Informationweek Influencer
Lee (@Security_FAQs)
- Twitter Bio:
- Blogging about internet security whilst supporting Liverpool Football Club.
- Location:
- London, UK
- Website:
- http://www.security-faqs.com
Lee's Selections From the Web
Symantec's chart shows a distribution of zero-day exploits based on how long they persist before being discovered. The average is close to 10 months. (Click to enlarge.)Software vendors are constantly on the watch for so-called “zero day” vulnerabilities–flaws in their code that hackers find and exploit before the first day companies become aware of them. But the term “zero-day” doesn’t capture just how early hackers’ head-starts often are: Day zero, it seems, often lasts more than 300 days.That’s one of the findings of a broad study of hackers’ zero-day exploits by two researchers at the antivirus firm Symantec that they plan to present at the
In 2012 it’s becoming increasingly common for cybercriminals to apply basic quality assurance (QA) tactics to their campaigns. Next to QA, they also emphasize on campaign optimization strategies allowing them to harness the full potential of the malicious campaign.
Recently, I came across to an underground forum advertisement selling access to 117,000 unique U.S visitors — stats gathered over
Over 100,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest
Mozilla has fixed seven security vulnerabilities in its flagship Firefox browser, including four critical bugs. The fixes are included in Firefox 13, which was released Tuesday.
Firefox 13 will download automatically for most users and be installed once users restart the browser. Among the security flaws fixed in this version of the browser are several severe ones, including a pair of critical buffer overflows and some use after free vulnerabilities. Those problems were discovered by a Google researcher.
"The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-
Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. Don't show me this againHi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. Don't show me this againDon't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos. Don't show me this againHi there! If you're new here, you might want to subscribe to our RSS feed for updates. Don't show me this againAlready using Google+? Find us on Google+ for the latest security news. Don't show me this againThe
Cisco Systems' ASA 5500 series is one of many firewalls that drops data packets that contains invalid TCP sequence numbers. The feature leaks data that can be used to hijack connections.
Computer scientists have identified a vulnerability in the network of AT&T and at least 47 other cellular carriers that allows attackers to surreptitiously hijack the Internet connections of smartphone users and inject malicious content into the traffic passing between them and trusted websites.
The attack, which doesn't require an adversary to have to have any man-in-the-middle capability over the network, can be
We've come across a malicious Olympic themed PDF earlier this morning while data mining our back end for documents which drop executables (those are never a good thing, unsurprisingly).The PDF exploits CVE-2010-2883, which affects older versions of Adobe Reader and Acrobat. A typical PDF exploit will launch a clean decoy as part of its attack, and in this case, the decoy is a copy of the London 2012 Olympic schedule circa October 2010. The original source PDF can still be found online at: london2012.com.Click image to view a larger version.The exploit attempts to make a network connection with a site registered to "
Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. Don't show me this againHi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. Don't show me this againDon't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos. Don't show me this againHi there! If you're new here, you might want to subscribe to our RSS feed for updates. Don't show me this againAlready using Google+? Find us on Google+ for the latest security news. Don't show me this again
Over the weekend, I wound up at Washington, D.C.âs Trapeze School with a group of friends. Before one of them headed up a ladder to attempt a somersault landing from the trapeze bar, she handed me her phone and asked me to take photos. âWhatâs the password?â I asked. âI donât use one,â she replied. My jaw dropped as it often does when someone I know tells me theyâre choosing not to take one of the very simplest steps for privacy protection, allowing anyone to snoop through their phone with the greatest of ease, to see whichever messages, photos, and sensitive apps they
Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest
Upcoming Events
Live Events
- Information Streams - Going Beyond the Activity Stream - E2 Conference Boston
- How to Choose a SaaS Vendor - E2 Conference Boston
- The E2 Social Business Leaders - E2 Conference Boston - E2 Conference Boston
- Mobile Connect - E2 Conference Boston - E2 Conference Boston
- Evaluating Emerging Technologies for the Enterprise - E2 Conference Boston
This Week's Issue
Free Print Subscription
SubscribeSpecial Issue
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue
Related Whitepapers
Related Reports
