Online scam artists are using black hat search engine optimization (SEO) techniques to push more than just malicious software. In fact, SEO is increasingly being used to drive traffic to a range of phony Web based search engines that are feeding cost-per-click advertising scams, according to a blog post from Web security firm zScaler.
‘All your IDS are belong to us,’ was the message on Monday, after researchers at networking security equipment vendor Stonesoft announced the discovery of evasion techniques that could be used by sophisticated attackers to bypass network based IDS and IPS. The disclosure raises questions about the effectiveness of a wide range of networking security products, but experts say those kind of questions are nothing new.
Spammers are pushing out e-mail borne malware at unprecedented rates in an apparent attempt to build up botnets in advance of the busy holiday shopping season, according to a report by Google.
A report of a massive ‘privacy breach’ at Facebook reveals, instead, the rickety underpinnings of the modern Internet straining at the demands of new applications.
When the Wall Street Journal broke a story on Monday about a “Privacy Breach” at Facebook, all the elements were in place for a tech-driven earthquake: the world’s largest social network, the privacy of what the Journal described as ‘tens of millions’ of users of Facebook applications (or ‘apps’) including mega hits like Zynga’s Farmville.
Anyone who has received “notification” of funky activity on their credit card, or an urgent e-mail plea from the widow of Mobutu Sese Seko won’t be surprised to learn that information theft is a big problem.
US CERT has issued an advisory following the release, late last week, of a critical patch from RealNetworks for seven vulnerabilities in its common RealPlayer software. CERT recommended users and administrators to review the advisory from Realnetworks to determine which RealPlayer products were affected and to patch any vulnerable systems.
It’s been tried before, but NSS Labs founder Rick Moy says his company’s new Exploit Hub – a store front for exploit code – can work. In an interview with Threatpost.com, he explains why the current market for exploits doesn’t work for the good guys, and why zero day exploits don’t help anyone.
Less than a week after the Cryptome.org archive was hacked and defaced, the site has posted the names, addresses and phone numbers of two individuals it accuses of being involved in the attack.
Three months after the world first learned of the sophisticated Stuxnet worm, insiders say that there’s a scramble to find and hire engineers with knowledge of both security and the industrial control systems that were Stuxnet’s intended target.
Spammers have jumped on the little-used soft hyphen (or SHY character) to fool URL filtering devices. According to researchers at Symantec Corp., spammers are larding up URLs for sites they promote with the soft hyphen character, which many browsers ignore.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
