About
"Distrust and caution are the parents of security" - Benjamin Franklin
A vulnerability exists in some components of BlackBerry mobile devices that could grant attackers access to instances of the company’s Enterprise Server (BES), according to Research in Motion (RIM), which issued an alert and released a patch for the vulnerability last week via its Knowledge Base support site. BES, the software implicated by the vulnerability, helps companies deploy BlackBerry devices.
Hackers and data recovery specialists alike could soon be turning to a new technique that under the right conditions can allow for the harvesting of personal information from phones, even after they’ve been frozen.
UPDATE – With enough work, users can bypass the lockscreen on Apple’s ubiquitous iPhone by exploiting a flaw on its most recent operating system iOS 6.1. By simply making an emergency call and holding down the power button on an iPhone twice, users can gain access to the device’s phone feature, view and edit contacts, check voicemail and look through photos, according to reports today.
Researchers have noticed a spike in cyberattacks over the past few weeks targeting the Uyghur people, a Turkic ethnic group based primarily in China and Kazakhstan. The attacks have been exploiting a Microsoft Word vulnerability patched in June 2009, according to a Securelist post by Kaspersky Lab Senior Security Researcher Costin Raiu yesterday.
Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities.
Cybercriminals tested the water in 2012 with malnets — collections of domains, servers and websites designed to deliver malware -– and appear poised to target mobile devices even more so in 2013, according to a new report released yesterday.
A malvertising campaign that’s lasted almost half a year is staying alive thanks to infected web advertisements being circulated by otherwise clean ad networks.
Under an EU law proposed yesterday, a collection of firms across Europe would have to alert regulators when they’ve been hacked, suffered a data breach or been attacked online.
PostgreSQL, a database management system for Linux, FreeBSD and other platforms patched a hole today that could have opened the system up to a denial-of-service (DOS) vulnerability in addition to a slew of other security flaws.
A combination of vulnerabilities in D-Link’s DIR-300 and DIR-600 routers could allow an attacker to inject arbitrary shell commands and ultimately compromise the device, according to German security researcher Michael Messner who publicly disclosed the flaw on his personal blog Monday.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
