Threatpost for B2B
A German security company spent 18 months analyzing malware among millions of Web sites ranked by the world's most popular search engines and concluded Google was safer than Bing.
A form of spyware first seen in 2008 and known for siphoning away users’ bank account credentials, emails, screenshots and various other bits of information has surfaced again – this time targeting computer users in India.
MIAMI BEACH--The security teams that have to defend enterprise networks are faced with a broad and deep threat landscape populated with all manner of malware and targeted attacks. Those teams often have to react quickly to new threats, well before vendors respond with new technologies. By the look of things on the offensive side of the ball, much of which is on display at the Infiltrate conference here, things are not likely to get any easier for network defenders anytime soon.
As if hurtling through the air at 500 miles per hour in an enormous meshing of metal and wires wasn’t terrifying enough, security researcher Hugo Teso presented a practical demonstration of a remote airline attack in which he took complete control of a virtual aircraft’s flight management system (FMS) at the Hack-in-the-Box security conference in Amsterdam yesterday.
Cisco clarified today that its Linksys EA2700 home routers running the new Smart Wi-Fi firmware released last June are immune to vulnerabilities disclosed this week by a researcher. EA2700 routers, however, that are still running on the classic EA2700 configuration remain vulnerable to a host of flaws and more than 2,000 vulnerable to an authentication bypass exploit can be found on the Shodan search engine.
MIAMI BEACH--The U.S. military has been attempting to build up the offensive cybersecurity capabilities in its various services for several years now, but is running into the same obstacles and challenges that private sector firms in the same space are: a shortage of skilled workers and not enough money to hire the ones who have the skills. Those deficits could portend a reevaluation in the way that the military handles cyber operations and who is involved in them.
A cybercrime gang has been running roughshod over the gaming industry for years using malware signed with valid digital certificates to steal source code and valuable in-game currency for a number of popular online games.
Microsoft reportedly will implement two-factor authentication on users’ accounts at some point down the line, according to reports this week.
Attackers targeting Tibetan freedom supporters aren’t holding back when it comes to using all avenues to infect activists with malware. In a relatively short amount of time, we’ve seen Tibetan nationals in China and in exile around the world targeted with spear phishing campaigns, watering hole attacks, hacks against Android mobile devices and now the latest vector: social media sites.
The streaming video service Vudu on Tuesday began resetting its customers' passwords after thieves broke into the company's Santa Clara, Calif. headquarters and stole a number of items, including hard drives holding customer data.
Mozilla has pushed out the second beta version of its Persona authentication system . The move is the latest step in the company’s campaign to rid the Web of passwords and make it easier for consumers to log on to sites regardless of the browser they’re using.
UPDATE - In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago.
Adobe published its monthly security bulletins today, pushing out updates that address issues in the company’s ColdFusion platform as well as its Flash and Shockwave Players.
The first bulletin provides a hotfix for Adobe’s ColdFusion platform, resolving anonymously reported flaws that could allow attackers to impersonate authenticated users or gain unauthorized access to the ColdFusion administrator console in versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX.
A researcher looking for a way to jailbreak locked down Motorola Android devices found a loophole in hardware-embedded security system to do just that.
The United States government for years has been developing and deploying offensive cyber capabilities, most of it done without much in the way of public notice. That's been changing of late, as government and military officials have become more open in discussing these capabilities and under what circumstances they might be used. Now, the U.S. Air Force has said that it has classified six unnamed tools as weapons, mainly as a way to improve the chances of those tools receiving the funding they need.
Updated 4/10/13: The U.S. House Intelligence Committee voted 18-2 for the new version of CISPA, with the two dissents coming from Democrat members of the committee.
A cross-site scripting (XSS) vulnerability exists in the browser version of AirDroid, a cloud management application for Google’s Android phones. According to an alert from the US-Computer Emergency Readiness Team (US-CERT), at the current time, there is no patch planned and there is no logical workaround.
Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it’s everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they’re buggy and they’re everywhere.
Dennis Fisher talks with Paul Judge, the CTO of Barracuda Labs, about his roots in the security industry, his near-miss with organic chemistry, the start-up and security community in Atlanta and what his next venture might be.
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.