Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies.
Microsoft has reversed course and said it will patch a serious Adobe Flash vulnerability in Windows 8 and Internet Explorer 10 before the new Microsoft OS ships Oct. 26. Microsoft had previously said it would wait until after the ship date to update Flash, which is integrated into the browser.
A flaw in the EMV protocol which lays out the rules for chip-and-PIN card transactions at ATMs and point-of-sale terminals could enable persistent attackers to carry out bogus card transactions.
With the release event for Apple’s newest iPhone model going on, quite literally, as I type, it comes as no surprise that scammers are exploiting the vast anticipation for the iPhone 5.
The University of Miami Hospital (UMH) has begun to notify patients for the second time this year that some of their personal information may be at risk after the health care institution was hit with a data breach in July. According to a letter being sent to patients this month, two employees at the hospital were found “inappropriately accessing” patients’ “face sheets,” documents that give doctors a quick glance at patients’ information.
The developer behind the notorious Black Hole exploit kit has released a new version of the software, adding in several new features designed to prevent security researchers from getting access to new exploits or reverse-engineering the kit’s inner workings. Conveniently, the pricing for Black Hole has stayed the same, so hackers get more value for the same amount of money.
The CEO of Go Daddy said Tuesday internal issues, not a denial of service attack, left millions of hosted sites offline for several hours yesterday.
In a statement, interim chief executive Scott Wagner said an internal investigation into the outage concluded no outside attack took place.
Symantec is warning Android users of a new malicious application posing as a famous Anime character that steals personal contact information stored on the device and sends it to a third party.
The Microsoft security team shipped just two bulletins – resolving as many holes – in the September, 2012 edition of Patch Tuesday.The patches will supply fixes for two ‘important’ rated bugs, one in Microsoft Developer Tools and the other in Micrososft Server Software. If unpatched, both could lead to elevation of privileges.
When David Schuetz woke up last Friday, little did he think he’d be a central figure in clearing the FBI’s good name, much less end up on the NBC Nightly News, but that’s exactly what happened.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
