Tenable has released a free iPhone application for its Nessus Vulnerability Scanner. This iPhone application provides Nessus users the ability to:
All you will need is an iPhone or iPod Touch running iOS 4.0 or later. You can download the Nessus iPhone application in the App Store, under the productivity category
ZBot (also known as Zeus, ZeusBot or WSNPoem, Gorhax and Kneber) is a Trojan created to steal sensitive information from compromised computers. Zbot focuses mainly on online backing information, that unsuspected users would enter in to access the financial organizations website, however it also monitoring system information to obtain additional authentication credentials. Some of the newer variants are doing even more now. They are gathering visited website history and other data the user enters in online, while at the same time it is taking screen shots.
To help with this BitDefender has created a ZBot Removal Tool which checks users’ computers, detects and eliminates most of the ZBot variants spotted in the wild.
Malware-infected drones in the Mehika Twitter botnet, active in Mexico this summer, take instructions from a Twitter account maintained by hackers instead of conventional command and control servers. The use of Twitter as a botnet command channel was first detected in August 2009 before similar techniques were applied to abuse Facebook profiles as command channels a few months later in November.
Check out the Security News article – [The Register]
This quiz tests your knowledge of PCI Compliance, with ten true-false questions. When your finished with the quiz you will be given a score and a corresponding title ranging from “PCI Compliance Green” to “PCI Compliance Guru”
Reply to this post with your Score and Title.
Adobe announced today a security advisory regarding a critical vulnerability that is already being exploited in the wild. The affected applications are:
[box type="warning"]A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.
Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.[/box]
In addition to my latest Security Awareness Post on Social Engineering here are some additional things to be aware of as well.
Trend Micro’s CTO Raimund Genes discusses in the video below how an attacker can use the information that a user posts on social networks like LinkedIn and Facebook to hack into a corporate network.