Man In The Middle News, Articles and Updates
An online poker news site tested dozens of sites and found numerous vulnerabilities.
A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.
Google has turned on encrypted search by default. The tech giant announced in a blog post Tuesday that users, over the next few weeks, will be automatically directed to https://www.google.com when they sign into their accounts. The secure channel will help protect search terms and results pages from being intercepted by a third party. As a result, websites won't have access to each individual search query that drives traffic to their site, but they still will be able to view a list of the top 1,000 queries via Google Webmaster Tools. Users wanting to send their individual search entry to advertisers, so they can improve their campaigns, can opt to still do so by clicking on an ad appearing on the search results page.
Apple on Tuesday released an update to its iTunes software to repair a whopping 79 vulnerabilities. Most of the flaws are memory corruption issues found in WebKit, an open source web browser engine that helps render the iTunes Store. In the case of those bugs, adversaries could launch a man-in-middle attack while a user browses the store, which may lead to malicious code execution. The other holes patched by upgrading to iTunes 10.5 lie in CoreFoundation, ColorSync, CoreAudio, CoreMedia and ImageIO.
As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.
A federal lawmaker is calling on a number of high-profile websites to adopt a more secure web protocol to prevent wireless hackers from hijacking their users' data.
Apple has released a security update for its Mac OS X. Version 10.6.6 rectifies a single security vulnerability, in PackageKit, that could allow a man-in-the-middle attacker to launch malicious code or cause an application to crash. Users are encouraged to update here. - DK
SC Magazine Articles
- GCHQ infosec group disclosed kernel privilege exploit to Apple
- 77% of organisations unprepared for cyber-security incidents
- 117 million LinkedIn email credentials found for sale on the dark web
- Furtim malware can run AND it can hide
- Ubiquiti warns of worm using known exploit on outdated AirOS firmware
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study
- 2.5K Twitter accounts hacked to spread links to adult content
- Study: Federal agencies still lack strong cyber hygiene practices
- Petya and Mischa - the Ransomware Twins (sort of)
- Bad guys update ransomware DMA Locker with version 4.0
- Lieu, Hurd urge colleagues to use encryption, improve cyber hygiene