Now that word is out on a serious password bug in the ubiquitous UPEK Protector Suite fingerprint readers found in most new laptops today, Apple-owned Authentec surely will be able to fix the issue on the double. Not so fast, says one of the researchers looking at the problem.
Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry.
For the second time this year, an anonymous teenage security researcher has succeeded in producing a full exploit, including a sandbox escape, against Google Chrome. The researcher, who uses the pseudonym PinkiePie, submitted his exploit Wednesday during the Pwnium contest run by Google at the Hack in the Box conference.
Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability. In all, 20 vulnerabilities were repaired by Microsoft, which also issued an advisory regarding poorly generated digital certificates that have to be replaced and the distribution of an automated mechanism that will check for certificate key lengths and revoke any shorter than 1024 bits.
Adobe earlier today issued a security update for its Flash Player to seal serious security vulnerabilities that could crash and possibly allow remote control of machines with the popular media software installed.Microsoft also issued a security advisory for similar vulnerabilities that could impact users of Internet Explorer 10 as well as all supported editions of Windows 8 and Windows Server 2012.
A flurry of fake, ad-laden Angry Birds lookalike games have flooded the Google Chrome Web store of late. The online marketplace where Google sells extensions and games for its Chrome browser has seen an influx of games mimicking “Bad Piggies,” a new game Rovio Entertainment recently released that puts a twist on its ubiquitous Angry Birds game.
A number of Wordpress themes being distributed by the developer Parallelus are vulnerable to cross-site scripting (XSS) attacks, reports said.
By Fabio AssoliniThis is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems.
The phrase “you’re doing it wrong” is a common refrain in the security community these days as people wander around in various states of disillusionment with the technology and processes that have led to what many perceive as a systemic failure. But that refrain usually is not followed by any useful discussion of what’s going wrong or what can be done about it. To researcher Claudio Guarnieri, one of the major problems is obvious: we’re completely backward in the way we prioritize protection.
Cisco has released nine security advisories for various products, including eight for its ubiquitous IOS operating system. Many of the vulnerabilities fixed in the patch release are denial-of-service flaws and none of them can give an attacker the ability to run code remotely on affected machines.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
