us-cert

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

US-CERT warns about BlackBerry spyware app

Justification for Apple's model?It can't be said just yet, but it's looking like a pool of trusted applications may be a good idea after all, despite the level of control wielded by Apple.No....Gee, just because someone releases a spyware app doesn't mean we need to only let RIM distribute apps....

Tags: Spyware, adware & malware, Cyberthreats, Handhelds, spyware app, Apple Inc., BlackBerry spyware app, US-CERT Warns, spyware, US-CERT, RIM BlackBerry, phone

Discussion threads 2009-10-28

US-CERT warns about BlackBerry spyware app

A free BlackBerry spyware application has been released to allow an attacker to call a user's BlackBerry and listen to personal conversations. by Ryan Naraine

Tags: RIM BlackBerry, US-CERT, Spyware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Handhelds, Hardware, Ryan Naraine

Blog posts 2009-10-28

Attack code posted for unpatched Firefox 3.5 flaw

Mozilla's security response team is scrambling to respond to the release of exploit code for a gaping hole in the latest version of its flagship Firefox browser. The flaw, rated "highly critical by Secunia, puts millions of Firefox users at risk of remote code execution attacks. ...

Tags: Mozilla Firefox, Flaw, Vulnerability, Web Browser, Attack, US-CERT, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-07-14

US-CERT: Beware of airline ticket e-mail scam

US-CERT: Beware of airline ticket e-mail scamWhat Kind Of Computers Are Targeted? What Kind?Oh that's right..WINDOWS.Next story.Use of Sandboxie to help fight this type of scamI have come across a program called Sandboxie that allows you to run your web browser or pretty much anything else in a "sandbox". ...

Tags: Operating systems, UNIX, Microsoft Windows, OPEN SOURCE, Cyberthreats, KARMA, Linux, airline ticket e-mail scam, Sandboxie, e-mail scam, US-CERT, airline ticket, OS X., e-mail

Discussion threads 2008-12-14

US-CERT: Beware of airline ticket e-mail scam

The United States Computer Emergency Readiness Team (US-CERT) has issued an alert for an e-mail scam targeting holiday travelers, warning that malware authors are using clever social engineering tactics to hijack Windows computers. In the e-mail scam, users get a .zip file attached to a message about...

Tags: Malware, Social Engineering, US-CERT, E-mail, Viruses And Worms, Online Communications, Security, Ryan Naraine

Blog posts 2008-12-12

Firefox + NoScript vs Clickjacking

Firefox + NoScript vs Clickjacking"near impossible to fix properly"That sounds very promising to those who want to build online apps on top of HTML. NOT.RE: Firefox NoScript vs ClickjackingIf the “noscript” plugin might help prevent some exploits, what about the script-defeating mechanism in WebWasher Classic (a free program...

Tags: Web browsers, Chrome, US-CERT, domain, NoScript, Clickjacking, Mozilla Firefox

Discussion threads 2008-09-25

Code execution hole in Webex meeting manager

The U.S. Computer Emergency Response Team CERT has raised an alert for a critical ActiveX control vulnerability affecting the Webex Meeting Manager software. The flaw, discovered by researcher Elazar Broad and rated "highly critical" by Secunia, is confirmed in version 20.2008.2601.4928. Other versions may also be affected....

Tags: WebEx Communications Inc., Vulnerability, US-CERT, Ryan Naraine

Blog posts 2008-08-11

Federal budget recommends US-CERT get $242 million

The White House unveiled its fiscal 2009 budget proposal and the $3.1 trillion monstrosity throws the U.S. Computer Emergency Readiness Team $242 million to boost its malware and intrusion detection capabilities. According to the proposed budget released on Monday, "a more robust US-CERT will increase the cyber security posture...

Tags: U.S. Department Of Homeland Security, US-CERT, Data Centers, Intrusion Detection, Social Security, Network Security, Storage, Security, Hardware, Data Management, Government, Networking, Larry Dignan

Blog posts 2008-02-05

Playing It Safe: Avoiding Online Gaming Risks

New technologies and high-speed internet connections have helped online gaming become a popular pastime on the internet. Because gamers invest large amounts of time and money in today's sophisticated games, others see an opportunity for mischief or illicit profit. The technological and social risks of online games should be understood...

Tags: Risk, Online Game, US-CERT, Games, Strategy, Personal Technology, Management

White papers 2008-01-01

US-CERT warns of Microsoft Access Database attacks

On the same day Microsoft issued fixes for at least 11 Windows software flaws, the U.S. Computer Emergency Response Team (US-CERT) warned that hackers were using malicious Microsoft Access databases to launch attacks against unknown targets. According to a US-CERT alert, the attacks are using an unpatched...

