Adobe today released an important security update for its Flash Player software that fixes a vulnerability which is already being exploited in active attacks.
How to Neuter POODLE (New SSL Vulnerability)
Surprise, surprise… Researcher’s have found yet another OpenSSL vulnerability . They’ve named this one POODLE. Silly name, I know, but at least it stands for something—Padding Oracle On Downgraded Legacy Encryption
NSA Has Large Disks
One of the hottest buzz of the moment certainly is the breaking news about NSA collecting phone records of Verizon subscribers. According to court order, Verizon has been asked to provide NSA daily information for all its phone records between April 25th and July 19th
Microsoft Hits Citadel Hard
Late last week, Microsoft’s Digital Crimes Unit, working with the FBI and the U.S. courts, took a huge chunk out of the capabilities of the Citadel botnet. Citadel is a ZeuS variant that is responsible for infecting what is believed to be millions of computers across the globe in the hopes of stealing financial information through key logging and form grabbing and using that information to steal money from the bank accounts of infected victims.
Phishing – Alive and Well
Last week I was getting caught up on the usual deluge of emails, and one caught my eye. I’ll admit, at first glance, I almost clicked without thinking.
Google and the Zero-Day Conundrum
Last week Google announced a significant change to the way they disclose vulnerabilities. In cases where a zero-day vulnerability has made it into the wild and is being actively exploited, Google will now give a scant 7 days to the software vendor whose product is being exploited before ”…support(ing) researchers (by) making details available so that users can take steps to protect themselves.” We hope that the details Google will make available do not include full disclosu…
New NSS Labs Report: IE’s Browser Security Bests Others
Microsoft’s Internet Explorer 10 is the most secure web browser according to the results of a mid-May 2013 NSS Labs’ analysis. Apple Safari 5, Google Chrome 25/26, Internet Explorer 10, Mozilla Foxfire 19 and Opera 12 were all evaluated against malware downloads and socially engineered malware. Results show that Chrome’s malware download protection improved significantly, up to more than 83 percent from a 70 percent performance in NSS’ October 2012 analysis, Browser C…
Preventing DDoS: What to Look for in a Security Solution
Distributed Denial of Service (DDoS) attacks are on the rise, and they’re only getting stronger. This was driven home by The New York Times report on how anti-spam organization Spamhaus fell prey to one of the largest DDoS attacks in history. Few can forget the targeted DDoS assaults on global financial institutions JP Morgan Chase, Wells Fargo and Bank of America, Regions Bank and American Express – attacks that crippled the businesses for hours and cost millions in lost business, rem…
Tufin Talks ‘Magic’ in Network Security Abstraction
There’s no shortage of reports on the latest network security breaches. Each incident holds its own valuable security lesson but it’s beneficial to recognize the incremental successes paving the way to progress. That’s exactly what Reuven Harrison of Fortinet’s solution partner Tufin did in a blog published last week.
11MB for a simple conference program application?
As I was following the tweets of IEEE S&P, one of the top academic conferences on security, I saw they had created a special application for the people attending the conferences, with the agenda, paper abstracts and a few news. Figure 1. IEEE Security & Privacy Android application Curious, I downloaded the application for Android (air.org.computer.confprog.sp.apk) and ran it through my automated analysis scripts.