We were warned. Over and over again. Not just by privacy advocates and by security experts and by civil liberties organizations and by the guy on the corner in the tin foil hat shouting about the government intercepting his brain waves. We were warned by some of the very people charged with overseeing the administration’s efforts to expand its domestic intelligence gathering capabilities. We were warned by politicians.
DNS servers running BIND 9 should upgrade the latest version of the software after an Internet Systems Consortium advisory warned a remotely exploitable vulnerability had been publicly disclosed.
Security experts are lukewarm on Oracle’s security plans for the Java browser plug-in, largely because they don’t address code innate to the platform’s security sandbox which has been bypassed in a number of attacks.
The predominant narrative among U.S. officials and cybersecurity experts is that Chinese hackers, allegedly at the behest of their government, are thoroughly compromising the computer networks of American government, defense, and public sector organizations in order to steal any valuable data found within them on a daily basis. What you don’t hear so often, though we’d be remiss to ignore it and you’d be a fool not to believe it, is that the U.S. is doing the same exact thing to China.
Google released a stable channel update for its Chrome browser yesterday, resolving 12 vulnerabilities, one of which one was considered ‘critical’, Google’s most severe rating, ten of which received second most severe ‘high’ ratings, and one receiving a third-in-line ‘medium’ rating.
More than 18 months after a security researcher revealed a long list of vulnerabilities in its SCADA products, Schneider Electric has released patches for a subset of those bugs for a couple of the affected products.
Apple has updated both OS X and its Safari browser, fixing a pile of security vulnerabilities, many of which can be used for remote code execution. The release of OS X Mountain Lion 10.8.4 includes patches for more than 30 bugs, most notably a set of fixes for vulnerabilities in Ruby, some of which are being exploited at this point.
A previously reported attack against Fidelity National Information Services (FIS) two years ago was actually much more widespread than initially reported according to a document released to banks from the FDIC late last month and recently uncovered.
Researchers say the prevalence of peer-to-peer botnets has grown fivefold during the past 12 months with virulent malware such as ZeroAccess leading the way.
WASHINGTON–The topic of critical infrastructure security may be the prettiest girl at the dance right now for both politicians and technology companies, but the problem of attackers going after these targets is one that security people have been dealing with for some time. But that doesn’t mean they have a good handle on it or clear solution for the problem. In fact, there are still a number of old obstacles standing in the way of addressing the issue.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
