The resumption this week of distributed denial of service attacks against major U.S. banks brought not only more cost and disruption to financial institutions trying keep online services available, but it also raised new questions about the funding and true motives behind the attacks.
The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning.
A number of U.S. banks are dealing with online service disruptions as hacktivists reportedly have launched another round of distributed denial of service (DDoS) attacks against financial institutions.
Researchers at Seculert have discovered a link between spear phishing campaigns targeting Japanese and Chinese journalists, post-Mandiant’s APT1 report, and domains connected to the Aurora attacks on Google and the Shady RAT campaign.
Google raised the degree of difficulty for Pwn2Own and Pwnium hacking contestants by patching 10 vulnerabilities in its Web browser last night.The popular contests, which kick off tomorrow in Vancouver at the CanSecWest Conference, feature millions in prize money for researchers who can crack not only Chrome and the Chromium operating system, but Microsoft’s Internet Explorer, as well as Adobe Reader and Flash, Oracle’s Java platform and others.
Oracle’s new security model for Java, in place since the release of Java 7 update 11, is under serious fire now that attackers have demonstrated in the wild how to bypass the updated controls with the help of social engineering.
Oracle has once again released an emergency Java update to patch zero-day vulnerabilities in the browser plug-in, the fifth time it has updated the platform this year. Today’s update patches CVE-2013-1493 and CVE-2013-0809, the former was discovered last week being exploited in the wild for Java 6 update 41 through Java 7 update 15.
Mozilla chief privacy officer Alex Fowler relayed a vivid anecdote last week during RSA Conference 2013 that illustrates the lengths third parties such as advertisers, data brokers and others who traffic in users’ online behavior will go to track you once you land on a website.
Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn’t end well or the vendor in question—in this case Oracle. Polish security firm Security Explorations, noteworthy for its Java security research, said today it reported five new vulnerabilities in Java SE 7 to Oracle. If combined, researcher Adam Gowdiak said, they can be used to gain a complete bypass of the Java sandbox.
SAN FRANCISCO – People who interact with online services have mounting privacy expectations that run in parallel with their need for a full experience with the functionality central to those services. But can users have their privacy cake and eat it too?
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
