UPDATE – With companies flocking to cloud services such as Amazon Simple Storage Service (S3) to store and serve static content on the cheap, naturally they’re making simple mistakes in doing so—and naturally, a savvy attacker is able to cash in.
Draped across the automobile’s front license plate is a printout, attached like it came off a roll of Scotch Tape. On the printout is a SQL statement; probably the last thing anyone would expect to see as a hood ornament. No one knows where the photograph came from or whether someone was trying to be funny, or legitimately trying to compromise the backend system controlling the traffic camera in the same photo. But one thing is for sure, this clever stunt has helped shed light on the insecurity of control systems.
LinkedIn has patched a number of exploitable vulnerabilities that could have led to phishing attacks, malware infections and the loss of credentials for users of the social network for business professionals.
When nations eventually adopt ground rules for conflict in cyberspace as they apply in an actual kinetic war, the Tallinn Manual on the International Law Applicable to Cyber Warfare, is likely to be their key reference material in doing so.
Two message boards used by the Sanny malware as a command-and-control channel have been shut down by the Korea Information Security Agency in conjunction with security company FireEye.
The Department of Homeland Security and the ICS-CERT issued an advisory yesterday warning of serious vulnerabilities in Siemens industrial control software deployed in a number of industries including water, gas and oil, and chemical.
Disruptions to businesses in South Korea continue today after hackers used wiper malware to take a number of banks and television networks offline yesterday. A number of financial systems at a half-dozen banks and production systems inside South Korea’s major television networks remain down, kicking off speculation as to who is behind the attacks and how they got in.
Google’s announcement that its Google Public DNS resolution service now supports DNSSEC is being applauded, but experts caution that despite Google’s high profile, this only puts a slight dent in a larger issue.
Information security is littered with bad analogies. And none sounds sillier than a watering hole attack, which plays off the tactic that dominant animals use when stalking food by loitering at a watering hole. Rather than chase their prey, a lion will wait for prey to come to it. Hackers are doing the same thing to a great degree of success. Rather than using a spear phishing email campaign to lure prey to them, hackers are infecting vulnerable sites of a common interest to their targets, and then redirecting them to malware and more badness.
A controversial Internet scanning project has come under fire for illegally accessing and running code on remote machines. The Internet Census 2012 project, revealed Sunday in a post to Seclists.org, discovered 420,000 embedded devices accessible using default credentials. The unnamed researcher behind the project then used the devices as a botnet to scan most of the IPv4 address space.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
