Security researcher Michal Zalewski has released a new version of a passive fingerprinting tool called P0f that has the ability to diagnose a wide range of components in an Internet connection, even uncovering clients that are trying to forge some part of their identity in the connection.
Browsing Category: Social Engineering
Tracking the increasingly common use of PC games as an infection vector, researchers at the Microsoft Malware Protection Center (MMPC) discovered a couple of malicious programs making the rounds on torrent and file sharing sites.
The FBI issued a warning late last week about ‘Gameover,’ a variant of the Zeus malware that can steal usernames and passwords. The malware is being propagated through spam e-mails purporting to come from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank and the Federal Deposit Insurance Corporation (FDIC).
The Ramnit worm, which was first detected more than 18 months ago, has continued to evolve and now has spawned a version that is targeting victims’ Facebook credentials, and with great success. Researchers at Seculert in Israel have found a variant of Ramnit that is stealing those credentials and then trying to compromise other accounts belonging to the victims, including VPNs, email and other sensitive accounts.
A researcher at Kaspersky Lab is warning of a new scam that pastes racy photos to victims’ Facebook pages while forcing them to view Web-based advertisements promoted by the scammers.
Shari Lawrence Pfleeger wrote the book on cyber security – or should we say “books.” The longtime researcher and expert has authored numerous textbooks on everything from software engineering, to the application of metrics in software development, to computer security. The head of research for the Institute for Information Infrastructure Protection (I3P) at Dartmouth College, Pfleeger says that many of the biggest challenges facing organizations in the realm of cyber security are social, and not technological.
VIEW SLIDESHOW Five Security Predictions for 2012What will 2012 bring? We can’t know for sure. Recent years have taught us that, when it comes to computer security, one should expect to be surprised.
Amnesty International’s United Kingdom website was compromised late last week and was being used to exploit a known Java runtime environment hole on machines belonging to unwitting visitors to the site, according to Barracuda Labs researcher, Paul Royal.
Call it a new twist on Facebook “Like” jacking. Researchers at the firm Zscaler say that scammers are embedding Facebook “Like” widgets from top ranked Web brands and in Web pages used to promote online scams or distribute malware. The widgets make it appear as if tens- or hundreds of thousands of Facebook users ‘like’ the scam Web site.
VIEW SLIDESHOW Threatpost Top Security News Stories of 2011We’ve compiled our list of the Top Security Stories of 2011, presented here in no particular order. These are the issues that shook the world’s markets and kept us awake at night.