Internet Security Online

Microsoft plans to release a pre-patch advisory with workarounds for a “highly critical” vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers.

Read full article here

Recent widespread debit-card fraud likely has roots in three major data leaks that occurred in the last six months, two of which have yet to be publicly disclosed by the companies involved. Consumers have noted a large increase in the amount of debit-card fraud since the beginning of 2006, as well as a wide recall of cards by banks and financial institutions.

A newly discovered flaw in Microsoft’s Internet Explorer browser can cause the browser to crash and may expose PCs to another round of nasty Internet hack attacks, security firms said Tuesday.

Read full story here

SAN FRANCISCO, March 20 (Reuters)—VeriSign Inc. introduced a new broad-based security service on Monday that helps businesses monitor cyber threats and warns companies where they are most vulnerable to a crippling attack.

The Security Risk Profiling Service gives organizations a way to quantify threats and decide what immediate measures they need to take to plug specific security holes that could lead to loss of financial or other sensitive information.

The StopBadware.org coalition, funded by Google, has listed the Kazaa file-sharing application at the top of a list of noxious software programs that present a threat to business and consumer users.

The coalition, which counts Sun Microsystems and Lenovo among its sponsors, will recommend in its inaugural Badware Report that users stay away from Kazaa and three other programs that can be combined with Trojans and bots for use in data theft attacks.

SAN FRANCISCO - A pioneer of software that delivers pop-up ads based on Web sites that Internet users browse said Tuesday it will exit that business by June following persistent criticism from online publishers, consumer groups and privacy advocates.

Claria Corp. had said last summer it was phasing out its adware business in favor of new personalization services, but it did not commit to a timeline or promise to drop such ads entirely. Tuesday’s announcement is the first such commitment.

Researchers at Websense Security Labs have stumbled upon a password-stealing Trojan that uses sophisticated DNS redirection techniques to dodge server shutdowns and hijack online banking data.

The new phishing attack targets users of more than 100 financial institutions in the United States and Europe, including Bank of America, HSBC, Barclays Bank, Lloyds TSB.

Read full story here

Uganda, Senegal, Uzbekistan, Moldova, Ecuador, Haiti—name any impoverished country in the world, and the U.S. Agency for International Development is probably there on the ground. Increasingly, however, USAID’s humanitarian offense is relying on a solid IT security defense.

A D.C.-based non-profit public interest group is kicking off a multipart campaign designed to spotlight companies who pay to advertise their products via software that is often installed without the user’s full knowledge or consent.

The Center for Democracy and Technology today released the names of nearly a dozen companies who are among the biggest customers of 180solutions, a Bellevue, Wash., adware maker whose storied history with unauthorized installations has been the subject of numerous Security Fix blog posts and other articles.

A security watch at PCMag.com discusses the current security issues from phishing, to Mac and Microsoft updates.

Read full article here.