About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Dennis Fisher talks with Rob Cheyne of Safelight Security Advisors about the classical problem of user education, how much of an obstacle to security people are and the ways in which technology has made security more difficult.
Few phrases in the English language are as terrifying as, “We’re from the government and we’re here to help.” And that’s essentially what the Obama administration, in the form of the National Security Agency, is saying to the companies that run the country’s utilities and other privately owned critical infrastructure with its proposed “Perfect Citizen” surveillance and coordination program: You had your chance, now step aside and let us show you how it’s done.
For years now, Adobe Flash files have been a very useful attack vector for hackers and a serious security problem for end users and IT departments. Now, a German researcher is planning to unveil a new browser plug-in designed to prevent many common types of Flash attacks.
There’s an unpatched vulnerability affecting Internet Explorer 8 running on most current versions of Windows that could give attackers the ability to run code on remote machines. The flaw is a memory leak that gives attackers key information on the location of a specific address in memory, even with memory protections such as ASLR enabled.
There’s a new attack technique in use right now that enables attackers to inject Trojan code onto victims’ machines by disguising it as a Windows input method editor (IME).
The infection routines being used by some scareware and rogue AV gangs are much more comprehensive and far-reaching than many current analyses have shown, experts say, including some attacks that not only place a malicious script on a compromised server, but infect every single legitimate script on the server, as well.
Attackers are ramping up their attempts to exploit the recently disclosed vulnerability in the Windows Help and Support Center in Windows XP. There have been targeted attacks against the flaw for two weeks now, but experts have noticed a major increase in the volume and spread of them in recent days.
Dennis Fisher talks with Eddie Schwartz, CSO of NetWitness, about a new study the company did on the level of awareness of advanced threats in the enterprise and what organizations are doing to respond to the latest targeted attacks.
In the third part of his talk on politically motivated DDoS attacks at the recent Kaspersky Lab Security Analyst Summit, Jose Nazario of Arbor Networks discusses the tactics and motivations for these attacks.
Most of the angst and controversy surrounding Google’s decision to remotely erase a benign application from a couple of hundred Android phones recently has centered just on the fact that Google has that ability–as well as the ability to remotely install apps. But, as one security expert says, that may be a minor piece of the puzzle.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