Tags: Database, Microsoft Access, Microsoft Corp., Attack, Flaw, US-CERT, Microsoft Office, Databases, E-mail, Security, Office Suites, Software, Enterprise Software, Data Management, Online Communications, Ryan Naraine

Blog posts 2007-12-12

Oak Ridge attacks linked to China

A US-CERT memo obtained by the New York Times strongly suggests that China is behind the phishing attacks on US nuclear weapons research labs. Starting in October hackers launched "coordinated and targeted attacks" on the Oak Ridge National Laboratory, the memo said. The attacks were traced to...

Tags: Lab, Hacker, Attack, US-CERT, Phishing, Cyberthreats, Spam, Hacking, Security, Identity Theft, Viruses And Worms, Spam And Phishing, Richard Koman

Blog posts 2007-12-10

ActiveX flaws haunt QuickBooks Online

ActiveX flaws haunt QuickBooks OnlineActiveXPeople still using ActiveX for development? It's ActiveXploitWhich is why you don't use Microsoft tech. on the WebAnd why you need to run from websites that use it. ESPECIALLY sites that deal with your financial data.Look at Monster.com - huge .ASP shop and broken into....

Tags: ActiveX/COM/COM+/DCOM, Middleware, Development tools, operating system, QuickBooks Online, Intuit QuickBooks, ActiveX, US-CERT, Intuit Inc., security

Discussion threads 2007-09-05

US-CERT heads to Estonia to help, learn about cyberattack

US-CERT Computer Emergency Response Team is headed to Estonia to do a little forensics on the well-reported cyberattack that took out much of the small country's infrastructure, InfoWorld reports.Gregory Garcia, assistant secretary for cyber security and telecommunications with DHS, said: "We are sending someone from our organization ... to help...

Tags: International, Homeland security

Blog posts 2007-07-03

Why CERT should be decertified (1)

Last week the CERT Institute developed at Carnegie Mellon University and now part of the "the operational arm of the National Cyber Security Division NCSD at the Department of Homeland Security," issued an annual systems security review and summary that drew They're misleading the public. That's irresponsible at best, dishonest...

Tags: CERT, US-CERT, Unix

Blog posts 2006-01-10

What operating system has the most vulnerabilies?

From US-CERT:Cyber Security Bulletin 2005 Summary2005 Year-End Index Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on...

Tags: Operating systems, SECURITY, vulnerability, operating system, US-CERT

Blog posts 2005-12-30

US-Cert report on spyware

US-Cert has published a report on spyware, http://www.us-cert.gov/reading_room/spyware.pdf, a 15-page document that includes an overview, definition and examples of different types of threats. Starting on page 10 defensive measures are outlined, emphasizing education and awareness. It notes that social engineering is a major means of distributing spyware by tricking users...

Tags: spyware

Blog posts 2005-08-22

National cybersecurity test set for fall

National cybersecurity test set for fallSkynetIt's becoming a reality folks, the terminator runs California and now the govenrment will start testing Skynet. Lock down yor firewalls, it's gonna be a bumpy ride. Of course, does that mean that California would be spared?Planning vs DoingI keep hearing all this talk about...

Tags: Government, Channel management, SECURITY, Andy Purdy, Cyber Storm, Skynet, US-CERT, Web

Discussion threads 2005-07-22

Additional Resources

Microsoft's Windows 7 chief: It's not us; it's your batteries

Windows President Steven Sinofsky posted to the Engineering Windows 7 blog about the growing number of alleged battery-notification issues reported by some customers over the past week. If you want to know all about battery performance, telemetry data, and more, read his full February 8 post. If you don't have...

Tags: Battery, Microsoft Corp., Microsoft Windows 7, Engineering, Microsoft Windows, Operating Systems, Software, Mary Jo Foley

Blog posts 2010-02-08

The price of free: Google's calendar mess

I've been accused of being a Google fanboi once or twice. I might even deserve the term, although I like to think that my Google fan status is the result of some great experiences with their Apps products, especially in my professional life. Their products are free to...

Tags: Google Inc., Google Apps, Cloud Computing, Christopher Dawson

Blog posts 2010-02-08

SAP: the challenges ahead

It's started. Speculation around whether SAP ex-CEO Leo Apotheker jumped or was pushed, a trawl through past failures, an implied writing off of SAP because its strategy seems muddled and as for SaaS? Pfft. This is what SAP insiders are telling me. The...

Tags: SAP AG, Vinnie Mirchandani, Consulting Operation, Vishal Sikka, Software As A Service (SaaS), Managed Hosting, Middleware, Strategy, Emerging Technologies, Enterprise Software, Software, Management, Dennis Howlett

Blog posts 2010-02-07