A researcher at Black Hat USA next month plans
to give away a homemade tool that helps organizations glean intelligence about the attacker behind the malware that includes information about native tongue, geographic location, and
ties to other attacks. Read the full article. [Dark Reading]
Operating and planting an ATM skimmer can be a risky venture, because the crooks have to return to the
scene of the crime to retrieve their skimmers along with the purloined
data. Some criminals are now using ATM skimmers that
eliminate much of that risk by relaying the information via text
message. Read the full article. [KrebsonSecurity]
Two prominent privacy-rights organizations, the Tor Project and the Electronic Frontier Foundation, have launched a new Firefox extension that encrypts all of the browser’s communications with some prominent Web sites.
Banks in Russia and Ukraine are under continued siege by criminal gangs
wielding a sophisticated, next-generation exploitation kit that hacks
the financial institutions’ authentication system and then hits it with a
denial-of-service attack. Read the full article. [The Register]
The dream of bolting security onto the Internet’s Domain Name System
takes one step closer to reality as Internet
policymakers hosted a ceremony in northern Virginia to generate and
store the first cryptographic key that will be used to secure
the Internet’s root zone. Read the full article. [Network World]
Researchers looking into the security of GSM phone networks are
suggesting that the recent breach, which saw tens of thousands of e-mail
addresses and ICC-IDs inadvertantly disclosed AT&T, could have far more significant implications
than a bit of extra spam: attackers can use the information to learn
the names and phone numbers of the leaked users, and can even track
their position. Read the full article. [Ars Technica]
Keystroke-logging computer viruses let crooks steal your passwords, and
sometimes even read your e-mails and online chats. Recently, however,
anonymous criminals have added insult to injury, releasing a keylogger
that publishes stolen information for all the world to see at online
notepad sharing sites such as pastebin.com. Read the full article. [KrebsonSecurity]
Researchers have released software that exposes private information and
executes arbitrary code on sensitive websites by exploiting weaknesses
in the widely used web development technology JavaServer Faces. Read the full article. [The Register]
A researcher was able to gain unfettered access to
his iPhone 3GS from Ubuntu 10.04. If he connected the device whilst it
was turned off and then turned it on, Ubuntu auto-mounted the file
system and was able to access several folders despite never having
previously been connected to the iPhone. Read the full article. [The H Security]
An unusual legal dispute between a Texas bank and a business customer
over the online theft of more than $800,000 from the latter’s account at
the bank has been quietly settled. Read the full article. [Computerworld]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
