Less than a day after reports began surfacing that the Flashback trojan was hitting Mac OS X machines, Apple today released a fix to stop the latest variant of the password-stealing malware. The update closes numerous vulnerabilities in Java 1.6.0_29, including a serious hole that allowed an untrusted Java applet to help spread the malicious code.
Microsoft is looking into a potential security issue affecting its Xbox 360 video game console this week after a group of college students claimed they were able to extract the credit card information of a console’s previous owner from the machine.
Dennis Fisher talks with Dan Guido, security researcher and CEO of Trail of Bits, about the new company’s plan to help enterprises defend against targeted attacks, the way that attackers think and the value of exploits versus vulnerabilities. They also discuss a new initiative to help share security knowledge more broadly in the community.
Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that’s being actively exploited. The decision to add these vulnerable versions of Java to the browser’s blocklist is designed to protect users who may not be aware of the flaw and attacks.
Call it a “rocky start”: U.S. Ambassador to Russia Michael McFaul used his Twitter account to lash out at domestic news operation NTV, which he accused of hacking his e-mail account and cell phone in order to follow the Ambassador about town. The accusation has prompted a sharp response from critics in Russia.
The Federal Trade Commission announced on Tuesday that it had reached a settlement with RockYou over violations of the Children’s Online Privacy Protection Act (COPPA) after the Web site allowed hackers to gain access to the personal information of its 32 million members.
The Electronic Frontier Foundation (EFF) is sounding alarms about a collection of overly vague cyber-security bills making their way through Congress.
Spam volume is down, there are fewer unpatched software holes and oftware application developers did a better job of writing secure code over the last year. But IBM’s X-Force Trend and Risk Report still found plenty to worry about in 2011, according to a copy of the report released this week.
Google has fixed nine new vulnerabilities in its Chrome browser, including six high-risk flaws. The most serious of the bugs include three separate use-after-free vulnerabilities in various parts of the browser.
It can be hard to parse the results of the Verizon Data Breach Investigation Report (DBIR), what with the shifts from year to year in the sources of breach data collected. Last year’s report, if you recall, found a stunning drop in incidents of data theft in 2010, even as tracking sites like Datalossdb.org reported no noticeable change that year.Frankly, it’s hard to read the DBIR and not have the term “sample bias” float into your head time and again. But the DBIR report has always been a good way to understand the security Zeitgeist, and this year’s report is no different, with more normal-seeming results and a focus on the actions of ideologically motivated hacking groups which, Verizon claims, were linked to 58% of all the data stolen from customers in 2011.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
