Spammy websites distributing adware as Java or other kinds of software updates are nothing new but researchers have recently noticed two sites pushing that malware to users through sites that leverage Google’s App Engine.
There are 25 fresh security patches in the newest version of Google Chrome, including fixes for a number of high-severity vulnerabilities. Chrome 29 also includes a number of performance enhancements.
An attacker, who may have gotten the information from the database of a third party, claims to have access to the OAuth login tokens and secrets for every Twitter user. He has posted more than 15,000 of the entries online and claims that he can now access the account of any user he wishes. Twitter officials, however, say no accounts have been compromised.
Old malware tricks never really die, they just get recycled and passed down to the next generation of attackers. The latest technique to get run through the wayback machine is the use of the right-to-left override character in Unicode, a tactic that enables malware authors to hide the real name of a malicious executable or, in a recent case, a registry key.
A member of Facebook’s security team acknowledged over the weekend that the group could’ve taken further steps to verify a vulnerability initially brought to their attention by an independent security researcher last week but that the company largely adhered to its bug disclosure policy.
Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week.
The Internet is a big thing. Or, more accurately, a big collection of things. Figuring out exactly how many things, and what vulnerabilities those things contain has always been a challenge for researchers, but a new tool released by a group from the University of Michigan that is capable of scanning the entire IPv4 address space in less than an hour.
Dennis Fisher talks with Rich Mogull of Securosis about his days as a teen wannabe hacker, his meandering path through Navy ROTC, software development, near miss with medical school, mountain rescues and his life as a security industry analyst.
Researchers have spotted a new version of the Jigsaw pen-testing tool which builds email lists used in spam and phishing campaigns from the Jigsaw business directory.
Dennis Fisher talks with Joe Grand of Grand Idea Studio about his current project, the JTAGulator, which helps hardware hackers find the OCD connections on devices. They also discuss Joe’s hardware-hacking background and the current resurgence of hardware research.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
