Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release.
There are a lot of things that the United States is no longer so good at doing: eating vegetables or winning major marathons, for example. But one thing that the U.S. still does really well is provide comfortable hosting platforms for phishing sites. In fact, about 60 percent of all phishing sites are hosted in the U.S., and no other country had more than seven percent, according to a new report.
Dealers–Twitter scammers who create fake profiles on the social media site and sell their sets of followers–are adapting their workflow just enough to stay under the social media site’s radar, according to security firm Barracuda Labs, who recently wrapped up a 75 day study analyzing the buying and selling of Twitter followers.
The Java CVE-2012-1723 vulnerability is suddenly the golden child of bugs. The flaw, which Oracle patched in June, has been the target of several pieces of malware and Web-based attacks of late, and now researchers say there is a phishing scam targeting payroll and HR employees that involves and exploit for the Java bug, as well.
SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a breach of 450,000 usernames and passwords. In this video, Ryan O’Boyle of Veracode discusses the nature of SQL injection attacks and how to defend against them.
Internet search conglomerate Yahoo is being sued by one of its users for negligence after the usernames and passwords of approximately 450,000 of its users were leaked by a hacker online last month.
It’s been nearly two months since Oracle patched the CVE-2012-1723 Java vulnerability, a serious remote pre-authentication flaw that’s present in the Java Runtime Environment. It’s taken a little time, but the attacker community has decided that this bug deserves some serious attention, and as a result, attacks trying to exploit it have ramped up significantly in recent weeks.
For the last few weeks there have been a series of quite authentic-looking phishing emails making the rounds, purporting to come from AT&T and informing the recipient that their bill is ready to view. The emails look nearly identical to a real bill and researchers say that users who fall for the ruse are going to be rewarded with a redirection to a site hosting the Blackhole exploit kit.
On average, there were almost five fraudulent phone calls every minute earlier this year according to a report released today from security firm Pindrop Security. The Atlanta-based company found phone fraud was up 29 percent January to June this year from the last half of 2011 after it analyzed 1.3 million different instances as part of its 2012 State of Phone Fraud Report.
There are new versions of the Opera browser available, a small update to version 12.01, but they include a number of important security fixes, notably a patch for a vulnerability that could lead to remote code execution.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
