About
"Distrust and caution are the parents of security" - Benjamin Franklin
A passcode flaw in Apple’s iOS 5 could allow unauthorized access to an iPhone user’s contacts list, recent calls, voicemail, text messages and more, according to a recent blog post from CultofMac.com.
Google and several other advertising companies have allegedly been evading the privacy controls of Apple’s Safari browser by placing a special kind of tracking code on a handful of sites, according to new research done by Stanford grad student Jonathan Mayer.
One day after the company released its monthly patch update, Adobe was out again with an emergency update to its Flash Player software, fixing seven holes, six that could lead to remote code execution and one that’s already being exploited in the wild.
A day after it was announced that Canadian telecommunications firm Nortel had been hacked for nearly 10 years, a prominent expert on sophisticated cyber attacks says the lengthy breach may have contributed to the company’s eventual collapse.
VIEW SLIDESHOW Scenes from SAS 2012At Kaspersky Lab’s Security Analyst Summit last week, over 100 researchers and law enforcement officials converged in Cancun, Mexico over the course of five days to network and discuss a veritable cornucopia of security topics. Topics such as privacy, SCADA and PLC security, tracking cybercriminals and the evolution of malware were discussed in depth.
Microsoft released nine security updates Tuesday, four critical; five important, fixing 21 different holes in various applications with its February patch release. The four critical fixes deal with vulnerabilities in the company’s Windows, Internet Explorer, .NET Framework and Silverlight programs that could allow remote code execution if left unpatched.
Microsoft will issue nine security updates, four critical, for Patch Tuesday next week, fixing 21 different vulnerabilities in Windows, Internet Explorer, .NET, Silverlight and Office.Seven of the nine may lead to remote code execution, while the other two may lead to elevation of privilege, according to Microsoft’s advance notification bulletin yesterday.
In his presentation on Friday, “Lateral Movement and Other APT Interaction Patterns within the Enterprise,” HBGary CEO Greg Hoglund reviewed a multitude of modern day Advanced Persistent Threats (APTs) while breaking down the four stages of an attack.
Terry McCorkle, a Seattle-based researcher presented the results of an independent study on Supervisory Control and Data Acquisition Systems (SCADA) and Industrial Control Systems (ICS) where he and his research partner Billy Rios attempted to find 100 bugs in 100 days. They wound up finding 1000+ bugs in 8-9 months, 95 that were easily exploitable. McCorkle went on to call many of them “blatantly obvious” and “straight outta of the ‘90s.”
Gathering his statistics from the Kaspersky Security Network, Denis Nazarov, head of Kaspersky Lab’s Anti-Malware Research US, compared infection rates on x86 and x64 versions of Windows while describing Kernel Patch Protection technology.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
