 per cent of all emails received by the 510 surveyed firms were spam, and that 23 per cent of respondents had been affected by a phishing scam.
Assuming each employee receives 20 spam emails each business day and works 225 days a year, respondents are collectively having to find time to delete nearly 250,000 spam emails a year," Symantec said.
Symantec said small and medium-size businesses could protect their information by educating their staff about cybercrime, developing security policies and deploying a comprehensive security solution across their business.
5 RISKS : The top five social media risks for businesses
By Sharon Gaudin
08 June 2010
http://www.infoworld.com/d/security-central/the-top-five-social-media-risks-businesses-525
As businesses increasingly try to figure out how to use social networking tools in the enterprise, an IT governance group has released a ranking of the top five risks social media poses to companies.
The study, which lists the biggest risks businesses need to prepare for when they are using social media, was released on Monday by ISACA, a 43-year-old international organization previously known as the Information Systems Audit and Control Association that researches IT governance and control.
John Pironti, an ISACA Certification Committee member, noted that many business executives have considered some of the risks, but few have considered all of them.
"I think that the blinders have been on at a lot of enterprises," Pironti told Computerworld . "They're trying to figure out what to do about this. I think companies are as scared as they generally are with any new technology, like Wi-Fi and jump drives.
They're taking a different attitude this time. They're not just turning it off but they're acknowledging that they just can't stop the use of it. They understand that it's going to be used so how do they do it safely?" he said.
The top risks, which are laid out in an ISACA research paper, are viruses and malware, brand hijacking, and lack of control over corporate content. Rounding out the top five are unrealistic expectations of customer service at "Internet-speed" and non-compliance with record-management regulations.
Pironti said ISACA isn't warning companies not to use Web 2.0 tools or to not fully embrace social networking. However, he said they need to go into it with their eyes wide open to the benefits as well as the risks.
And he added that most of the risks stem from users not understanding how their own behavior could possibly impact the company. Pironti noted that it comes down to a need for organizations to educate users about how posting something could breach company security, hurt the company's image, or even open the company up to being hit by malware.
"With social media, there are so many platforms and environments to learn," said Pironti. "What are the implications of what could happen? People don't think of the damage that could occur to an organization."
"They see it as a way to explore relationship with work people. We take some of the social out of their lives by asking people to work longer hours. They're looking for a balance -- to still have a relationship with friends and peers," Pironti said.
And since workers, either on their own or with a corporate blessing, will use social networking sites such as Facebook and Twitter, Pironti said they need to understand the line between social and business. They also need to have set corporate guidelines about what information can be shared what needs to stay inside corporate walls.
However, Pironti said company execs also need to be aware themselves that workers are using social networking sites and tools so they need to have a hand in it to better protect themselves. Executives can't be aware of what is being said about a company unless someone is paying attention.
New IT Term of the day
disintermediation
Removing the middleman. The term is a popular buzzword used to describe many Internet-based businesses that use the World Wide Web to sell products directly to customers rather than going through traditional retail channels. By eliminating the middlemen, companies can sell their products cheaper and faster. Many people believe that the Internet will revolutionize the way products are bought and sold, and disintermediation is the driving force behind this revolution.
Tolerance means to bounce back even when thrown against a very hard wall. The ability to do this comes from sensing that life is a game and that all things move in cycles. What is uncomfortable now will soon change. Tolerance is like saying yes to the game and enjoying it.
Rig Ved
Note -
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.
The dark side of terrorists revealed in MSN Internal Security Get it now.
No comments:
Post a Comment