Risk Assessments/Management, Data Security, Breach, Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Incident Response, TDR, Threat Management, Threat Management, Malware, Phishing, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

News Briefs: MySpace celebs’ pages hacked

Hijack hijinx
The MySpace profiles of celebrities Justin Timberlake, Hilary Duff and Tila Tequila were hijacked by someone trying to impress a hacker forum. The group, Kryogeniks, denied responsibility. Researchers said the hack, used to send out messages in support of the forum, underscores the insecurity of social networking sites, particularly through cross-site scripting and phishing.

Attackers used search-engine optimization techniques to attack Google users via malicious links that appeared to be informational sites about innocent search terms.
Thousands of search terms were hijacked in an operation that used tens of thousands of web pages to obtain high search engine ranking.
The sheer size of the search-term attack was unprecedented, according to researchers at Sunbelt Software and Exploit Prevention Labs.

VeriSign announced plans to sell some of its business units and focus efforts on its internet infrastructure services.
The Mountain View, Calif.-based company announced at its annual Analyst Day that it will concentrate on core businesses, such as domain naming services, SSL certificates and identity protection and authentication solutions.

The SANS Institute released its latest Top 20, highlighting client-side vulnerabilities as the most dangerous threats facing end-users.
The report also cited the more frequent use of botnets, spear phishing, instant messaging and peer-to-peer attacks as significant threats.

Retailers survived Cyber Monday — the busiest online shopping day of the year — without a major cybersecurity incident.
Experts said that online shoppers, most of them at work, spent more than $730 million on the first work day after the Thanksgiving holiday.

Monster.com's website was victimized by hackers for the second time in four months, as attackers exploited a cross-site scripting vulnerability.
Monster.com, which took the site offline for part of one day, said that it did not believe many users were affected by the attacks.
Companies impacted by the attack include Eddie Bauer, GMAC Mortgage, Best Buy, Toyota Financial Services and Tri Counties Bank.

The websites of Major League Baseball and the National Hockey League were hit by a user redirection attack. The attack was spearheaded by malicious banner ads that hijacked user sessions on both websites. The malware then tried to force the visitor to download malware posing as an anti-virus solution.
The attacks appeared sporadically on the websites over a three-day period.

Gary Min, a former DuPont scientist who admitted stealing more than $400 million in trade secrets, was sentenced to 18 months in prison and ordered to pay a $30,000 fine and $14,500 in restitution to the Delaware-based company.
Min was a 10-year veteran of DuPont when he accessed more than 16,700 documents and more than 22,000 scientific abstracts between August and December 2005, with the intention of giving them to Victrex, a DuPont rival.

Federal government officials and researchers warned of phishing emails appearing to be a Department of Justice complaint against the recipient's company.
When duped users clicked on links provided in the emails, affected computers were infected with a trojan downloader.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.