Dennis Fisher and Ryan Naraine discuss the latest iPhone attack, the upcoming Patch Tuesday and the never-ending fallout from the Google attack.
Browsing Category: Malware
[img_assist|nid=3102|title=|desc=|link=none|align=right|width=100|height=100]Dennis Fisher talks with Paul Roberts of the 451 Group about the implications of the Aurora attack on Google and Adobe, the need for better understanding of advanced threats and what to expect at the RSA Conference.
From Black Hat DC: Sites
like Amazon offer affiliate programs that pay users for sending them
new customers. And now, malware authors, always quick to adopt tactics
that work elsewhere, have developed
their own affiliate program. Read the full article. [MIT Technology Review]
[img_assist|nid=3101|title=|desc=|link=none|align=right|width=100|height=100]Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.The browser add-ons, described my Mozilla as “experimental,” contained a Trojan horse that executed when Firefox started and infected the host computer.
[img_assist|nid=3097|title=|desc=|link=none|align=left|width=113|height=79]Michael Gough, an information security specialist and president of the Austin, Texas, chapter of ISSA, owner of the web site skypetips.com gave CSO his thoughts on Skype’s benefits and security challenges in the business environment. Read the full article. [CSO]
[img_assist|nid=3087|title=|desc=|link=none|align=left|width=100|height=100]Microsoft’s February batch of security patches will be a biggie — 13 bulletins with fixes for a whopping 26 vulnerabilities.
According to an advance notice from the Redmond, Wash. software
vendor, five of the 13 bulletins will be rated “critical” because of
the risk of remote code execution attacks.
Miami hacker, Edwin Andrew Pena, has admitted to a Federal New Jersey court that he pocketed more than $1m by selling
millions of minutes of voice over IP calls and surreptitiously routing
them through the networks of telecommunications companies. Read the full article. [The Register]
[img_assist|nid=3085|title=|desc=|link=none|align=left|width=100|height=100]Credit card numbers are so passe. Today’s hackers know the real powerhouse data to steal is emission certificates. That’s exactly what hackers went after last week when they obtained
unauthorized access to online accounts where companies maintain their
carbon credits. Read the full article. [Wired]
The world’s largest Internet search company and the world’s most
powerful electronic surveillance organization are teaming up in the
name of cybersecurity. Under an agreement that is still being finalized, the National
Security Agency would help Google analyze a major corporate espionage
attack that the firm said originated in China and targeted its computer
networks, according to cybersecurity experts familiar with the matter.
The objective is to better defend Google — and its users — from
future attack. Read the full article [Washington Post].
[img_assist|nid=3078|title=|desc=|link=none|align=left|width=100|height=100]By Jeremiah GrossmanThere are several security issues affecting all major Web browsers that
have remained unaddressed for years (probably because the bad guys
haven’t leveraged them aggressively enough, but the potential is
there). The problem is that the only known ways to fix these issues
(adequately) is to “break the Web” — i.e. negatively impact the
usability of a significant and unacceptable percentage of websites.
Doing so is a non-starter for any browser vendor looking to grow market
share. The choice is clear for most vendors: Be less secure and adopted, rather than secure and obscure. This is what the choice comes down to. This is a topic deserving of further exploration.