CANCUN–The skill of attackers, combined with the difficulty and cost of finding and fixing vulnerabilities in software–especially after deployment–has reached the point that it’s now more effective and efficient for vendors to concentrate on making life more difficult for those attackers looking to exploit bugs.
Apple has released a massive set of patches for a wide range of security vulnerabilities in a number of its products and components, including OSX Lion and QuickTime. The patches, which are rolled up in OS X 10.7.3, fix a slew of serious bugs, many of which can be used to execute remote code on vulnerable machines.
Threatpost’s exclusive interview with Ralph Langner continues, as our conversation shifts from the legacy of the Stuxnet worm to larger issues facing the critical infrastructure sector including mounting attacks, tensions between vendors and security researchers over responsible disclosure, and what’s needed to secure critical infrastructure and industrial control systems.
A new report finds that the ‘bad guys’ are winning, and that most nations are ill-prepared for crippling cyber attacks.
Gamma ray scanners? Night vision cameras? bomb-proof manhole covers? G-Men? It must be Super Bowl time again, and Marion County, Indiana says that they’ve gone where no other municipality has gone before: a permanent, $18 million regional operation center (yes – ROC) that will manage security at the Big Game.
Researchers at the security firm M86 report that hackers have compromised hundreds of Web sites that use the Wordpress content management system. The sites, mostly small Web pages and blogs, are being used to fool spam filters and redirect unwitting visitors to drive by download Websites that will install malicious software on vulnerable systems.
Ralph Langner is the closest thing to a rock star that you get in the Dockers and pocket-protector world of industrial control systems. The German researcher made headlines in 2010 as among the first security experts to analyze parts of the Stuxnet worm’s code devoted to manipulating programmable logic controllers by Siemens, and the first to explicitly link the Stuxnet malware with an effort to disable Iran’s uranium enrichment operation.
VIEW SLIDESHOW Scenes from S4 2012S4 is a conference hosted by Digital Bond, a security consulting firm based in Sunrise, Florida. Now in its fifth year, the S4 draws some of the world’s top experts in securing industrial control systems to sunny Miami Beach to discuss the state of the art.
Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a small possibility of exploitation by attackers.
Google has fixed several serious vulnerabilities in its Chrome browser, including a critical use-after-free flaw in the Safe Browsing navigation. The company paid out its highest bug bounty of $3133.70 for that bug.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
