Social Network For Security Executives: Help Make Right Cyber Security Decisions
Microsoft's sloppy housekeeping causes outages in Azure service
Microsoft unwittingly let an online security certificate expire Friday, triggering a worldwide outage in an online service that stores data for a wide range of business customers.
The sloppy housekeeping represents an embarrassing lapse for Microsoft as the software maker tries to bring in more revenue from the storage service, which is called Azure.The expired certificate is needed to properly run online services such as Azure which use an "https" protocol to block unauthorised users from accessing information. Microsoft's failure to renew the security certificate apparently caused the Azure service to go down shortly before 4 PM EST Friday.
Customer service turned into customer disservice on Thursday, when a security breach at Zendesk spilled over to affect Twitter, Tumblr, and Pinterest users.
Zendesk, which supplies customer service software for the three companies, said on its blog that hackers downloaded the email addresses of users who contacted the three social networks for support help, along with the subject lines of said support emails. The company claims that no other critical data has been accessed.
NBC.com website links to the redkit exploit kit that is spreading Citadel malware, targeting US financials institutions. This version of Citadel is only recognizable by 3 out of the 46 antivirus programs on virustotal.com.
Every now and then, an incident occurs in the SOC (Security Operation Center) that really captures everyone involved’s imagination. NBC’s websites getting hacked, is just one case, in point.It has been shown before (with Dutch news site nu.nl, for example, along with the recent incidents at the New York Times and Wall Street Journal), targeting media and news websites can vastly improve an attacker’s chances of success. Users presume these large organizations websites to be free from malware. If an attacker can gain access to these web servers, they can use them to distribute malware to every visitor of that web server.
On a daily basis, largely thanks to the efficiency-centered malicious campaigns circulating in the wild, cyber-criminals get access to tens of thousands of accounting credentials across multiple Web properties, and most disturbingly, online payment processing services like PayPal.
We’ve recently spotted a newly launched underground E-shop that’s exclusively selling access to hacked PayPal accounts. How much does it cost to purchase a hacked PayPal account on the underground marketplace these days? What pricing method is the cybercriminal behind the service using, and does the newly launched E-shop share any similarities with the E-shop selling access to hacked PayPal accounts that we profiled in 2012?
(Reuters) - Apple Inc was recently attacked by hackers who infected Macintosh computers of some employees, the company said Tuesday in an unprecedented disclosure describing the widest known cyber attacks targeting Apple computers used by corporations.
Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers.The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday.
Have you ever gotten a plea to wire money to a friend stranded at an international airport? An oddly written message from someone you haven’t heard from in ages? Compared to five years ago, more scams, illegal, fraudulent or spammy messages today come from someone you know. Although spam filters have become very powerful—in Gmail, less than 1 percent of spam emails make it into an inbox—these unwanted messages are much more likely to make it through if they come from someone you’ve been in contact with before. As a result, in 2010 spammers started changing their tactics—and we saw a large increase in fraudulent mail sent from Google Accounts. In turn, our security team has developed new ways to keep you safe, and dramatically reduced the amount of these messages.
Adobe has released the emergency update for Reader and Acrobat that it promised late last week.The company decided to get a move on to deal with a newly-reported vulnerability that was actively being exploited, at least on Windows and the Mac.
The timeline has been pretty swift:
The fixes are available for all affected platforms, so Windows, Mac and Linux users should all upgrade.
An annual competition for start-ups showcased the rising demand for consumer centric security solutions – a trend likely to continue as companies embrace the bring-your-own-device (BYOD) movement and other technologies focused on user convenience.
At RSA Conference 2013 in San Francisco, ten start-ups presented their ideas to a panel of judges to win the top spot in the annual “Innovation Sandbox” contest. Innovation Sandbox is reminiscent of reality television show Shark Tank, which gives entrepreneurs the opportunity to woo investors during a race against the clock; instead, start-ups here will vie for industry recognition – to be named the most innovative company at the RSA conference.
Apple issues Java update after security breach
Following recent security breaches that led to computers at Apple and other companies being compromised, Apple has issued an update for Java on OS X to close the hole. According to the update's release notes, it will disable all versions of Java that are supplied by Apple and will encourage users who need Java to download the latest version from Oracle.
The update went live this afternoon through Apple's Software Update service, which can be accessed from the Apple menu, and also available as a standalone update for OS X Snow Leopard or later from the following locations:
Representative Ed Markey (D-MA) is urging the Chairman of the House Committee on Energy and Commerce, Fred Upton (R-MI), to take immediate action toward passing the Grid Reliability and Infrastructure Defense (GRID) Act, which Markey calls a bipartisan bill aimed at hardening the nation’s electrical grid and critical infrastructure against cyberattacks.
Broadly put, the GRID Act would give the president the authority to impose emergency defensive measures, with or without notice, on maintainers of critical infrastructure in response to what is perceived as an imminent threat to the nation’s electrical grid.