Latest Posts | Page 139


Last year, tech giant Yahoo! Inc. fell victim to a cyberattack. But unlike other high-profile attacks, the culprit wasn't an APT or sophisticated threat sourced to a nation state. The weapon of choice was a simple SQL injection. According to reports, the miscreants targeted a vulnerability in a Yahoo! Web application some was thought to be associated with the company's VoIP phone service, Yahoo! Voices. SQL injection attacks remain some of the most widely used cyberweapons for one main reason: They work. A Structured Query Language (SQL) injection... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in:
Time and time again, the old methods of identifying who you are have fallen prey to various attacks and breaches. Simply having a login name and a password, even a strong password - one that doesn't contain words from the dictionary, and consists of upper case letters, lower case letters, numbers, and special symbols like exclamation points, ampersands or other non-alphanumeric characters - is often no longer strong enough to prevent a breach. You could have an incredibly strong password, but if the system that stores that password doesn't secure... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in:
Tags:
In Fortinet's Latest Threat Landscape Report, Fortinet looks back at the security predictions they made at the beginning of the year and compares them to where we are today. How right or wrong were they? See the info graphic below. Download the full report for even more threat landscape news. Report highlights include: - The increase of mobile malware on Android devices including new mobile ransomware - The continued proliferation of the ZeroAccess botnet and which countries are seeing the biggest infection rates - The Citadel botnet takedown -... [Read More]
by RSS Michael Perna  |  Jul 30, 2012  |  Filed in: Industry Trends
Microsoft published their monthly advanced notification for critical and important patches, and this month there are seven patches, of which six can allow remote code execution: Rated Critical - affects the .NET Framework and Silverlight: may allow remote code execution. Patch may require a reboot. Rated Critical - affects Windows: may allow remote code execution. Patch requires a reboot. Rated Critical - affects Windows, Office, Visual Studio and Lync: may allow remote code execution. Patch may require a reboot. Rated Critical - affects Windows... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
Video game development company Ubisoft posted an article earlier today on their support site that one of their systems were compromised and gamers usernames, email addresses and encrypted passwords were stolen. There's also a blog post with some FAQ's and more info here. Ubisoft is known for such popular video gaming franchises as the Assassin's Creed and Splinter Cell series. They claim that they do not store any transaction, credit card or other personal payment information in their systems, which as our favorite home, cooking and decorating... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
FortiGuard Labs is currently investigating and analyzing samples, but we can report that South Korea's Internet Security Agency has upgraded its "cyber alarm" level to 3 (3 means "caution") due to attacks on various government entities. Other groups may have been targeted as well including media organizations. We will report on this further when we have taken a look at some of the samples that have come in. [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
Tags:
Many security and technology writers have had similar thoughts as this author has in regards to Yahoo's plan to recycle inactive email addresses (my previous post is here if you'd like to take a look). In response to Mat Honan's of Wired query to Yahoo for more comment, Yahoo made the following statement: "Our goal with reclaiming inactive Yahoo! IDs is to free-up desirable namespace for our users. We're committed and confident in our ability to do this in a way that's safe, secure and protects our users' data. It's important to note that the... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
Yahoo announced last week that they're going to release what may be hundreds of thousands of inactive or unused @yahoo.com email addresses starting next month. While on the surface this seems like a good idea, it's really not. Here's a personal story that shows what can happen when a company decides to recycle unused email addresses: I had a friend years ago who wanted to sell some things on eBay, but was absolutely flummoxed as to what to do. So I walked her through the whole process. When it came to accepting payments, she asked if she could... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
If you have an email account, it's pretty much guaranteed that you've seen a scam email... or worse, fallen prey to one. There is a big percentage of emails in cyberspace that belongs to the scam category. Emails that asks you to fill-out a survey form for a chance to win a vacation of a lifetime. Perhaps you've received an email that asks you about your financial information because they want to give you a big inheritance. Maybe it's an email that wants to let you in on an online deal that seems too good to be true. But scamming is not confined... [Read More]
by RSS Raul Alvarez  |  Jul 30, 2012  |  Filed in: Industry Trends
While an invaluable communication tool, email remains one of the most effective and reliable threat vectors around. The reason? It still works. It's no secret email is the gateway to sensitive customer information, crucial databases and other valuable data. Attacks that leverage email as the initial point of entry provide lucrative returns for their operators. The email security market has little room to be complacent. Email security continues to evolve to keep up with increasingly sophisticated, multi-faceted threats and counteract stealth malware... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in: Industry Trends