Join thousands of people who receive the latest breaking cybersecurity news every day.
Nearly six months after first introducing two-step verification for its Gmail service, Google has expanded the security feature to users outside the English-speaking world, opening it up to people in more than 150 countries.
Someone was able to compromise a version of the vsftpd secure FTP server recently, inserting a simple backdoor that gives the attacker a shell on compromised machines. The bad version of the server has been removed and the creator of the app has moved it to a different hosting provider as a precaution.
Google is testing a new feature in its Chrome browser that will warn users when they attempt to download a potentially malicious executable file. The feature is an extension of the existing Web-based security mechanisms the company has integrated into Chrome and the Safe Browsing API and will be available to all users later this year.
The attack on RSA that the company revealed last week raises a multitude of questions about the security of the company’s network and its own internal procedures. But the most important issues the RSA attack brings to the surface concern exactly what the attackers may have been after and what the successful compromise means for the integrity of the tens of millions of SecurID tokens deployed around the world.
By Gunter OllmannAs a follow-up to the Rustock botnet news, Microsoft have identified themselves as the key instigators of the takedown.
This is the second time Microsoft’s legal team has been actively
involved in combating the botnet menace – and they obviously learned
from their previous attempt at trying to takedown the Waledac botnet.
By Jeremiah GrossmanThere are several security issues affecting all major Web browsers that
have remained unaddressed for years (probably because the bad guys
haven’t leveraged them aggressively enough, but the potential is
there). The problem is that the only known ways to fix these issues
(adequately) is to “break the Web” — i.e. negatively impact the
usability of a significant and unacceptable percentage of websites.
Doing so is a non-starter for any browser vendor looking to grow market
share. The choice is clear for most vendors: Be less secure and adopted, rather than secure and obscure. This is what the choice comes down to. This is a topic deserving of further exploration.
high-profile online advertising Web site has been hacked and rigged to
serve multiple exploits to Microsoft Windows users surfing the net with
unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net,
which is described as a high-profile advertiser on the Internet realm.
The site has been firing an assortment of exploits for several months,
including exploits for vulnerabilities in Microsoft DirectShow and
Adobe PDF Reader. Read the full advisory [websense.com]
InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.