Social Network For Security Executives: Network, Learn & Collaborate
Security vendor Bit9 has been hit by a serious security breach of its own network.Intruders broke into a core part of the company's service and used its own trusted digital certificates to create pre-authorised malware.The result, apparently, was that a small number of customers got infected with malware that wasn't merely missed by Bit9's detection algorithms, but was actively endorsed by its protection system.
Twitter is looking to add another layer of protection to its user authentication. After at least 250,000 account passwords were compromised in an attack against its service last week, Twitter apparently plans to implement two-factor authentication as an option to help users better protect their accounts—or at least it's hiring people to help do that.In a job listing posted by Twitter this week, the company seeks software engineers to develop "user-facing security features, such as multifactor authentication and fraudulent login detection." When contacted by Ars, a representative for Twitter said the company has no specific details to share about its plans at this time.
Google Chrome users, among others, couldn't access some of the most popular Web sites Monday after an advertising network's corporate Web site was injected with malware. But, according to the ad company's chief executive, those sites were safe. Those who called up sites such as The Huffington Post, New York Times, Los Angeles Times, Washington Post and many other media sites, among others, were greeted with a warning that the sites contained malware. An example of a warning: "Content from cm.netseer.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware." Another warned that the virus peddler was images.buddytv.com.
Microsoft will release 12 patches for 57 vulnerabilities next week for Windows, Internet Explorer, and Office.A spattering of enterprise products, including Microsoft Office and Windows Server, and developer tools, such as .NET Framework, will also be patched.Five of the updates are labeled "critical," in which malicious code can be remotely executed on users' machines. Another vulnerability that allows remote code execution is labeled "important."