Researchers scanning the internet for vulnerable embedded devices have
found nearly 21,000 routers, webcams and VoIP products open to remote
attack, due to the fact that their administrative interfaces are
publicly viewable from anywhere on the internet and their owners have
failed to change the manufacturer’s default password. Read the full story [Wired/Kim Zetter]
CNet’s Elinor Mills has produced an interesting Q&A interview with security guru Bruce Schneier where the cryptographer pokes fun at the National Cyber Security Month, talks about his
background in crypto and working for the U.S. Defense Department, and
says he fears privacy invasion more from marketers than governments or
criminals. Read the full interview [cnet.com]
A single cybercrime group called “Avalanche” was responsible for nearly one-quarter of all identity theft-related phishing attacks in the first half of 2009, according to a new report by the Anti-Phishing Work Group (APWG).
It turns out Nigeria is taking measures to fight Internet
scams—law enforcement there has shut down close to a thousand websites
and made 18 arrests as part of a new initiative to save the nation’s
reputation and crack down on Internet scammers. The program, called
“Project Eagle Claw,” has only just begun, but Nigerian officials
expect it to be fully operational in 2010. Read the full story [Ars Technica].
According to new data from ClickForensics, botnet-infected computers are behind the majority of click-fraud attacks against advertisers and publishers.For the third quarter this year, about 43 percent of all fraudulent clicks came from computers within botnets. The figure
is the highest in four years, when Click Forensics began producing
reports. For the same quarter a year ago, botnets accounted for 27.5%
of bad clicks. Read the full story [Jeremy Kirk/IDG News Service]
If your cash card gets eaten by the automated-teller machine, it may not end up in the hands of a bank employee.European financial institutions are seeing a sharp rise in card “trapping,” where criminals use various tricks in order to capture and retrieve a person’s ATM card for fraudulent use. Read the full story [IDG News Service/Jeremy Kirk]
The Big Story podcast with Ryan Naraine – October 22, 2009Trident Risk Management’s Nick Selby joins the Big Story
podcast to discuss the latest news around Metasploit and Rapid7 and how this
affects issues around penetration testing and exploit creation and release.
Microsoft Windows 7 is on its way tomorrow, and it is bringing with it a set of security features Microsoft hopes will appeal to enterprises.The Windows 7 security story has three main chapters that have received a fair amount of attention – DirectAccess, BitLocker To Go and AppLocker. With these, capabilities like Branchcache and enhancements to features like user account control (UAC), officials at Microsoft feel they are pushing out their most secure operating system yet. Read the full story [eWEEK/Brian Prince]
The WordPress blog software has been upgraded to version 2.8.5 to backport a number of security hardening changes to make WordPress-powered blogs more secure.Here’s a glimpse of some of the security fixes being pushed out:
Virtualization software specialist VMware has shipped a massive batch of critical security updates to cover 48 security holes in a wide range of
its server and workstation products.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
