The U.S.’s Cyber Command is using special, classified briefings with private sector CEOs to scare them into greater vigilance about the threat of cyber attacks, according to an NPR report.
For the second time in less than a week, the developers of PHP have released new versions of the language that include a fix for the remotely exploitable vulnerability that was disclosed last week. The group is encouraging users to upgrade to PHP 5.4.3 or 5.3.13 immediately.
Adobe has released patches for a series of vulnerabilities in its product line, including Photoshop, Illustrator, Flash Professional and Shockwave. Several of the vulnerabilities can be used to take complete control of affected machines.
In an attempt to clear the cybersecurity air, the United States and the People’s Republic of China agreed Monday to work in tandem to prevent future cyber threats. Meeting at the Pentagon, Defense Secretary Leon Panetta and General Liang Guanglie, China’s Minister of National Defense, insisted the two nations should be seen as equals and according to Guanglie, “build a new state-to-state relationship that’s not a stereotype of two major powers predestined for conflict.”
The PHP Group on Tuesday is planning to release another new version of the scripting language that’s designed to address, again, the remotely exploitable flaw that came to light last week. That bug, which requires no authentication, was supposed to have been fixed in new releases pushed out on May 3, but they didn’t completely address the problem.
Dennis Fisher, editor-in-chief, and his guests, Josh Shaul and Jack Daniel, candidly discuss end-user security, where breaches occur and how organizations can fix these problems without causing havoc to their enterprise networks.
Adobe has released a patch for a serious Flash vulnerability that is being used in targeted attacks right now. The updates fix the vulnerability in Windows, Mac, Linux and Android systems.
UPDATE–The developers of PHP have released new versions of the scripting language to fix a remotely exploitable vulnerability announced earlier this week that enables an attacker to pass command-line arguments to the PHP binary. The flaw has been in the code for more than eight years and The PHP Group was working on a patch for it when the bug was disclosed accidentally on Reddit. However, the team that found the bug says the new versions of PHP don’t actually fix the vulnerability.
UPDATE: More than 1,000 Wordpress blogs are currently being infected by a form of malware that has ‘piggybacked’ its way onto the blogging platform using the Wordpress automatic update function, a security researcher has discovered.
The developers at the Tor Project are warning users about a serious flaw in Firefox that’s included the latest version of the Tor Browser Bundle that could enable an attacker to gather information about the servers a victim is using, poking a hole in the privacy and anonymity that Tor is designed to provide.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
