The main Web site of MySql.com has been compromised and on Monday afternoon was serving malware to visitors for a short time through the use of JavaScript redirects. The site, which is owned by Oracle, was sending victims off to a remote site that is using the BlackHole exploit kit to install malware on their machines.
Dennis Fisher talks with Mark Russinovich of Microsoft about his novel Zero Day, the idea of a coordinated cyber attack by terrorists and the difficulty of writing a technical novel for a mainstream audience.
The revelation last week that researchers Thai Duong and Juliano Rizzo had developed a new attack on SSL that gives them the ability to decrypt some protected sessions on the fly sparked a lot of discussions about the inherent problems of the protocol and whether it has outlived its usefulness. But it’s not just SSL that’s the problem; it’s the slow accumulation of security problems in the key protocols and systems on which the Internet–and much of our world–rely that has become the real issue.
Adobe said on Friday that its products would soon reject certificates issued by the disgraced Dutch certificate authority DigiNotar following the Dutch government’s decision, Friday, to revoke DigiNotar PKIoverheid CA certificates used by government agencies on September 28.
The FBI continued its pursuit of members of the hacking group LulzSec on Thursday, arresting a 23 year old Phoenix, Arizona man believed to be part of an online hacking crew that attacked systems belonging to Sony Pictures, the Bureau said in a statement Thursday.
Malware that targets Mac OS X isn’t anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that’s been in favor among Windows malware authors for several years now.
With the release of the BEAST SSL attack research due tomorrow, researchers are beginning to take note of potential fixes and mitigations for the attack. One of the possibilities is moving to newer versions of TLS that are not vulnerable to the attack, but the problem is that there is precious little adoption of those newer versions.
Following the success of the Firesheep application, a new Android application called DroidSheep allows users to hijack Web sessions of popular online services over insecure Wifi connections.
Adobe is pushing out an emergency security bulletin today in concert with a Google Chrome update to address six critical vulnerabilities in versions of its Flash Player, the company said in an email statement.
SAN FRANCISCO–It’s no secret that attackers have made Adobe’s products key targets for the last couple of years, routinely going after bugs in Reader, Flash and Acrobat in targeted attacks and widespread campaigns alike. But it’s not just the rank-and-file bad guys who are making Adobe a priority; it’s more often nation-states, the company’s top security official said.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
