In this video, Dustin Childs of the Microsoft Security Response Center gives an inside look at what it’s like in Redmond on Patch Tuesday and what goes into the efforts that Microsoft makes to get fixes out every month.
It was difficult to go anywhere this week without hearing about the flurry of activity surrounding the Wikileaks data dump. A slew of denial-of-service attacks followed soon after, while new ransomware and attacks on open-source software filled out the rest of the week’s news. Read on for the week in review.
The FBI has arrested the man that they allege is behind the notorious Mega-D botnet, which at one point accounted for nearly a third of all of the spam on the Internet. The arrest came to light this week after the man was caught entering the U.S. last month on his way to a car show.
Google has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.
The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google’s Jason Kersey.
As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware at a very high effectiveness rate.
Like the old adage that ‘he who rides a tiger is afraid to dismount,’ enterprises today are bounding along on the back of a particularly large and fearsome tiger. It’s called “consumer technology” and its shape is outlined by the myriad of devices and services that modern information workers are bringing to work and using – or want to use – to get their jobs done.
The main server used to distribute the open-source ProFTPD software was compromised over the weekend through the use of a bug in the FTP software itself, and a backdoored version of the software was uploaded and distributed for several days as a result.
The Federal Trade Commission introduced a framework today that aims to address privacy issues raised by consumers that directly affects how our activity is tracked online. The agency went on to advocate the creation of a “Do Not Track” mechanism that could help shape the future of browser security.
An update to the popular Wordpress blogging platform fixes a known security hole that could have enabled a malicious contributor to gain wider control over the blog to which he or she contributed.
Two weeks after releasing Reader X with its new sandbox security mechanism, Adobe has teamed up with Google to enable a sandboxed version of its Flash software to run in Google Chrome.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
