Report: Q2 Threat Evolution, the Year of the Hacktivist?
Scareware and Rogue AV are back with a vengeance in 2011, after receding in 2010 according to Kaspersky Lab’s latest threat evolution report.
Vulnerabilities
Shady Rat Attackers Hid Code in Digital Images
More information about last week’s “Shady Rat” hacks continues to be uncovered, including reports that the attackers behind the hack used digital images to obscure their activities.Researchers at Symantec analyzing the attacks found images were hiding code that enabled communication back and forth with infected machines and a command-and-control (C&C) server, according to a report from DarkReading.
New Workaround Released For iOS SSL Flaw
A security researcher has released a new workaround for the critical vulnerability in the Apple iOS operating system related to the way that the OS handle SSL certificate validation. The workaround makes some key checks in the certificate chain that the vulnerable versions of iOS and a previous workaround fail to execute.
During the Reagan Administration, the ‘government waste’ meme was all about $600 toilet seats and $300 hammers. Those looking for a more contemporary example of how government procurement gets it wrong might point, instead, to Project 25 (P25), a decade old effort to provide first responders and federal officials with a reliable and secure emergency radio system.
There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user’s BlackBerry device.
A security researcher known for his work on cracking cryptographic ciphers on mobile networks has found a method that enables him to capture and decrypt data traffic on virtually any GPRS network. The attack, developed by Karsten Nohl, enables him to eavesdrop on traffic within a radius of about three miles.
Trading on Hong Kong’s stock market, Hong Kong Exchanges & Clearing, remains suspended today following a “coordinated and sustained” distributed denial of service attack on one of the exchange’s websites Wednesday. Several companies, including HSBC, China Power International and Cathay Pacific found their shares unavailable late Wednesday following the attack according to a report from BBC.
In his keynote address at the SOURCE Boston conference this year, independent security researcher Dino Dai Zovi discussed the attacker mentality and they way that defenders can adopt it to better protect their networks.
By Andrew StormsNo doubt breaking things is fun. I remember back when I was 10 years old when
I took apart a squirrel cage fan, flipped some wires and so forth, and then
attempted to plug it back in. Good thing my mom stopped me seconds before I
was about to get a literal jolt of reality. These days, I still keep that
same inquisitive and maniacal mentality. Yes, I was the guy wearing an
assortment of makezine t-shirts at Black Hat, but I also often wore collared
shirts and a belt. Because I keep a foot in both of these worlds, I¹d
like to propose an adjustment to the security community.
Apple released an update today for its built-in, malware protection platform, XProtect, in response to the emergence of Mac-targeting trojan that hijacks Google searches, according to an article posted on Softpedia.
