About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
A new version of the Koobface worm is making the rounds of Facebook this week, this time in the guise of an invitation to view a fake YouTube video. The link takes users to a page asking them to install an updated version of the Flash player, which is instead a piece of malware.
The resilient Conficker worm has spent the last few months wreaking havoc on millions of infected PCs around the world, and it now looks like the worm is set to potentially cause some trouble for Southwest Airlines as well. Computerworld is reporting that the infected machines will attempt to contact a site owned by the airline on March 13 in attempt to download new instructions.
With the economy cratering, staffs and budgets being cut and resources scarce, cloud computing has quickly become the prettiest girl at the prom. IT managers love its convenience and power and accounting departments are quite fond of its cost efficiencies.
But what of security and privacy? Where do they factor into the equation, if at all?
Tens of millions of people have lost their jobs in recent months, and a huge number of them are taking proprieatry company data with them when they leave, according to a new study. The study shows that almost 60 percent of people who leave or are fired from a job are swiping information.
Brian Krebs at The Washington Post has the full story on the report, which is the work of the Ponemon Institute.
More than a month after the US-CERT alerted users to the problems with the instructions for disabling the AutoRun capability in Windows, Microsoft has released a fix for the AutoRun problem.
At the Black Hat DC conference last week, Moxie Marlinspike gave a fascinating talk on the various weaknesses in the SSL infrastructure and a number of novel ways he’s discovered to exploit them. Jeff Moss, Black Hat’s founder, talked to Marlinspike about the attacks.
Gmail users have had a rough time of it this week. Just a few hours after the hugely popular webmail service cratered on Tuesday morning, the instant-messaging feature associated with the site became the target of a phishing attack.
Reports have been circulating in the last couple of days about an unpatched vulnerability in Microsoft Excel, and the software giant has now confirmed the problem. The flaw allows attackers to run code on remote machines if they can entice a user into opening a malicious Excel file.
It’s been more than six months since Dan Kaminksy detailed the problems he had found lurking in the DNS system, and the coordinated patching effort that followed his discovery was nothing short of extraordinary. A huge percentage of the vulnerable servers were patched before the details of the flaw came out, thanks to behind-the-scenes work by Kaminsky, Microsoft, CERT and others.
Despite what you may have seen on 24 or read in Tom Clancy’s novels, the United States is well behind much of the rest of the world in developing both defensive and offensive cybersecurity capabilities, and that’s a deficit that may end up costing us dearly in the long run, according to a longtime government security expert.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
