Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

CD-ROM Attack Threatens Credit Unions

Using an expensive form of old-school tactic US credit unions are receiving a package from hackers that contain two CD-ROMs. The accompanying letter, purportedly from the National Credit Union Association, warns credit unions of phishing and vishing attack risks. The letter urges credit unions to review training material on the enclosed CD-ROMs. Once inserted the CD-ROMs install malicious code onto the computers of these financial institutions.

Click here for more information.

Mass web infection pinned on hardened crime gang

As reported in the News Bits earlier this week, an effort has been silently underway, using SQL injection to silently implant iframes in pages. Unsuspecting visitors to such sites can find their computers infected without downloading data. Earlier this week the number of English-based webpages was at 57,000. Today that number is 70,000.

Earlier this year a similar, silent attack racked up 3 million Chinese webpages. Another effort captured 40,000 webpages in India.

While appearing to be slightly different in code, the domain naming footprint structure is the same leading researchers to determine the work of all three efforts is the work of a single cybergang.

Click here for more information.

NHS heals serious spoof email flaw

Dating as far back as February 2007, the UK’s National Health Service’s website allowed cybercriminals the ability to modify content and sent e-mails out from NHS’ site. The cross-site scripting (XSS) vulnerabilities have only recently been repaired.

Comment: One of the main points of cyberwarfare is that of changing things “enough” where people still believe the information, but is off enough to create “disturbance”. In this case content could have been changed to provide incorrect medical advice, thus causing harm to the populace.

Click here for more information.

Twitter botches patch from nasty account-hijacking bug

Twitter users face another avenue for their accounts to be attacked. Using XSS, or cross-site scripting methods, hackers can take advantage of 3rd party applications twitter users use to stay up-to-date with the latest tweets. By simply viewing a booby-trapped tweet a javascript is pulled down onto the user’s computer. The code has the potential of changing profiles, posting tweets and stealing authentication cookies. The vulnerability rests with the API 3rd party programs people use to more efficiently interact with their Twitter group.

It should also be noted that such 3rd party applications themselves are insecure, such as HootSuite, TweetGrid, tr.im, TweetDeck and Twhirl.

Click here for more information.

Phishers cut bait, slip on Trojans instead

Whether a true shift or a temporary dip, various researchers have noticed a drop in phishing e-mails. What appears to be taking up the slack are Trojans aimed at the banking industry to gather information on its customers. During the first 6 months of 2009 phishing made up 0.1 percent of all spam while close to 1 percent of spam for the same period in 2008 came from phishers

Of the phishing e-mails out today, 64.6% target North America while 32.5% target Europe.

Theories include the US economy is speculated to be improving faster than Europe’s so the larger percentage of remaining phishing targeting the US while stronger malware efforts take place in Europe. Another theory proposes efforts will pick up around the holidays.

Click here for more information.

How to turn a world leader into a fourth-rate broadband economy

Countries around the world have been advancing their broadband networks. Australia has even initiation a bold, national plan to bring high speed broadband to 98% of its citizens. The US, however, has lagged. South Korea, with the highest speeds of 20.4Mbps, followed by Japan at 15.8, Sweden at 12.8 and the Netherlands at 11.0mbps. There are 24 other countries with average broadband speeds that are faster than the US. In the US the average speed is 5.1Mbps.

18% of the country doesn’t even meet the FCC’s definition for current-generation broadband with an always-on connection of 768kbps downstream. It was also found that cost has an impact on subscription rate, ranking the US as number 15.

While Obama’s administration has an ambitious stimulus plan to enhance the US’ broadband infrastructure it must deal with the remnants of the Bush Administration that allowed the telecommunications companies to move backwards towards monopolistic practices, forcing fewer local options for its citizens. So while stimulus money is on the table, the larger providers are steering clear of the funds, continuing to take in the large revenues they enjoy today.

Click here for more information.