A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering "graphic" video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.

When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an "SSL stealer" Trojan that captures financial and other sensitive information, RSA said in a blog.

The Trojan looks for … Read more

Microsoft will issue a patch on Tuesday for Windows vulnerability that could allow a hacker to gain control of a computer remotely, the company said in an alert on Thursday.

Microsoft also plans to host a Webcast at 11 a.m. PST as part of Patch Tuesday, which comes the second Tuesday of every month. There will be just one security update.

The vulnerability is considered critical for Windows 2000, Windows XP, Windows Server 2003, and moderate for Windows Vista … Read more

In 2007, U.S. officials recalled melamine-laced pet food that caused the deaths of cats and dogs and lead-coated toys that endangered toddlers. Now, digital photo frames infected with computer viruses are the latest problem import from China.

"That phenomenon apparently has bled over to the digital side as well," Marcus Sachs, director of the Internet Storm Center at the SANS Institute (SysAdmin, Audit, Network, Security), said of the Chinese manufacturing problems that get exported. "Essentially, it's a supply chain problem. We've become dependent on a cheap source coming out of Asia."

The culprit … Read more

Reports of data breaches in the United States increased 47 percent in 2008 from the year before, mostly as a result of lost or stolen equipment, and accidental exposure of data online, according to a new study from the nonprofit Identity Theft Resource Center.

There were 656 reports of breaches last year, compared with 446 for 2007, and an estimated 35.7 million records were potentially breached based on notification letters and information from breached companies, the study released this week found.

The breaches run the gamut, including: laptops stolen from Merrill Lynch and Starbucks; bank card information stolen from … Read more

A security researcher has discovered fake profiles for celebrities on LinkedIn that have links to malicious code, according to a blog posting on Trend Micro's site.

The celebrity profiles that are not to be trusted include ones created using the names: Beyonce Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, and Kate Hudson. They were uncovered by Trend Micro Advanced Threats Researcher Ivan Macalintal.

In its blog posting late on Monday, Trend Micro said it was continuing its investigation. The links on the professional networking site attempt to lure viewers by purporting to be nude shots of the … Read more

Some nasty pranksters, likely associated with Web forum 4Chan, have hacked into Apple gossip mainstay MacRumors' live-blog coverage of Tuesday's Macworld keynote. Hosted on a separate domain, MacRumorsLive.com, the site was plagued by offensive messages about Apple CEO Steve Jobs' health and general inanity (i.e. "SEX ME") before finally succumbing to "technical difficulties."

It remains uncertain whether the pranksters actually brought down the site, or whether MacRumors voluntarily took it down to keep things under control.

It's pretty clear, however, that this was the work of 4Chan, which has gained both respect … Read more

The U.S. product safety testing organization Underwriters Laboratories has redefined the security requirements for magnetic switches used in many alarm systems because some of these devices can be easily defeated. If your facility employs reed switches or Balanced Magnetic Switches (the high-security version of these devices) you may wish to review the requirements of the new standard. UL 634 has established a second security level (2) to define more stringent requirements to protect against covert attack. Current BMS switches are covered under Level 1.

It appears that only one switch can currently meet the new Level 2 section of … Read more

There's a scam spreading through Twitter. Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, "hey! check out this funny blog about you..." The URL in the message then redirects to a page that looks like the Twitter login page, but is actually not on Twitter--it's a site, twitter.access-logins.com, that masquerades as Twitter to steal your login credentials instead.

If you need to log in to Twitter, do it on Twitter.com itself. And to play it safe, double-check your browser … Read more

A denial-of-service attack that limits the number of SMS messages that can be received by Nokia smartphones has been disclosed and demonstrated.

Dubbed the "curse of silence" by German security researcher Tobias Engel, the attack occurs when Nokia Series 60 phones are sent a malformed e-mail message via SMS (Short Message Service). Engel demonstrated the attack on Tuesday at the Chaos Communication Congress in Berlin, according to a blog post by security vendor F-Secure.

An advisory made public by Engel on Tuesday gave details of the attack. After receiving a message from a sender with an e-mail address … Read more