About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
CAMBRIDGE–Researchers and security vendors have been telling us for years now that attackers have developed sophisticated, targeted attacks designed to separate victims from their money as quickly and cleanly as possible. If that’s so, why aren’t all of us being compromised on a regular basis? A researcher from Microsoft Research posited at the WEIS 2010 workshop Tuesday that the answer is simple economics.
Adobe said on Monday that it will have a patch available for the newly discovered critical vulnerability in Flash ready by June 10 for most platforms. The patches for Adobe Reader and Acrobat, which also are affected by the flaw, won’t be released until June 29.
LIMASSOL, CYPRUS–The operators of large-scale botnets such as Gumblar and others for years have relied upon stealth, creativity and guile to hide their creations from researchers and authorities for as long as possible. This has been especially vital for botnets with centralized command-and-control mechanisms. But the recent success of sophisticated, resilient peer-to-peer botnets has shown that level of effort isn’t necessary anymore.
Another mobile-phone manufacturer has fallen victim to an increasingly common attack in which phones’ memory cards are infected with malware during the manufacturing process and then shipped out to customers. The latest victim is Samsung, which has acknowledged that the microSD cards in a batch of its S8500 Wave mobile phones sold in Germany were infected with an autorun Trojan.
In this talk from the Kaspersky Lab Security Analyst Summit in Cyprus, independent security researcher Kurt Baumgartner discusses the inner workings of the infamous Eleonore exploit kit and the business model behind it.
LIMASSOL, CYPRUS–When an unknown attacker compromised three domains belonging to the U.S. Bureau of Engraving and Printing last month, it became big news, mainly for the brazenness of the attack against a federal Web site. The bigger news, however, turned out to be that the attack involved the use of the Eleonore exploit kit, a sophisticated and well-developed toolkit for attackers.
Jose Nazario of Arbor Networks gives a talk at the Kaspersky Lab Security Analyst Summit in Cyprus about the hype around cyberwar and the roots of politically motivated DDoS attacks and what they mean in today’s climate.
LIMASSOL, CYPRUS–The scareware and rogue anti-virus epidemic that has been earning attackers millions of dollars for the last few years has spawned a devious new offspring: SMS blockers. This class of malware, which demands that users send SMS text messages to premium numbers, has recently taken off in huge numbers in Russia and parts of Asia, experts say.
Scammers and phishers are continuing to adapt their recruitment tactics, now going so far as to create special Facebook groups for their work-at-home scams.
In case you needed any reminders that privacy is one of the more pressing problems on the Web right now, this week’s news provided plenty of them. Along with stories of Facebook’s continued privacy missteps, this week gave us the gift of Google letting users install some Google code to opt out of other Google code, as well as Adobe perhaps moving to a monthly patch cycle. Read on for the full week in review.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
