Ang Cui’s “Funtenna” is just the latest eye-opener into the security of embedded networked devices such as printers, VoIP phones, routers and other core, connected infrastructure.
Network-enabled devices such as routers and printers are notoriously insecure and fully exploitable gateways leading attackers toward network resources. A researcher and PhD student at Columbia University recently added VoIP phones to the list of pressing concerns.
Computer systems in Iran are being targeted by a new strain of malware that is capable of wiping disk partitions clean of files. Security researchers are calling the attacks simplistic, yet effective.Researchers at Kaspersky Lab said the malware launches only on pre-determined dates and will delete all files on drives D through I. It also deletes user profiles and will wipe all files on the computer’s desktop.
Finding keen new ways to avoid detection by security systems, malware scanners in particular, seems to be a primary objective for malware writers.Researchers at FireEye have found one of the most ingenious, a Trojan called Upclicker that eludes automated sandbox detection by hooking into a mouse click.
You can say one thing for the underground malware distribution market, there’s certainly never a lack of drama. Weeks after the banning of Aquabox, the keeper of the Citadel banking Trojan, from an underground forum, another player has popped up to fill the market gap, this time with a new version of the Carberp Trojan.
UPDATE — The group that claimed responsibility for large-scale distributed denial-of-service attacks against major U.S. banks in September and October has carried out another flurry of attacks that are still ongoing today.
PayPal patched a zero-day vulnerability this week in its core content management system. Researchers at Vulnerability Laboratory in Germany reported the flaw in June and withheld disclosure of the details until this week when PayPal released a fix.Benjamin Kunz Mejri, a frequent PayPal bug hunter, said his team discovered a persistent input validation vulnerability in the address book module’s search function that would allow an attacker to remotely inject malicious script on the application side.
Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform.
Facebook’s security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions.
A rare critical Microsoft Word vulnerability was patched today by Microsoft, one of seven security updates pushed out repairing 11 flaws in its December security update.The Word vulnerability earned a critical rating because the Outlook email client uses Word to display documents in the Outlook preview pane and therefore removes the need for user interaction to trigger an exploit.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
