Sony hack.

playstation-logo
Sony has warned users of its PlayStation Network that their personal information, including credit card details, may have been stolen.

The company said that the data might have fallen into the hands of an "unauthorised person" following a hacking attack on its online service.

Access to the network was suspended last Wednesday, but Sony has only now revealed details of what happened.

Users are being warned to look out for attempted telephone and e-mail scams.

In a statement
posted on the official PlayStation blog, Nick Caplin, the company's head of communications for Europe, said: "We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network”.

See also their FAQ page:

http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Epsilon attack - "biggest security breach in US history"

epsilon_logo
The recent hack into Epsilon’s client database resulted in millions of client names and email addresses being stolen.

The suspicion is that this theft will lead to a spate of new spear phishing attacks.

http://personalmoneystore.com/moneyblog/2011/04/04/epsilon-database-hack-phishing-attacks/

Kaspersky Mobile Security 9

nexusKMS9 ENG3D LS NRWindows-Phone-7-Series-1
Kaspersky recently added support for Android and Blackberry to their Mobile Security 9 app, which was already supported on Windows Mobile and Symbian.

The nice thing about this app is that it has the ability to disable or clean a stolen smartphone, even if the SIM card has been replaced.

For the Symbian and Windows Mobile variants, you also have the ability to encrypt the data stored on your phone and deploy parental controls.

For a full list of features supported per Operating System, see:

http://usa.kaspersky.com/products-services/home-computer-security/mobile-security

In addition to these paid apps, Kaspersky also has an excellent free iPhone app - ThreatPost - the Kaspersky Lab Security News Service.

Click on their logo below to see their website:

threatpost_logo

Woops... Rabobank Internet Banking slip-up

iDEAL
During routine maintenance work on its Internet Banking service yesterday, 900 clients of the Dutch bank Rabobank were able to see the bank account details of other account holders, while checking their own accounts on-line.

The problem was quickly rectified by Rabobank by restarting the service, during which time the Internet Banking service was temporarily off-line.

No rogue transactions were performed during the time that the fault occurred, according to Rabobank sources.

http://www.rtl.nl

DNS.be name servers target of botnet attack

dns_be
DNS.be have just released a press statement regarding an ongoing botnet attack that started Sunday 4 April. The attackers and motives are as yet unknown.

http://blog.mxlab.eu/2011/04/05/2-dns-name-servers-of-dns-be-experienced-unusual-high-workload/

Lizamoon attack "most successful SQL injection attack ever"

_51958178_screenshotoffakesecuritysoftware,websense
I had just finished a presentation today on the very real need for web application protection to protect against SQL injection and Cross-Site Scripting attacks, when I came across the following two articles:

http://www.theregister.co.uk/2011/03/31/lizamoon_mass_injection_attack/
http://www.bbc.co.uk/news/technology-12933053

The attack injects a legitimate website with a link to a malicious site which, when accessed, loads a pop-up which attempts to get the site visitor to install a fake anti-malware product, pertaining to be from Microsoft.

To get an idea of how many sites have been compromised by the first wave of the attack, simply Google the following: “lizamoon[dot]com[slash]ur.php”.

As the attack spreads it has now been modified to inject links to other rogue domains hosting the same piece of malware.