Upwards of 30 major U.S. banks and financial institutions have been given a reprieve. The hacker behind a coordinated attack against giants such as Bank of America, Chase, Citibank, PNC, Wells Fargo and nearly two dozen other banks has called off the operation after media reports surfaced a month ago exposing the planned attacks.
UPDATE – Skype engineers have repaired a newly reported vulnerability that would allow someone to abuse the platform’s password-reset mechanism to take over another account.
Microsoft released its monthly security updates today and put special urgency on a cumulative security update for Internet Explorer 9. Critical vulnerabilities were found in the way the browser handles objects in memory which could lead to an attacker remotely executing code. Victims would have to land on a website hosting an exploit, Microsoft said. The company said there are no public exploits for this vulnerability.
A new exploit has been found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw that’s been patched by Oracle in Java 7 Update 9.
No CFO thinks that his signature approving a purchase order for a new five-figure piece of hardware could ultimately cost his company seven-figures, or maybe force them to shut their doors forever. But that’s the reality many companies need to face when it comes to supply chain security and risk management. Core IT equipment used inside most American companies is likely to be purchased from an American vendor. But most of the gear is built overseas, likely in Asia, where little oversight is offered into its construction and shipping.
Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsoft’s on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8.
Ransomware pays. A lot. These extortion scams, in which infected computers are essentially locked down by malware and electronic payment is demanded for a supposed cure, can net the criminal behind the scam as much as $33,000 per day.
Adobe said today it has been in contact with the Russian security company Group-IB, which discovered a zero-day vulnerability in Adobe Reader and yesterday reported the existance of a pricey exploit circulating on the black market.
A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity theft to blackmail.
Gh0st RAT has a new roommate. A new backdoor called ADDNEW has been discovered on machines infected with the Gh0st remote access Trojan, adding new distributed denial of service attack capabilities, as well as a feature that targets passwords and credentials stored on the Firefox browser.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
