About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Researchers have discovered a variant of the Zeus bot malware that specifically targets users who perform online-banking operations from the mobile phones, playing on the increasingly common use of SMS-based one-time passwords in order to dupe users into loading the malware.
Microsoft has released updated workaround guidance for the ASP.NET padding oracle vulnerability, suggesting that customers use a technique to block requests that specify an application error. However, the researchers who developed the attack on ASP.NET have said that the workaround is not sufficient to prevent the attack.
The Spamhaus Project has debuted a new whitelisting service that is designed to be the inverse of the way that most approved-sender lists work. The Spamhaus Whitelist will exclude by default any IP address or domain that sends marketing or soliciting mail at all and will require domain owners to have an inviation in order to join the whitelist.
Researchers have discovered that a page on the My Opera community Web site is hosting malware related to an IRC botnet. The discovery comes just a couple of weeks after malicious code also was found on Google Code servers.
Microsoft is warning customers that it has seen ongoing attacks against the recently disclosed padding oracle vulnerability in ASP.NET and is encouraging them to implement a workaround that will help protect against the publicly disclosed exploit for the bug.
UPDATE– Within an hour of reports surfacing about a cross-site scripting bug on the Twitter home page, a worm exploiting the bug was released on the site. However, engineers at Twitter have repaired the bug and say that it no longer should be exploitable.
Adobe has released a patch to fix a critical vulnerability in its ubiquitous Flash Player software that was disclosed last week. The company pushed up its release plans for the patch after reports emerged that the bug already was being exploited.
Dennis Fisher talks with author Adam Shostack about the merits of the user-centric privacy model, why users don’t pay more attention to privacy and data collection and the need for smarter privacy regulations.
Google has added a two-factor authentication mechanism to the login procedure for its Google Apps offerings, hoping that the addition will help cut down on the amount of fraudulent activity on these accounts.
In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
