40% of surfers don’t bother with browser security updates

A recent collaborative study between Google, the Swiss Federal Institute of Technology, and IBM offers new insight into how many people surfing the web are doing so safely. According to the report, a clear majority of users (some 59 percent) are using the latest version of their preferred Internet browser—but that still leaves 40.1 percent [...]

HSBC sites vulnerable to XSS flaws, could aid phishing attacks

What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank’s web application directory structure is in fact using the bank’s legitimate domain names as redirectors due to XSS flaws within. It’s even more interesting to measure the average time it takes for a [...]

Internet Explorer ‘feature’ causing drive-by malware attacks

My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer “feature” to launch cross-site scripting attacks.
The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability. [Read More...]
Source: Zdnet

Critical security alert issued for Tor

If you use Tor for anonymity/privacy on the Web, you might want to pay attention to this critical security announcement from project leader Roger Dingledine.
According to the advisory, a known vulnerability in the Debian GNU/Linux distribution’s OpenSSL package could allow an attacker to figure out private keys generated by these buggy versions of the OpenSSL [...]

New Trojan Leverages Unpatched Mac Flaw

A tool for exploiting an unpatched security hole in Mac OS X systems has been developed and until earlier today was being distributed through an online forum that caters to Mac hackers, Security Fix has learned. [Read more...]
Source: Washington Post