Skip to main content

Security Blog

Filter by:

Anonymous threatened to make Internet Blackout 31 March 2012

When you read this article, you do not need to be a fortune teller to “predict” if an Internet blackout really occurred on 31 March 2012. Our analysis was that Anonymous’ intention to blackout the Internet via DDoS attack to DNS root servers would not...
Release Date: 2 Apr 2012 4072 Views

Windows Remote Desktop Vulnerability may be used to spread worms

  Working exploits for a recent Windows vulnerability on Remote Desktop is publicly available on the Internet. This has lowered the technical hurdle for attackers to perform attacks. Some security researchers have warned that this vulnerability has potential to make a wide spreading worm. Users are...
Release Date: 20 Mar 2012 4532 Views

Impact of terminating the DNS server of DNSChanger

Recently, the Information Security News reported that the U.S. Federal Bureau of Investigation (FBI) would shut down those domain name servers (DNS - Note 1) associated with the DNSChanger Botnet on March 8. What is the impact of this incident...
Release Date: 29 Feb 2012 10385 Views

Review of Information Security Threats 2011

Over the year Information Security threats are continuously growing, we summarized and recapped it below. We can learn from the past and equipped ourselves to fight off the new challenge next year.New Dimension of Motivations of Cyber AttackSince 2005, the dominating motivation of cyber attacks...
Release Date: 3 Jan 2012 5399 Views

Trust of website certificate questioned - reflection of the Comodo and DigiNotar incidents

We are educated to check the validity of a website when we need to provide sensitive information to them, e.g. online banking, webmail, by identifying the "padlock" (i.e. secure HTTPS connection) and the name of the organization shown...
Release Date: 21 Sep 2011 4320 Views

DigiNotar CA security breach resulting in issuance of fake certificates

DigiNotar, a Dutch Certificate Authority (CA) reported that their company had a security breach in July 2011 which resulted in fraudulent issuance of public key certificates. DigiNotar issues SSL (Secure Sockets Layer) and EVSSL (Extended Validation) certificates. When a user visits...
Release Date: 1 Sep 2011 5650 Views

Large scale Injection incidents targeting osCommerce websites

A large scale injection targeting websites using osCommerce is reported.  Injected "<iframe>" and "<script>" pointing to malicious links such as "willysy.com" and "exero.eu" will infect computers via various exploits.  Google indicates more than 90,000...
Release Date: 26 Jul 2011 43915 Views

Fraudsters eyeing on the Japan earthquake disaster

It was reported in Japan CERT (JPCERT/CC) website that fake Japan earthquake donation sites were found. These sites are taking advantage of people's wants to help in Japan's immense tragedy. http://blog.jpcert.or.jp/...
Release Date: 15 Mar 2011 45895 Views

Information security impact arising from Conficker.C worm

Introduction   Conficker (also known as Downadup, Kido) is a computer worm that targets the Microsoft Windows operating system. It keeps on evolving since its first appearance in November 2008. Variant A, B, B++ were reported in from November 2008 to February...
Release Date: 25 Mar 2009 7361 Views

Global Conficker worm outbreak, millions of computers fallen

Introduction Into 2009, a worm called Conficker (also known as Downadup or Kido) sweeping the globe in a short period of time. According to the estimation by antivirus software company, over a million computers infected in global [Note: 1]. It is...
Release Date: 2 Feb 2009 3741 Views