Skip to main content

Security Blog

Filter by:

Flashback malware infecting hundreds of thousands of Mac computers

Once upon a time there was a myth like this “Mac OS is safe and does not need antivirus”.   Today this myth has been challenged by the “Flashback” malware. According to a Russian security antivirus product provider, “Flashback” malware had infected more than...
Release Date: 17 Apr 2012 3629 Views

Anonymous threatened to make Internet Blackout 31 March 2012

When you read this article, you do not need to be a fortune teller to “predict” if an Internet blackout really occurred on 31 March 2012. Our analysis was that Anonymous’ intention to blackout the Internet via DDoS attack to DNS root servers would not...
Release Date: 2 Apr 2012 3809 Views

Windows Remote Desktop Vulnerability may be used to spread worms

  Working exploits for a recent Windows vulnerability on Remote Desktop is publicly available on the Internet. This has lowered the technical hurdle for attackers to perform attacks. Some security researchers have warned that this vulnerability has potential to make a wide spreading worm. Users are...
Release Date: 20 Mar 2012 4248 Views

Impact of terminating the DNS server of DNSChanger

Recently, the Information Security News reported that the U.S. Federal Bureau of Investigation (FBI) would shut down those domain name servers (DNS - Note 1) associated with the DNSChanger Botnet on March 8. What is the impact of this incident...
Release Date: 29 Feb 2012 9815 Views

Review of Information Security Threats 2011

Over the year Information Security threats are continuously growing, we summarized and recapped it below. We can learn from the past and equipped ourselves to fight off the new challenge next year.New Dimension of Motivations of Cyber AttackSince 2005, the dominating motivation of cyber attacks...
Release Date: 3 Jan 2012 5041 Views

Trust of website certificate questioned - reflection of the Comodo and DigiNotar incidents

We are educated to check the validity of a website when we need to provide sensitive information to them, e.g. online banking, webmail, by identifying the "padlock" (i.e. secure HTTPS connection) and the name of the organization shown...
Release Date: 21 Sep 2011 4041 Views

DigiNotar CA security breach resulting in issuance of fake certificates

DigiNotar, a Dutch Certificate Authority (CA) reported that their company had a security breach in July 2011 which resulted in fraudulent issuance of public key certificates. DigiNotar issues SSL (Secure Sockets Layer) and EVSSL (Extended Validation) certificates. When a user visits...
Release Date: 1 Sep 2011 5187 Views

Large scale Injection incidents targeting osCommerce websites

A large scale injection targeting websites using osCommerce is reported.  Injected "<iframe>" and "<script>" pointing to malicious links such as "willysy.com" and "exero.eu" will infect computers via various exploits.  Google indicates more than 90,000...
Release Date: 26 Jul 2011 16283 Views

Fraudsters eyeing on the Japan earthquake disaster

It was reported in Japan CERT (JPCERT/CC) website that fake Japan earthquake donation sites were found. These sites are taking advantage of people's wants to help in Japan's immense tragedy. http://blog.jpcert.or.jp/...
Release Date: 15 Mar 2011 18295 Views

Information security impact arising from Conficker.C worm

Introduction   Conficker (also known as Downadup, Kido) is a computer worm that targets the Microsoft Windows operating system. It keeps on evolving since its first appearance in November 2008. Variant A, B, B++ were reported in from November 2008 to February...
Release Date: 25 Mar 2009 7000 Views