Tag: Google

Podcast: Switch To IPV6 Demands A Security Re-Think

Editor’s Note: This  interview with Qualys CTO Wolfgang Kandek was originally recorded on March 29th. You’re probably not aware of it, but a major transformation is taking place on the Internet. We’ve exhausted the approximately 4.3 billion available addresses for IPV4 – Internet Protocol Version 4 – the Internet’s lingua franca. (Roughly 98% of all Internet traffic.)   With billions of new, intelligent devices set to join the global Internet in the next decade, a new addressing scheme was needed. Enter Internet Protocol Version 6 (IPV6), which will create a practically inexhaustible supply of new addresses and some much needed, new security features that can prevent man in the middle attacks, ARP poisoning and a host of other ills. But organizations that have the luxury of waiting to upgrade their networks should do so, says Qualys CTO Wolfgang Kandek in this exclusive interview with The Security Ledger. From vulnerability scanning to […]

Continue Reading

Anti-Social: Popular WordPress Sharing Plugin Linked To Payday Loan Spam

A popular plug-in for sharing blog content on social networks was discovered to have hidden code that was injecting WordPress blogs with links to phony Pay Day Loan offers and other spam, according to the firm Sucuri. The plug-in, named Social-Media-Widget (SMW) was compromised with malicious code 12 days ago, in concert with an update of the widget. The new version of the plug-in contained a hidden call to a remote PHP script that inserted “Pay Day Loan” spam text and links into WordPress web sites running the plugin. The goal was to infect as many web sites as possible with text that would increase the web reputation and visibility of a web site run by the spammers, according to the post on Tuesday, by Daniel Cid, Sucuri’s CTO. SMW is among the most popular add-ons for Wordpess sites. It allows bloggers who use WordPress to configure sharing buttons that will […]

Continue Reading

What’s In Your Bucket? Data For The Taking In Amazon S3 Containers

Security is one of the main obstacles to greater cloud adoption. When it gets right down to it: companies that own sensitive data are reluctant to release control of it to a third party without ample reassurance that it won’t be lost or stolen. Given that’s the case, the results from an analysis of Amazon’s cloud-based Simple Storage Service (S3) by the security firm Rapid7 won’t ease privacy and security fears surrounding cloud-based storage and applications. In that study, Rapid7 researchers surveyed 12,328 Amazon S3 “buckets” – virtual containers for stored data. The results: 1,951 of those buckets were publicly accessible – around 1 of every 6. Within those 2,000-odd public buckets were 126 billion (with a “B”) files. That’s right – 126 billion. The sheer amount of data was too large for Rapid7 to audit each file individually, so the company sampled 40,000 publicly visible files and found that […]

Continue Reading

Spammers Using Yahoo, Google To Whitewash Links

If the gigantic distributed denial of service (DDoS) attacks against the spam blacklisting operation Spamhaus wasn’t proof enough: spammers have trouble steering around blacklists and other reputation-based filters. Even if the language in their message is generic enough to avoid detection, dropping a link to a known, malicious- or compromised domain is plenty to get an entire message dropped. Spammers without a legion of 100,000 bots at their fingertips have to get creative about getting their message into the target’s inbox. Lately, a method that’s drawing attention is to leverage low-security redirection services to whitewash a link to a ‘known-malicious’ or merely suspicious sites. Barracuda Networks said that it has captured spam attacks that are combining a Yahoo based URL shortening service with Google’s free Translate service to whitewash links in spam e-mail messages and evade automated detection. The message, which was sent to a Barracuda “honeypot” system  includes a […]

Continue Reading

Bit9: 32 Pieces of Malware Whitelisted In Targeted Hack

The security firm Bit9 released a more detailed analysis of the hack of its corporate network was part of a larger operation that was  aimed a firms in a “very narrow market space” and intended to gather information from the firms.   The analysis, posted on Monday on Bit9’s blog is the most detailed to date of a hack that was first reported on February 8 by the blog Krebsonsecurity.com, but that began in July, 2012.  In the analysis, by Bit9 Chief Technology Officer Harry Sverdlove said  32 separate malware files and malicious scripts were whitelisted in the hack. Bit9 declined to name the three customers affected by the breach, or the industry segment that was targeted, but denied that it was a government agency or a provider of critical infrastructure such as energy, utilities or banking. The broad outlines of the story about the hack of Bit9, which sells […]

Continue Reading
1 26 27 28 29 30 31