Various news outlets reported late Friday that Microsoft’s public cloud storage service suffered a global outage due to a lapsed security certificate.Beginning around 4 p.m. EST, developers and other Azure customers began being blocked from accessing files.
Google has fixed nine high-severity vulnerabilities in its Chrome browser, as well as a dozen other flaws with the release of Chrome 25. This release is one of the few for which the company did not pay out much in the way of bug bounties, only giving out $3,500.In Chrome 25 Google also disabled the MathML implementation in the browser, fixing what the company said is a serious security problem.
In the wake of high-profile compromises of companies such as Facebook, the New York Times, Apple and others, officials at Zendesk, an online customer support provider, said that the company also had been compromised and the attackers had made off with the email addresses of customers of Twitter, Tumblr and Pinterest, all of which use Zendesk’s services.
Another day, another media company hacked. This time it’s NBC which has fallen to victim hackers on the heels of compromises of the New York Times and Wall Street Journal websites. Various experts have confirmed that NBC’s website is compromised and leading visitors to the dangerous Citadel banking Trojan. The site is reportedly hosting an iframe that is redirecting visitors to sites hosting the RedKit Exploit Kit which is serving up the Citadel malware.
People looking to download and read the Mandiant report on Chinese government attacks on U.S. infrastructure should look carefully at the name of the file before opening it. Researchers say that there are at least two different spear-phishing attacks going on right now that are using rigged copies of the China APT1 report as lures.
Representative Ed Markey (D-MA) is urging the Chairman of the House Committee on Energy and Commerce, Fred Upton (R-MI), to take immediate action toward passing the Grid Reliability and Infrastructure Defense (GRID) Act, which Markey calls a bipartisan bill aimed at hardening the nation’s electrical grid and critical infrastructure against cyberattacks.
Plenty has been written this month about attack attribution, but, really, if your network is under siege, how often does the “who” matter as much as the “how,” “what,” and “where”? It seems that knowing who the actor is behind a network intrusion matters little to a bank, restaurant or retail chain. You just want them off your gear, and you want your stuff put back where it belongs.
A study released Wednesday shows one in four consumers who receive a data breach letter become the victim of identity fraud. That statistic represented 12.6 million victims last year — one million more than the year before, according to the 2013 Identity Fraud Report released by Javelin Strategy & Research.
An enterprising cybercriminal has opened an underground shop that peddles access to American PayPal accounts which are then accessible through an anonymous proxy service.
Adobe today released a patch for two vulnerabilities being exploited in the wild that enabled attackers to pull off the first confirmed sandbox escape against Adobe Reader.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
