T[img_assist|nid=3395|title=|desc=|link=none|align=right|width=100|height=100]he Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer (p2p) file sharing networks. The FTC put nearly 100 companies and agencies on notice that their employees appear to be regularly leaking large amounts of sensitive customer and employee data on popular peer-to-peer, or P2P, file-sharing networks. Read the full story [The Last Watchdog]
Browsing Category: Vulnerabilities
[img_assist|nid=3380|title=|desc=|link=none|align=left|width=100|height=100]Researchers are preparing to release a free tool to stop
“drive-by” downloads: Internet attacks in which the mere act of
visiting a Web site results in the surreptitious installation of
malicious software. The new tool, called BLADE (Block All Drive-By
Download Exploits), stops downloads that are initiated without the
user’s consent. Read the full article. [Technology Review]
[img_assist|nid=3371|title=|desc=|link=none|align=left|width=100|height=100]Twitter users were hit by potent phishing attacks over the weekend that have already led to spam runs from compromised accounts. Read the full article. [The Register]
[img_assist|nid=3370|title=|desc=|link=none|align=right|width=100|height=100]Mainstream attention to Operation Aurora and the Kneber (Zeus) botnet are welcome. It underscores how the Internet underground has advanced to the point where a plethora of
powerful hacking tools and services is readily available to novice
hackers and elite crime gangs alike – with prices to fit every
budget. Read the full article. [The Last Watchdog]
By Atif Mushaq, FireEye
Man in the Browser a.k.a MITB is a new
breed of attacks whose primary objective is to spy on browser sessions
(mostly banking) and in that process intercept and modify the web page
contents transparently in the background. In a classic MITB attack, it’s very likely that what the user is seeing on his/her browser
window is not something which the actual server sent. Similarly, what
the server sees on the other end might not be what user was intending to
[img_assist|nid=3363|title=|desc=|link=none|align=right|width=100|height=100]The Cloud Security Alliance (CSA) and IEEE are joining forces to ensure
that best practices and standards are developed and available to
provide security assurance for cloud computing.
As a result of this collaboration, CSA and IEEE have been conducting a
survey to identify and define the most critical security concerns
surrounding enterprise cloud computing. Read the full article. [Help Net Security]
[img_assist|nid=3364|title=|desc=|link=none|align=left|width=100|height=100]Czech security experts say they have uncovered
a global botnet that may be redirecting Web surfers to other sites for
the purpose of stealing their data.
The botnet’s creators have dubbed the network “Chuck Norris” after the famous Hollywood actor and martial arts expert. Read the full article. [Dark Reading]
[img_assist|nid=3357|title=|desc=|link=none|align=right|width=100|height=91]A Russian security researcher on Thursday said he has released attack
code that exploits a critical vulnerability in the latest version of
Mozilla’s Firefox browser. Read the full article [The Register].
[img_assist|nid=3353|title=|desc=|link=none|align=left|width=100|height=100]Guest editorial by Aviv Raff
all know what happens when a software vendor downplays the severity of
a security vulnerability. It usually comes back to haunt them, when the
vulnerability is eventually discovered by the bad guys and used to
exploit innocent computer users.
Microsoft, Apple and even Mozilla have all been guilty of this in the past. Lately (and sadly), Adobe has joined this train.
How did the Kneber botnet manage to stay beneath the radar? Who’s behind it?
Is it an isolated underground project, or a part of the malicious
portfolio of a cybercrime organization diversifying on multiple fronts
within the underground marketplace? Read the full article. [ZDNet]