Ad Fraud Trojan Kovter Patches Flash Player, IE to Keep Other Malware Out

The ad fraud Trojan known as Kovter has been updating Adobe Flash Player and Microsoft Internet Explorer on infected systems, most likely in an effort to keep other malware out.
The French security researcher known as Kafeine discovered this new Kovter trick when he noticed that some of his virtual machines were attempting to download the latest version of Flash Player.
read more

SurfWatch Labs Rolls Out Dark Web Intelligence Service

Cyber risk intelligence startup SurfWatch Labs has launched a new service that provides customers with customized research and intelligence from the Dark Web.
For $100,000 per year, the company says customers can get focused, in-depth research and analysis of the their high level threat and risk environment from places on the Web not indexed by popular search engines.
read more

Default Account Exposes Cisco Unified CDM Users to Remote Attacks

While conducting security tests on its products, Cisco identified a serious vulnerability in the Cisco Unified Communications Domain Manager (CDM) platform software that can be exploited to take full control of affected systems. The company has released software updates to address the issue.
read more

Senator Demands Answers on FBI’s Use of Zero Days, Phishing

The chairman of the powerful Senate Judiciary Committee is asking some pointed questions of the FBI director about the bureau’s use of zero-day vulnerabilities, phishing attacks, spyware, and other controversial tools. Sen. Charles Grassley (R-Iowa) has sent a letter to FBI Director James Comey asking for “more specific information about the FBI’s current use of […]

Ignoring Mobile Security Doesn't Make It Go Away

Recently I attended Gartner’s Security and Risk Management Summit outside Washington, D.C. Early in the week, I had a discussion with a security professional who asked me, skeptically, if mobile threats were actually something he had to worry about. He explained that mobile malware and mobile breaches were small blips on the security threat horizon.
read more

Cisco UCDM Platform Ships With Default, Static Password

A week after admitting that several of its security appliances ship with static SSH keys, Cisco warned customers on Wednesday that its Unified Communications Domain Manager platform has a default, static password for an account that carries root privileges. The vulnerability affects versions of the software prior to 4.4.5 and the company said there are no […]

Login Credentials Possibly Exposed in Harvard University Breach

Harvard University revealed on Wednesday that some of its IT networks have been breached.
The breach, discovered on June 19, affects the networks of the Faculty of Arts and Sciences and Central Administration. Harvard says it’s working with external cyber security experts and federal law enforcement on investigating the incident.
read more