Investigators in Minnesota are looking into a potentially large check fraud operation, in which checks submitted to the Department of Labor and Industry may have been used to steal account information. A state employee was led out of the building in cuffs last November, say reports, although is no longer in custody.
The owners of Chinese search engine Baidu are suing their registrar, Register.com, for the DNS attack that they suffered earlier this month, in which visitors to the site were taken to a defaced page.
Version 4.0 of BackTrack, the security-focused Linux distribution for penetration testers, is now officially shipping. The version, which had been in pre-release until now, features a variety of enhancements, including a broader set of tools and several bug fixes.
Four Texans were arrested in Cancun after trying to flee to Mexico to escape fraud charges in the US. They had allegedly defrauded companies including AT&T and others using a combination of wire and mail fraud.
D-Link closed a security hole in some of its routers that allowed remote attackers to exploit the system using the Home Network Administration Protocol (HNAP) feature.
Goodwill, a retailer that specializes in helping those with social and disability challenges, lost employee and participant records dating back 20 years after storing them in a safe in one of its stores. The safe was stolen by a thief. The organization has decided to begin storing tapes at its headquarters instead.
Security researcher Schlomi Narkolayev has discovered a clickjacking flaw that could be used to compromise Facebook and other sites. He recommends using Firefox with the NoScript extension to avoid the issue.
eSoft has noticed a new attack that uses embedded IFRAME HTML tags pointing to external sites using ports other than the standard port 80. 8080 appears to be a common alternative used by the attack, which eSoft says can get around many web filters.
Sunbelt Software points out that a large proportion of the Internet Explorer browsers hit Microsoft's update site at the same time looking for the patch that neutralised the zero-day vulnerability discovered earlier this month. It still worked.
SANS has reported a huge increase in SSH brute-forcing attacks.
Cisco warned of a buffer overflow attack in version 2.6 of its Internetwork Performance Monitor.
The card-issuing banks and credit unions who suffered from the Heartland Payment Systems data breach are not satisfied with the settlement is it offering to Visa to make the whole thing go away. They want more money.