A DNS-changer trojan which can be used to hijack search results and divert traffic to a hacker's website of choice, was spotted on numerous porn sites. Also, malicious links were posted as comments to Mac forums.
A group of New England banking associations claimed in a court filing that hackers stole 94 million account numbers from TJX, more than doubling the number of victimized accounts. The increase would account for the largest reported data loss in U.S. history.
Visa doled out an $800,000 fine to a Cincinnati-based bank that was contracted to handle most of TJX's credit card transactions.
Fifth Third Bank was not following security guidelines related to the Payment Card Industry Data Security Standard, according to court filings from a group of banking associations suing TJX.
DEBKAfile, an Israel-based news website, reported that al Qaeda-trained cyberattackers would target Western web interests.
Researchers said that extremists had claimed successful attacks against Israeli sites and were capable of launching DDoS attacks.
U.S. Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., introduced a bill that would allow victims of identity theft to seek restitution for their expenses.
The Identity Theft Enforcement and Restitution Act of 2007 also contains measures to assist law enforcement, such as making the use of spyware or keyloggers to damage 10 or more computer a felony. (see pg. 18 for more)
Researchers noted the first spam runs using MP3 files to promote lightly traded stocks for pump-and-dump scams.
The Storm Worm-driven spam runs delivered about 10,000 emails per hour containing a short MP3 advising the recipient to buy stock in a certain company.
Malware writers mass-spammed an exploit for a patched Adobe vulnerability designed to download arbitrary code.
The Russian Business Network, an internet service provider, was behind the attacks, which attempted to infect PCs with two rootkits to steal personal and financial information, according to researchers.
Symantec warned that hackers could affect the 2008 presidential election by using keyloggers, phishing messages or hacking.
Attackers could install keyloggers on the PCs of campaign staff members, researchers warned.
An employee of business applications hosting provider Salesforce.com leaked a customer contact list after falling for a phishing scam. The phisher accessed and copied the customer list, leading to phishing emails being sent to customers that contain keyloggers.