Cisco researchers warn that an old vulnerability is still being exploited—DarkLeach backdoors continue to be distributed through Web servers running Apache 2.2.2 and above.
The May 6 issue of Forbes is running an unusual ad from Microsoft—a small but fully functional T-Mobile router packaged in a cardboard sleeve. Microsoft says the issue containing the ad was sent to "a limited number of technology and business professionals," which suggests that some of you may have received it. Since a Wi-Fi hotspot like this, however innocent its intent, offers obvious opportunities for compromise and exploitation, one might think twice before bringing that issue of Forbes into any secure area. (And be aware of the possibility of similar ads appearing elsewhere.)
US Air Force Lieutenant General Christopher Bogdan told the Senate Wednesday he wasn't "that confident" of the F-35's ability to withstand cyber attack, and the Pentagon yesterday qualified his comments, saying there's no reason to think the F-35 particularly vulnerable to cyber operations.
Phishers have more success when they compromise legitimate hosting providers. The criminal black market is offering Zeus malware under a fraud-as-a-service (FaaS) model. A Rapid7 study points out the difficulties and risks involved in preserving legacy elements as industrial control systems are upgraded.
CloudTweaks discerns a positive trend: better security emerging though providers' "cloud chivalry."
Cyber jobs remain vacant across the sector as companies and agencies struggle to find candidates. Twenty-somethings are particularly scarce, highlighting a general need to make cyber security careers more attractive to students.