LinkedIn Shuts Down Four XSS Flaws, Is wireless the Trojan horse in your network security? and more

October 3, 2013
No Comment


linkedin-logo21Here are the top cyber news and stories of the day.

  • LinkedIn Shuts Down Four XSS Flaws – “LinkedIn has closed the door on four cross-site scripting (XSS) vulnerabilities, which could have been used to ultimately steal credentials from users.” LinkedIn is one of the top professional networking sites in the world. As such, many use it to store their resume, keep in contact with coworkers and find new jobs. These types of vulnerabilities can be extremely useful for phishing attacks, and could have been used to send users targeted emails to grab log-in credentials. Via InfoSecurity, more here.
  • IE zero-day vulnerability exploited more widely than previously thought – “A recently announced and yet-to-be-patched vulnerability that affects all versions of Microsoft Internet Explorer (IE) has been exploited in targeted attacks against organizations in Taiwan since the beginning of July, according to security researchers.” IE is still one of the most widely used browsers in the world (I don’t know why, but I’m looking at you, USG), and thus any vulnerabilities should concern us all. There are also many web services only available via IE (ugh). Via ComputerWorld, more here.
  • DHS will expand cybersecurity intern program – “A U.S. Department of Homeland Security (DHS) summer internship program for community college students focusing on cybersecurity was so successful, the department plans to ramp it up.” Programs such as these can help get students into the cyber track and interested in performing cyber capabilities for the government. Via Community College Times, more here.
  • Is wireless the Trojan horse in your network security? “According to Roger Klorese of WatchGuard technologies, smartphones and tablets now account for about 25% of devices used for work in the US. Wireless, mobility and BYOD are all part of an unstoppable wave, based on widespread consumer and remote worker usage.” Protecting wireless networks is something that absolutely needs to be prioritized in the near future. Secure wireless networks can make local critical business applications possible. At the same point, they can be great weaknesses in the network security paradigm. Via Help Net Security, more here.
  • Dropbox gains certification for mobile security service Samsung Knox, offers 90-day trial to business users – ‘Dropbox today announced it has been certified for Samsung Knox, a mobile security service that helps protect devices in the event that they become corrupted, stolen, or need to be replaced. In other words, Dropbox is now available on the Knox Apps store, which the company says will give employees the access they want while maintaining “crucial IT control.”‘ The Samsung Knox capability is the premiere mobile security solution, and it can offer hardware backed security. Via The Next Web, more here.
  • Windows 8 brushes up against 10% user share mark – As the new OS becomes more prevalent (especially in the mobile world) we’ll start to see threats targeting the OS specifically. Via ComputerWorld, more here.
  • Researchers sinkhole half a million ZeroAccess bots – “In a race against time and ZeroAccess developers and botmasters, Symantec researchers managed to sinkhole a large chunk of the infamous P2P-based botnet before its herders managed to update the bots and close down the security holes that allowed the researchers to do so.” Via Help Net Security, more here.
  • Fake Facebook Mobile Page Steals Credit Card Details – “We recently encountered a mobile phishing page that looks very similar to the official Facebook mobile page. However, looking closely into the URL address, there are noticeable differences. The real Facebook page is located at and has the lock icon to show that the page is secured.” Users need to be alert when they are browsing, and look for ‘lock’ icons or other identifiers of secured http. Via TrendMicro, more here.
  • Researchers from Singapore help fortify iOS platform – “Researchers from Singapore identified three security vulnerabilities in Apple’s iOS platform between June to October last year which were then fixed by the computing giant in the latest version of its operating system, the iOS 7.”  Via ComputerWorld, more here.