Donald Sears

It’s Official: DNSSEC Fully Updated

Two years after a major flaw was exposed in the
Internet’s Domain Name System (DNS), a major upgrade to the
infrastructure protocol that fixes that weakness is now up and running
in all of the Internet root servers. Read the full article. [Dark Reading]

Major Check Counterfeiting Ring Uncovered

A researcher has uncovered a sophisticated check counterfeiting ring
that uses compromised computers to steal and print millions of dollars
worth of bogus invoices and then recruit money mules to cash them. Read the full article. [The Register]


Isolated strains of mainstream malware that took advantage of how the
zero-day Windows flaw first exploited by the sophisticated Stuxnet worm
began appearing late last week. The same approach has since been applied
by the dodgy sorts behind Zeus, a family of sophisticated toolkits
frequently used to steal bank login credentials and the like from
compromised systems. Read the full article. [The Register]

Google has released version 5.0.375.125 of Chrome, a security update that
addresses three “high” risk vulnerabilities in its WebKit-based browser.
According to the developers, two of the high risk issues could lead to
memory corruption while SVG handling or rendering code. Read the full article. [The H Security]

Organizations are getting hit by at least one
successful attack per week, and the annualized cost to their bottom
lines from the attacks ranged from $1 million to $53 million per year,
according to a newly published benchmark study of 45 U.S. organizations
hit by data breaches. Read the full article. [Dark Reading]

Citigroup has urged customers conducting mobile banking from their
iPhones to immediately upgrade because a security flaw in the older app
secreted account information on the smartphone. Read the full article.  [Computerworld]

Researchers who will present at Black Hat have discovered a hole in the WPA2 Wi-Fi security protocol. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document. Read the full article. [The H Security]