The security firm Alienvault reports that its own research on phishing attacks against non governmental organizations supporting the Tibetan Government in Exile is now being used as bait in a new round of phishing attacks on those same NGOs.
The Electronic Frontier Foundation (EFF) warned this week that political activists in Iran and Syrai are being targeted in malware attacks disgiosed as Adobe Flash Player updates on Youtube.
There is a confirmed legitimate working exploit for the MS12-020 RDP vulnerability in Windows circulating already and researchers say it is capable of either crashing or causing a denial-of-service condition on vulnerable machines. Microsoft has warned customers about the possibility of the exploit surfacing quickly and advised them to patch the flaw immediately. The researcher who discovered the vulnerability said that the packet he included in his original advisory was found in the exploit, raising the specter of a data leak somewhere in the pipeline.
Dennis Fisher talks with Ryan Naraine about whether exploit mitigations such as ASLR and DEP really make any difference in preventing browser attacks and the seriousness of the MS12-020 RDP vulnerability that was patched during March’s Patch Tuesday release.
Microsoft said that it has not seen any evidence that hackers have figured out a way to take advantage of a critical vulnerability in the Windows Remote Desktop Protocol (RDP) that the company disclosed and patched on Tuesday. The statement comes in the wake of unconfirmed reports of working exploits for the RDP hole circulating online on Thursday.
As a follow-up to its usual Patch Tuesday release this week, officials at Microsoft are warning users that an exploit against the recently disclosed Remote Desktop Protocol (RDP) vulnerability for Windows is likely to come in the next 30 days.According to a supplementary entry on its Security Research & Defense blog, Microsoft claims the “attractiveness” of the RDP vulnerability may make it especially appealing to hackers.
Mozilla has released Firefox 11 and acknowledged that the security vulnerability that a pair of researchers used in the Pwn2Own contest last week was one that the company already was aware of and working on repairing.
Microsoft rolled out six patches addressing seven vulnerabilities on Tuesday, including a critical hole in Windows’ Remote Desktop Protocol (RDP) – the same component exploited by the Morto worm in August.
VANCOUVER–If there’s one thing that emerged from all of the craziness that was CanSecWest, Pwn2Own and Pwnium, it’s that life is becoming more difficult for researchers and attackers looking to exploit modern browsers. It’s not impossible, of course, but it’s certainly not the warm-up exercise that it was four or five years ago.
VIEW SLIDESHOW: Weird Science: 10 Forms of Biometric Authentication In the past twenty years, we’ve gone from using amber-tinted dumb terminals connected to refrigerator-sized mainframe computers to sleek tablet computers and smart phones tucked into our pockets. Despite those changes, one technology has stubbornly persisted: passwords. Indeed, the explosion in computing devices and Web-based services has made us more dependent on passwords than ever.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
