Cisco Systems released fixes for 15 vulnerabilities in three of its major product lines on Wednesday, including two different security appliances. The vulnerabilities would either allow an attacker to remotely execute code on a compromised machine, or execute a denial-of-service attack. Cisco said it is not aware of public exploits for any of the vulnerabilities.
Now that word is out on a serious password bug in the ubiquitous UPEK Protector Suite fingerprint readers found in most new laptops today, Apple-owned Authentec surely will be able to fix the issue on the double. Not so fast, says one of the researchers looking at the problem.
A security breach initially believed contained to about 50 employee records now appears to involve almost 300,000 students, faculty and employees at a Florida college.Officials at Northwest Florida State College in Niceville today confirmed a massive data breach and hundreds of thousands of stolen records that include names, birth dates and Social Security numbers.
It was only a matter of time before the inevitable wave of malicious, election-tinged spam began to rain down upon internet users. In the wake of last week’s presidential debate between President Barack Obama and Republican nominee Mitt Romney, it appears the floodgates have opened.
Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry.
It can happen to anyone…and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but the second time a close friend of mine was kidnapped. And it turns out that our work in tackling cybercrime can also be useful to catch criminals who seem to have little connection with high-tech wrong-doing.
For the second time this year, an anonymous teenage security researcher has succeeded in producing a full exploit, including a sandbox escape, against Google Chrome. The researcher, who uses the pseudonym PinkiePie, submitted his exploit Wednesday during the Pwnium contest run by Google at the Hack in the Box conference.
Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability. In all, 20 vulnerabilities were repaired by Microsoft, which also issued an advisory regarding poorly generated digital certificates that have to be replaced and the distribution of an automated mechanism that will check for certificate key lengths and revoke any shorter than 1024 bits.
From July to September this year, there’s been an uptick in Zitmo (or Zeus-in-the-Mobile) mobile banking malware according to research revealed this week by network security firm FortiGuard Labs.
Less than a month after the Nitol botnet takedown, Microsoft has released data casting more scrutiny of supply chain security. In its latest Security Intelligence Report (SIR) for the first half of 2012, Microsoft has connected the most prevalent malware families involved in supply chain compromises, including malicious add-ons pre-installed on PCs by manufacturers, as well as pirated software available on peer-to-peer networks, and music and movie downloads.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
