About
"Distrust and caution are the parents of security" - Benjamin Franklin
The news this week revolved around complex and troublesome threats, notably two rootkits, TDL4 and ZeroAccess. Stuxnet reared its head once again as did a new problem with Cisco’s popular videoconferencing software. Read on for the full week in review.
In an effort to better weigh the security of cloud-based infrastructures, the Cloud Security Alliance has released a new toolkit, the Governance, Risk Management and Compliance (GRC) Stack. Available as a free download on the organization’s website, the collection consists of three tools: CloudAudit, the Cloud Controls Matrix and the Consensus Assessments Initiative Questionnaire.
There’s more to ears than meets the eye, at least according to recently released report by UK researchers, which finds that ear shape may be a more reliable measure of individuality than the widely-used fingerprint.
The storm clouds over mobile security continued to gather this week with news of a new browser exploits for Android and a URL attack for iPhones, while OWASP’s AppSec conference in D.C. provided an update on Uncle Sam’s security priorities. Read on for Threatpost’s security Week in Review.
Researchers at security firm Websense have found that Amnesty International’s Hong Kong site, amnesty.org.hk, is serving up a cocktail of malware that includes last week’s Internet Explorer 0-day.
A Connecticut man pleaded guilty to automatic teller machine (ATM) fraud on Tuesday following a scheme that conned $4.8 million from a Rhode Island bank over the last few years.
The SpyEye Tracker, a new site that hopes to trace the activity of the budding SpyEye Trojan, went live this week and shows the emerging SpyEye botnet to be global in reach, but still much smaller than the Zeus botnet with which it has merged.
With more than 600,000 copies of the FireSheep browser plug-in downloaded in a matter of weeks, Web security firm zScaler have released a new Firefox plug-in, BlackSheep, in hopes of combating attempts by those using FireSheep to try to hijack their Web session.
The specter of politically motivated cyber attacks reared its head again this week, while closer to home, the names of two software giants: Google and Adobe were all over the headlines when it came to security this week, as several bugs were found…and fixed in the companies products. Read
on for the full week in review.
Microsoft’s Bing is looking into SSL and other privacy
settings for the next version of their search engine. Currently the site strips
SSL when forced into HTTPS and in turn, brings up an advisory on browsers signaling
an unsafe connection.
Introduced at Toorcon, the Firefox extension allows
attackers to capture site cookies from users on unsecured wireless networks and
browse under their logon.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
