About
"Distrust and caution are the parents of security" - Benjamin Franklin
Dealers–Twitter scammers who create fake profiles on the social media site and sell their sets of followers–are adapting their workflow just enough to stay under the social media site’s radar, according to security firm Barracuda Labs, who recently wrapped up a 75 day study analyzing the buying and selling of Twitter followers.
Internet search conglomerate Yahoo is being sued by one of its users for negligence after the usernames and passwords of approximately 450,000 of its users were leaked by a hacker online last month.
On average, there were almost five fraudulent phone calls every minute earlier this year according to a report released today from security firm Pindrop Security. The Atlanta-based company found phone fraud was up 29 percent January to June this year from the last half of 2011 after it analyzed 1.3 million different instances as part of its 2012 State of Phone Fraud Report.
Over the last few weeks an attacker used a collection of illicitly obtained usernames and passwords to infiltrate a number of Dropbox accounts, including one belonging to a Dropbox employee. The usernames and passwords were stolen from other, third-party websites, Dropbox officials said, finally confirming the breach, which had been rumored for several weeks.
Attackers are now using DDoS services that offer attacks on telecommunication systems as part of larger attack schemes. These attacks, known as TDoS attacks, can be a relatively cheap option for cybercriminals looking into diversifying their attack vectors.
Two men have been arrested in South Korea for allegedly leaking the information of almost nine million of the nation’s mobile phone users, including details of the users’ monthly plans, according to a report issued by the Korea National Police Agency’s (KNPA) Cyber Terror Response Center (CTRC) over the weekend.
The number of SQL attacks jumped by nearly two thirds earlier this year according to cloud hosting firm FireHost who recorded over 450,000 blocked SQL injection attacks between the first and second quarter this year.
Microsoft gave its users steps earlier this week to sidestep a vulnerability in one of Oracle’s Outside In libraries. The company published some mitigations for the bug, but said it isn’t aware of any active attacks against it yet.
Madi, the religiously-titled spyware that was discovered last week and thought to be dead, appears to be making a comeback, complete with updates.
German industrial control system manufacturer Siemens announced Monday that it had patched holes in some of its products that appear to resemble holes used by the famous Stuxnet worm in 2010. If left unpatched, vulnerabilities in the company’s Simatic STEP 7 and Simatic PCS 7 software could have allowed the loading of malicious Microsoft Dynamic-link Library files. This in turn could lead to an attack against systems that use STEP 7, a la Stuxnet.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
