seguridad Internet

EU Agency Says Stuxnet Portends Future Sophisticated Attacks

The European agency responsible for protecting the critical infrastructure of EU countries is warning its member states that the Stuxnet attack represents a major change in the malware landscape and that they should be prepared for further attacks with the same level of sophistication and professionalism.

Google Unveils Gmail Security Checklist

In the face of continued attacks targeting its hugely popular Gmail service, Google has put together a checklist to help Gmail users better secure their accounts by looking at the settings in their inboxes, their browsers and their PCs. The security guide doesn’t automate any of these tasks for users, but instead gives them a guide comprising 18 steps to help lock down their Gmail inboxes.

Researchers have discovered that a page on the My Opera community Web site is hosting malware related to an IRC botnet. The discovery comes just a couple of weeks after malicious code also was found on Google Code servers.

Although Adobe doesn’t have a patch ready yet for the newly disclosed vulnerability in the company’s Reader application, Adobe and Microsoft security officials said that Microsoft’s recently released Enhanced Mitigation Environment Toolkit 2.0 can protect users against the exploit that is currently circulating.

A day after Microsoft released information on the remotely exploitable DLL-hijacking vulnerability that affects dozens of Windows applications, researchers are starting to discover exactly which pieces of software are vulnerable. The list so far includes PowerPoint, Wireshark and some applications that are included by default with Windows Vista, and possibly Windows 7.

As mobile devices such as iPhones, BlackBerrys, Android phones and others have become more sophisticated and easy to use, many users have made them their main computing and Web-browsing devices. And that evolution naturally has caught the attention of attackers who have begun tailoring more and more of their attacks at these mobile platforms.

A Web site set up to help iPhone users jailbreak their devices is using a flaw in the way that the iPhone handles PDF files to escape the phone’s sandbox security function and enable users to load applications that aren’t in Apple’s official App Store. The same flaw could easily be used to install malicious software in drive-by download attacks, experts say.

LAS VEGAS–Security technology and practice have advanced quite a bit in the past few years, but one thing that has become clear is that whatever gains have been made are just not keeping pace with the innovation of attackers. The advances being made by malware authors and crimeware gangs are keeping them well ahead of the curve and will continue to do so for the foreseeable future, researchers say.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.