OC-IT

It seems that even the most innocuous machines in the workplace can serve as a security threat to companies. According to this report from CBS News, many office copiers save the images they copy on a dedicated hard disk installed inside them. This means that everything from mundane memos to your most sensitive information such as financial statements and contracts are stored – and could potentially extracted

Users beware of ransomware : malicious software that extorts money from users in exchange for freeing the user’s computer or data. One particularly nasty version was recently discovered by researchers at CA which came bundled with a software download called uFast Download Manager

Spanish authorities report that they have arrested the masterminds behind a string of online criminal activities using the botnet dubbed Mariposa. Mariposa is the original name of a commercially distributed Do-it-Yourself malware kit, sold online for 800/1000 EUR for “wannabe” hackers.  Along with the arrest, authorities seized sensitive data belonging to about 800,000 users in 190 countries, gathered from an estimated 12M+ infected host computers on the Internet. What’s particularly interesting is that the cybercriminals arrested were not themselves the author of the malware, nor were they any more techincally adept than many ordinary users.

Microsoft recently released a number of security bulletins and patches addressing vulnerabilities in Windows and Office that are of high risk to users. It’s widely believed that many will be exploited by hackers within the next 30 days.

A malicious piece of software making the rounds of news websites this week is believed to be behind the compromise of over 75,000 systems in over 2,500 international organizations – many of which are government agencies and large Fortune 500 companies. Called the Knebner botnet after the name in the email used to register the initial domain used in the campaign to propagate the malware , the software infects computers and captures user login access to online financial services such as Paypal and online banks, social networking websites such as Facebook, and email. Infected computers can be centrally controlled from a master computer, which presumably harvests the data captured for nefarious means.

In a report by security firm Websense , an alarming rise in the growth of malicious websites was identified in 2009 as compared to 2008 – almost 225 percent. The study also found an increased focus among hackers and spammers on targeting social media sites such as blogs and wikis

Mozilla , the organization behind the popular Firefox browser disclosed that two add-ons available for download on its website were vectors for Trojans that could compromise users’ computers. Add-ons allow users to extend and enhance the capabilities of Firefox beyond the default install. Normally they are scanned for malware before being uploaded onto Mozilla’s website, but apparently two of them managed to slip through Mozilla’s automated scans

Security firm Imperva recently released a warning to users of popular social networking website RockYou indicating that their accounts and passwords may have been compromised. According to the firm, a hacker may have accessed an alarming 32 million accounts. But what is more interesting in the wake of this news is an analysis made of the accounts and passwords stolen

Early January, Google released a report detailing attacks on its infrastructure which it claimed to have originated from China. In the wake of its announcement, another report came out detailing what is purported to be an “organized espionage operation” originating from China. Known as “Operation Aurora”, the attack attempted to siphon information from 33 companies in the US, including Google.

RealNetworks , developers of RealPlayer, a popular real-time streaming media player, recently released an advisory about vulnerabilities that when exploited could trigger remote code execution attacks.