Week in review: IE zero-day used in active attacks, fraudulent digital certificate for Google domains revoked
Here’s an overview of some of last week’s most interesting news, reviews and articles:
Database hacking: The year that was
Have you ever been to the Privacy Rights Clearinghouse site? It tallies all the data breaches that have occurred in United States since 2005. What you read there is really scary…
The threat landscape continues to expand rapidly
In today’s threat environment, the reach of cybercriminals expands to more industries each year, with financial services, insurance, retailers, enterprises and government agencies especially vulnerable to new threats.
What DDoS attacks reveal about your security infrastructure
What did we learn from this year of carnage?
IE zero-day used in targeted watering hole attacks
News that an Internet Explorer zero-day vulnerability was being and has been for quite some time been used in a new “watering hole” attack has livened the otherwise uneventful last week of 2012.
Why hire a hacker?
If you want to prevent criminals from hijacking your systems then perhaps a hacker is exactly the person you need for the job.
Hacking Web Apps
Web security impacts applications, servers and browsers. Successful attacks against Web applications and sites means bad news for their owners, developers and users. This book explains the ins and outs of eight types of security weaknesses and flaws most commonly exploited by hackers, and advises on how to fix them.
All Ruby on Rails versions affected by SQL injection flaw
Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order to fix an SQL injection vulnerability that affected all the previous versions of Rails.
Fraudulent digital certificate for Google web properties used in active attacks
A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has been discovered by the Google Chrome Security Team.
Conficker targets photography lovers
People who bought a Hama-manufactured slide scanner from popular German retailer chain Tchibo in the weeks leading to Christmas are being warned about taking home more than they have bargained for.
Google to change business practices to resolve FTC concerns
Under a settlement reached with the FTC, Google will meet its prior commitments to allow competitors access – on fair, reasonable, and non-discriminatory terms – to patents on critical standardized technologies needed to make popular devices such as smart phones, laptop and tablet computers, and gaming consoles.
Microsoft to release seven advisories on Tuesday
The first Microsoft Patch Tuesday of 2013 includes 7 advisories (MS13-001 – MS13-007), two of which are listed as critical because they can be executed remotely.
Improve your firewall auditing
As a penetration tester you have to be an expert in multiple technologies. Typically you are auditing systems installed and maintained by experienced people, often protective of their own methods and technologies.
California and Illinois ban employers from requesting personal passwords
Many U.S. states have moved to make it illegal for employees and educational institutions to make this request, and in the last year and a half, six of them have accomplished that goal (or part of it). The latest two states to joint this enviable group were California and Illinois, whose laws concerning this matter went into effect with the start of the new year.