Two years after a major flaw was exposed in the
Internet’s Domain Name System (DNS), a major upgrade to the
infrastructure protocol that fixes that weakness is now up and running
in all of the Internet root servers. Read the full article. [Dark Reading]
A researcher has uncovered a sophisticated check counterfeiting ring
that uses compromised computers to steal and print millions of dollars
worth of bogus invoices and then recruit money mules to cash them. Read the full article. [The Register]
Slovenian police will hold a press conference on Friday to discuss the
arrest of three men in connection the massive Mariposa botnet that was
disabled late last year. Read the full article. [IDG News Service]
Isolated strains of mainstream malware that took advantage of how the
zero-day Windows flaw first exploited by the sophisticated Stuxnet worm
began appearing late last week. The same approach has since been applied
by the dodgy sorts behind Zeus, a family of sophisticated toolkits
frequently used to steal bank login credentials and the like from
compromised systems. Read the full article. [The Register]
Google has released version 5.0.375.125 of Chrome, a security update that
addresses three “high” risk vulnerabilities in its WebKit-based browser.
According to the developers, two of the high risk issues could lead to
memory corruption while SVG handling or rendering code. Read the full article. [The H Security]
Organizations are getting hit by at least one
successful attack per week, and the annualized cost to their bottom
lines from the attacks ranged from $1 million to $53 million per year,
according to a newly published benchmark study of 45 U.S. organizations
hit by data breaches. Read the full article. [Dark Reading]
Citigroup has urged customers conducting mobile banking from their
iPhones to immediately upgrade because a security flaw in the older app
secreted account information on the smartphone. Read the full article. [Computerworld]
For the second time in two months, Mozilla has rushed out a fix
for Firefox to patch a problem with a browser update issued just days
before. Read the full article. [Computerworld]
Researchers who will present at Black Hat have discovered a hole in the WPA2 Wi-Fi security protocol. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document. Read the full article. [The H Security]
PHP 5.3.3 contains approximately 100 bug fixes. Among the security-relevant bugs are buffer overflows in the native MySQL driver. Support for 5.2 ends. Read the full article. [The H Security]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
