SAN FRANCISCO – Companies that are hoping to catch a ride on the mobile wave should pay close attention to the application development firms they choose to work with, unless they want to be saddled with a buggy and insecure albatross bearing their corporate logo, a leading application security expert warns.
A new attack against online banking customers uses a malware platform to trick its victims into verifying bogus transactions.The attack, first described by Trusteer CTO Amit Klein, waits for an unsuspecting business banking customer to log online before telling them that “security checks” need to be performed.
Right on cue this week, the anarchic hacking collective Anonymous stepped up and grabbed the story line away from the lions of the IT security industry.With the annual RSA Conference set to begin, the whistle blowing site Wikileaks released the first of some five million e-mail messages stolen from the security intelligence firm Stratfor. Ever sensitive to the fickle attention of the media, Anonymous inserted itself into the story, claiming responsibility for leaking the data and pointing a finger of blame at Stratfor and its media, private and public sector customers, which Anonymous accuses of spying and other dark offenses.
The whistle-blower Web site Wikileaks has published what it claims are the first of millions of internal e-mails taken from the Texas based strategic intelligence firm Stratfor.
When Ralph Langner, an independent security researcher, presented his analysis of specialized code used by the Stuxnet worm to an audience of his peers at the S4 Conference in Miami last month, it was a chance to get down in the weeks with one of the world’s top experts on Stuxnet and threats to industrial control system.
A passcode flaw in Apple’s iOS 5 could allow unauthorized access to an iPhone user’s contacts list, recent calls, voicemail, text messages and more, according to a recent blog post from CultofMac.com.
Researchers are warning about a flaw in the Domain Name System (DNS) that could allow attackers to keep a malicious domain alive and accessible, despite efforts to remove it.
Just a few days after releasing a fairly large set of patches for its Chrome browser, Google has pushed out another update, fixing 13 vulnerabilities, more than half of them being high-severity bugs.
One day after the company released its monthly patch update, Adobe was out again with an emergency update to its Flash Player software, fixing seven holes, six that could lead to remote code execution and one that’s already being exploited in the wild.
If all of the noise about weak RSA keys and compromised cryptosystems in the last few days has done anything, it’s to confirm what many in the cryptography community have known for quite a long time: When it comes to implementing cryptosystems, there are a whole lot of people doing it wrong. However, experts say the new research showing large numbers of repeated and weak crypto keys is a good reminder of not only how hard it is to get this stuff right, but also how many different ways it can go wrong.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
