Mozilla has released Firefox 3.5.4 with fixes for a wide range of serious security vulnerabilities.The most serious issue could allow a malicious hacker to take complete control of a computer by simply tricking a user into visiting a rigged Web page. In all, Mozilla released 11 advisories, six rated critical. Here’s a list of the security vulnerabilities being addressed:
The U.S. Computer Emergency Readiness Team warned BlackBerry users on Tuesday about a new program called PhoneSnoop that allows someone to remotely eavesdrop on phone conversations.The PhoneSnoop application must be installed on the phone by someone who has physical access to it or by tricking the user into downloading it, the CERT advisory said. Read the full story [CNET/Elinor Mills]
At the ToorCon San Diego conference, a CNN iReporter talks with security professionals about basic security issues and then see Marty Morrow escape from handcuffs without a key!
Hackers using a sophisticated network of banking Trojans money mules have stolen about $40 million from small and medium-sized businesses in the U.S., according to the latest installment in a series by Washington Post writer Brian Krebs.
Visitors to technology blog Gizmodo are being warned that they could have picked up more than tips about the latest must-have gadget. A statement on the Gizmodo website admits that it was tricked into running Suzuki adverts which were in fact from hackers. Read the full story [BBC News]
Virus hunters are raising the alarm for a large-scale spam attack
that uses fake Facebook password-reset messages to trick PC users into
downloading a dangerous piece of malware.
The malicious executable is linked to the Bredolab botnet, which has
been linked to massive spam runs and identity-theft related attacks.
It’s not just credit cards and debit cards
that are at risk of fraud: pre-paid gift cards can also easily be
cloned and stolen by cybercriminals, according to newly published
research [pdf] from U.K-based Corsaire.
Why bother breaking down the door if you can simply ask to be let in? The SANS Diary has an excellent entry on just how valuable social engineering is to attackers — whether during penetration testing or as part of real world attacks. It explores the techniques used to marry offline social engineering lures with online attacks and the clever real world attack techniques that can end with malware installation on a computer system. Read the full diary [sans.org]
President Barack Obama has nominated Caryn
Wagner to be the Homeland Security Department s intelligence chief, a
position that oversees information technology systems designed to share
information with federal, state and local officials.
In
what is being described as a “deliberate and sophisticated crime,” the
Guardian newspaper in the U.K. says the careers section of its Web site
was hacked, exposing sensitive data belonging to about half a million
users.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
