Mozilla recently announced some changes to the way it will interact with members of the security community who contribute code, bug reports and fixes for the Firefox Web browser and other open source tools under Mozilla’s watch. Michael Coates, director of security assurance at Mozilla, recently answered some questions about the changes and how they will impact how the organization deals with security researchers.
There’s nothing like a zero-day to ruin the holiday break, but that’s just what may be in store for engineers at Nvidia after a researcher discovered a new vulnerability in the Nvidia Display Driver Service. The flaw could hand over administrator privileges on Windows machines to an attacker.
Iranian officials are retracting Christmas day reports that malware resembling Stuxnet had been used to attack manufacturing facilities including a power utility in southern Iran.
The last year has seen a lot of changes in the threat landscape, with the emergence of a number of new cyber espionage tools such as Gauss and Flame, as well as an increase in the volume of malware targeting mobile platforms such as Android. Recently, Alex Gostev, the chief malware expert at Kaspersky Lab, answered questions submitted by users on Facebook, discussing the evolution of antimalware solutions, the threats to mobile devices and how governments around the world are handling the cybercrime explosion.
Not too long ago, it would have been extremely far-fetched to imagine buying crime services a la carte. But that’s the dynamic that emerged in 2012 to plague cybercrime victims on both the consumer and corporate end of the spectrum. The black-market infrastructure that supports cybercriminals is increasingly backboned by packaged malware, exploit kits, as well as hacks and fraud as a service. Expect that to continue and evolve in 2013, experts say.
In the early days of the Obama administration, the president declared cyberspace a critical asset. Since then, little more than lip service has been paid on a policy level to the security of the country’s critical infrastructure, despite increasing public awareness of the problem and high-profile attacks on business and government alike.
Virtualization vendor VMware has patched a critical vulnerability in its VMware View desktop virtualization product that could have led to a directory traversal attack and an attacker reading or downloading files without the need for authentication.
UPDATE — US-CERT issued advisories against a trio of Adobe Shockwave vulnerabilities that could allow an attacker to remotely execute code on systems running the vulnerable media player.
Instagram cofounder Kevin Systrom responded to a firestorm of protests from users of the photo-sharing social network’s proposed terms of service changes that could impact the privacy of its users.
Instagram users have some soul searching to do between now and Jan. 16 when new terms of service kick in that give the photo-sharing social network the right to sell personal photos without the user’s permission or compensating them.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
