Attackers behind March’s RSA SecurID attack apparently used the same method to try to infiltrate two U.S. national security organizations according to data recently made public by file checking site VirusTotal.
Microsoft plans on issuing just five bulletins in the September edition of Patch Tuesday. The patch, set to come out September 14, will address vulnerabilities in Microsoft Windows, Office, and Server Software.
Software giant Adobe said on Thursday that it was removing Diginotar’s Qualified CA certificate from the Adobe Approved Trust List (AATL), according to a company blog post.
Apple is keeping mum about when – or if – it will blacklist SSL certificates more than a week after other browser makers moved to break trust with the disgraced Dutch certificate authority DigiNotar.
In the wake of this weekend’s revelations of the seriousness of the attack on certificate authority DigiNotar, security experts have renewed criticism of the Internet’s digital certificate infrastructure, with some wondering if larger certificate authorities (CAs) might be too big to fail.
GlobalSign, a major certificate authority that was named by the hacker who has claimed credit for the DigiNotar hack as another CA he has compromised, has stopped issuing certificates for the time being while it investigates the claims and determines whether its network has in fact been compromised. It also has hired Fox-IT, the same company that investigated the attack at DigiNotar, to perform the audit of its systems.
By Joe BasiricoAs a security researcher, I regularly come across software vulnerabilities. Some can have a deep and lasting effect on the way customers and clients view the security of the organization and some can have a fairly minimal impact.
While security experts and lawmakers debate the seriousness of cyber threats to critical infrastructure, one security researcher says that evidence that viruses and spyware already have access to industrial control systems is hiding in plain sight: on Web based user support forums.
Former Department of Homeland Security cyber-security chief Philip Reitinger has been named as the new executive vice president and Chief Information Security Officer of Sony Corporation.
For years, there’s been an argument that the sophistication of industrial control systems is enough to keep script kiddies – or low-skilled hackers – away. Well, so much for that.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
