Serial port servers are admittedly old school technology that you might think had been phased out as new IT, SCADA and industrial control system equipment has been phased in. Metasploit creator HD Moore cautions you to think again. Moore recently revealed that through his Critical IO project research, he discovered 114,000 such devices connected to […]
It’s a familiar refrain: Attackers often have months of unfettered access to corporate networks; and security and network managers remain in the dark until they’re notified of serious breaches by third parties.
Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to deflate any good will toward Java that resulted.
Targeted cyberespionage attacks have dominated discussions within the security community and outside of it from the mainstream media to the halls of the executive and legislative branches of government. But until now, discussions about attacks stemming from China that target intellectual property from engineering, manufacturing and military interests in the United States, have been anecdotal […]
Details have been disclosed about vulnerabilities exploited in Chrome and Java during the Pwn2Own contest. Google made patches available for the Chrome flaw within 24 hours, while Oracle patched Java fully last week.
Thousands of U.K. business computers have been infected by espionage malware using a custom protocol to communicate with its command and control servers. Researchers at Israeli security company Seculert added that the malware is still percolating with a number of capabilities yet to be deployed. The custom protocol has another unique element to it, in […]
The next shoe has fallen in an effort to force wireless carriers and handset makers to provide regular security updates to Android mobile devices. The American Civil Liberties Union filed a complaint this week with the U.S. Federal Trade Commission accusing four leading carriers of deceptive business practices and knowingly selling defective phones to consumers […]
Two elders of information security came to Source Boston 2013 Wednesday morning to encourage the next generation to grab the torch from them and to urge great caution in diving too deeply into specialization.
The latest Java update released Tuesday includes new prompts warning users of potentially malicious applets, in addition to patches for 42 vulnerabilities, all but three of which are remotely exploitable. Java 7 update 21 is part of Oracle’s scheduled Critical Patch Updates for the program and browser plug-in. Zero-day vulnerabilities discovered and exploited throughout the […]
Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is based on data collected from more than one billion endpoints in more than […]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
