ICS-CERT updates a number of recommendations for critical infrastructure operators to prevent infections from the Shamoon wiper malware. Shamoon struck Saudi oil company Aramco, destroying more than 30,000 workstations.
Calls for Twitter to implement two-factor authentication would not have prevented the hijacking of the Associated Press account last week, experts said. Meanwhile, a new tool for detecting compromised social network accounts called COMPA, could provide a measure of early detection.
The United States Department of Labor website was hacked in a watering hole attack. The website was redirecting visitors to a malicious site hosting the Poison Ivy remote access Trojan.
The Electronic Frontier Foundation’s annual “Who’s Got Your Back?” report evaluates the privacy, advocacy and transparency positions of leading Internet companies. While most fared well, ISPs such as Verizon and AT&T, as well as Apple, Amazon and Yahoo, did not.
Mozilla has sent a cease-and-desist letter to the makers of the FinFisher spyware kit demanding that it stop embedding the notorious FinSpy program in a document masquerading as a copy of the Firefox Web browser.
Nowhere is the cat-and-mouse game between attackers and the security of users more evident than with social engineering schemes. Users’ awareness of phishing campaigns, for example, may be improving, but that’s just forcing attackers bent on identity theft and stealing payment card information to up their games.
The Google Play store has been an Eden for hackers wanting to get malicious code onto Android devices. A number of things made the marketplace too tempting for attackers to resist, including the open source nature of the operating system, lax vetting of developers, and the ability to modify code in runtime by pushing app updates from outside the store.
The secrecy of underground forums where financial malware and crimeware kits are traded is well guarded, to the point that few are able to penetrate them without some kind of internal sponsor. Here, criminals value their privacy as much as those from whom they steal. That’s what makes a recent discovery from RSA Security’s FraudAction […]
Another day, another smartphone lock screen bypass vulnerability. This time a flaw in a popular messaging application for the Android mobile platform is to blame. Viber, which is similar to Skype in that it allows users to make free phone calls and send instant messages, is vulnerable to a flaw that could allow an attacker […]
It’s not quite the development freeze Microsoft underwent during the Trustworthy Computing push, but it’s a start for Oracle, which will delay the release of Java 8 until Q1 of next year, largely because the platform and browser plug-in is such a security disaster. This year has done nothing but reinforce that notion. Start where […]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
