Exploits / vulnerabilities - News, Features, and Slideshows

News

• Bredolab-infected PCs downloading fake antivirus software

  A massive takedown operation conducted by Dutch police and security experts earlier this week does not appear to have completely dissolved the Bredolab botnet, but it is unlikely to recover.

• New bug lets you unlock iPhone for calls

  A bug in Apple's iPhone OS gives thieves a way to unlock stolen iPhones and make telephone calls.

• iOS 4 lock screen flaw grants access to contacts

  MacRumors reported today a security flaw in iOS 4.1 that would allow someone to bypass the 4-digit passcode lock in order to access the Phone app. While the home screen and other apps appear to remain secure, access to the Phone app is no small prize, granting the unauthorized user the ability to view or edit contacts and voicemails, as well as make non-emergency calls. You can also apparently start Voice Control to play music or *gasp* ask what time it is.

• Did Dutch police break the law taking down a botnet?

  Dutch police took unprecedented action in taking down a botnet on Monday: They uploaded their own program to infected computers around the world, a move that likely violated computer crime laws.

• Google adds phishing URL alerts into network tool

  Google has added notification for phishing URLs to its service that lets administrators know if their networks have been compromised.

• Microsoft releases biggest-ever security update

  Microsoft released its largest-ever set of security patches Tuesday, fixing a total of 49 bugs in products such as Windows, Internet Explorer and Office.

• Mobile malware exploits on the way, experts say

  Smartphone exploits are coming, as cybercriminals start to figure out how to make money by hacking mobile devices, two mobile security experts said Tuesday.

• Criminals will continue to use Zeus Trojan, expert says

  Despite dozens of recent arrests targeting large online fraud organizations, other criminals are continuing to use the Zeus Trojan and other Web tools to steal identities and money from Internet users, one cybersecurity expert said Tuesday.

• Zeus botnet thriving despite arrests in the US, UK

  The Zeus botnet remains a robust network that is difficult to destroy despite an international sting operation that saw dozens arrested this week for allegedly stealing money from online bank accounts.

• Cyber Storm III simulates large-scale attack

  A new cyberattack exercise hosted by the U.S. Department of Homeland Security this week reflects the increasingly sophisticated attacks U.S. agencies and businesses face, DHS officials said.

• Idappcom seeks to displace penetration testers

  A U.K. company is seeking to displace penetration testing companies with an appliance and software that can frequently test whether security devices are catching bad network traffic and exploits.

• Twitter contains second worm in a week

  Twitter has put a stop to a worm that posted obscene messages to victims' Twitter feeds. It's the second worm attack the site has suffered in a week.

• Twitter fixes cross-site scripting flaw

  A serious security flaw was apparently found on Twitter on Tuesday but was quickly fixed.

• Vulnerability management basics: Pen testing techniques

  It should go without saying that pen testing is one of the most important pieces of an IT security shop's vulnerability management program. And yet it's something that was <a href="http://www.csoonline.com/article/468766">declared a dead art by Fortify Co-founder Brian Chess</a> a couple years ago.

• Security program automatically tracks down missing patches

  Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test,