Weekly Top 10 security news (4th-feb-10th-feb)

Bit9 hacked, used to inject malware into customers' networks

Security vendor Bit9 has been hit by a serious security breach of its own network.Intruders broke into a core part of the company's service and used its own trusted digital certificates to create pre-authorised malware.The result, apparently, was that a small number of customers got infected with malware that wasn't merely missed by Bit9's detection algorithms, but was actively endorsed by its protection system.


Twitter looks to add two-factor authentication to stop password hacks

Twitter is looking to add another layer of protection to its user authentication. After at least 250,000 account passwords were compromised in an attack against its service last week, Twitter apparently plans to implement two-factor authentication as an option to help users better protect their accounts—or at least it's hiring people to help do that.In a job listing posted by Twitter this week, the company seeks software engineers to develop "user-facing security features, such as multifactor authentication and fraudulent login detection." When contacted by Ars, a representative for Twitter said the company has no specific details to share about its plans at this time.


Google Blocks High Profile Sites After Advertising Provider NetSeer is Hacked

Google Chrome users, among others, couldn't access some of the most popular Web sites Monday after an advertising network's corporate Web site was injected with malware. But, according to the ad company's chief executive, those sites were safe. Those who called up sites such as The Huffington Post, New York Times, Los Angeles Times, Washington Post and many other media sites, among others, were greeted with a warning that the sites contained malware. An example of a warning: "Content from cm.netseer.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware." Another warned that the virus peddler was images.buddytv.com.


Microsoft Patch Tuesday: IE at risk of malware attacks; 57 flaws in total

Microsoft will release 12 patches for 57 vulnerabilities next week for Windows, Internet Explorer, and Office.A spattering of enterprise products, including Microsoft Office and Windows Server, and developer tools, such as .NET Framework, will also be patched.Five of the updates are labeled "critical," in which malicious code can be remotely executed on users' machines. Another vulnerability that allows remote code execution is labeled "important."


Mobile spammers release DIY phone number harvesting tool

Need a good reason not to connect to the public Web with your phone? Wonder where all that SMS spam is coming from? Keep reading.Mobile phone spammers have recently released a new version of a well known phone number harvesting tool, whose main objective is to crawl the public Web and index mobile phone numbers, which will later be used for various malicious and fraudulent purposes.


Bots, Zeus, Web Exploits: the Most Potent Threats of 2012

Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the ubiquitous Zeus banking Trojan.


Security alert for D-Link routers

Security expert Michael Messner has identified several holes in D-Link's DIR-300 and DIR-600 routers that allow potential attackers to execute arbitrary commands with little effort. Although current firmware versions are also affected, the router manufacturer does not appear to be planning to close the hole.Messner describes on his blog how a simple POST parameter allows Linux commands to be executed at root level on vulnerable routers.


FTC Endorses New Privacy Guidelines, Do Not Track for Mobile Apps, Devices

Hoping to ramp up privacy on mobile devices such as smartphones and tablets, the Federal Trade Commission (FTC) has released a series of suggestions to help app developers, advertising networks and device companies better protect their users online.As it’s done over the last two years with browser security, the FTC is looking to get companies, particularly those that work in the facilitation of users’ personal information, to clamp down.


New malware sleeps its way into financial institutions

FireEye discovered a new kind of malware today that thwarts antivirus software by, well, taking a nap. Nap, as it’s called, was found attacking financial institutions and hides hackers’ identities in the same way the New York Times‘ hackers stayed anonymous.Currently, researchers are not sure how it enters your system, but they consider it a “malicious downloader” that sneaks in under the radar by putting itself to sleep. That is, many antivirus companies use what is called automated analysis systems.


Facebook will be closed for maintenance between Feb 29-31 - joke chain letter spreads

Messages have been spreading on Facebook claiming that the social network will be closed between February 29th and February 31st, 2013.And, of course, it's kinda true. You won't be able to log into Facebook on February 29th, February 30th or February 31st this year. Nor will you have much luck, although the messages don't mention this, on June 31st.Umm.. that's because those days don't exist.



CISOPlatform Team.

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service