Since the days of the Morris worm, no computer that’s connected to a public or even a private network has been safe from virus infections. Regardless of the precautions that you take, there will always be new security exploits to thwart. Being aware of the latest and greatest security exploits is the first step in combating them. Here are just a few of the security threats that have risen to prominence in recent months.
Heartbleed SSL Bug
While it could be argued that the significance of the Heartbleed SSL bug was overblown, the coding error behind it was a big one. In essence, Heartbleed is a vulnerability in the OpenSSL cryptography library that enables attackers to potentially obtain usernames and passwords from certain websites. Though the bug was patched in April, it’s a good idea to change your passwords for sites that were affected.
While it could be argued that the significance of the Heartbleed SSL bug was overblown, the coding error behind it was a big one. In essence, Heartbleed is a vulnerability in the OpenSSL cryptography library that enables attackers to potentially obtain usernames and passwords from certain websites. Though the bug was patched in April, it’s a good idea to change your passwords for sites that were affected.
Rotbrow
Considering the fact that 91% of consumer PCs run Windows, the platform is unsurprisingly a magnet for malware. The latest threat to Microsoft’s ecosystem is Rotbrow, a piece of malware that’s been around for awhile now but is responsible for a ton of new infections as of late. Rotbrow presents itself as a browser security add-on that actually infects your PC with the pernicious Sefnit click fraud Trojan.
Considering the fact that 91% of consumer PCs run Windows, the platform is unsurprisingly a magnet for malware. The latest threat to Microsoft’s ecosystem is Rotbrow, a piece of malware that’s been around for awhile now but is responsible for a ton of new infections as of late. Rotbrow presents itself as a browser security add-on that actually infects your PC with the pernicious Sefnit click fraud Trojan.
Mobile Side Channel Leakage
More of a catch-all term for a collection of threats than a specific exploit, side channel leakage is a big problem in today’s mobile environment. Simply put, side channel data leakage happens when sensitive information is accessed by remote attackers. Common tactics include going after copy/paste buffer caches and cookie objects to snatch credentials. Poorly coded or even outright malicious apps for mobile platforms like Android and iOS are the primary culprits.
More of a catch-all term for a collection of threats than a specific exploit, side channel leakage is a big problem in today’s mobile environment. Simply put, side channel data leakage happens when sensitive information is accessed by remote attackers. Common tactics include going after copy/paste buffer caches and cookie objects to snatch credentials. Poorly coded or even outright malicious apps for mobile platforms like Android and iOS are the primary culprits.
IoT Hardware & Software
The nascent Internet of Things promises to connect everything from smart TVs to thermostats together in one seamless web in the near future. Unfortunately, hardware manufacturers don’t always pay close attention to patching vulnerabilities in firmware. For instance, Asus and Linksys routers are regularly attacked by hackers because they’re easy prey. IoT hardware and software vulnerabilities can be used to snatch personal information from victims and proliferate malicious software.
The nascent Internet of Things promises to connect everything from smart TVs to thermostats together in one seamless web in the near future. Unfortunately, hardware manufacturers don’t always pay close attention to patching vulnerabilities in firmware. For instance, Asus and Linksys routers are regularly attacked by hackers because they’re easy prey. IoT hardware and software vulnerabilities can be used to snatch personal information from victims and proliferate malicious software.
Ad Network Intrusion
Money from advertising pretty much makes the web go ’round. As such, the ad networks that support the massive digital economy have become extremely complicated over the years. The main problem is that ads can be used as a sneaky avenue of attack formalware. The recent epic attack on Yahoo’s ad infrastructure highlights the dangers of a system that relies on dozens if not hundreds of highly dispersed, possibly untrustworthy servers to operate.
Money from advertising pretty much makes the web go ’round. As such, the ad networks that support the massive digital economy have become extremely complicated over the years. The main problem is that ads can be used as a sneaky avenue of attack formalware. The recent epic attack on Yahoo’s ad infrastructure highlights the dangers of a system that relies on dozens if not hundreds of highly dispersed, possibly untrustworthy servers to operate.
Out of Harm’s Way
Besides these exploits, web users must contend with on-going threats like SQL injection and cross-site scripting. While new and exotic security exploits get all the press, it’s the more mundane threats that are likely to hurt you. Protecting your personal dataon the web is all about making yourself a low-profile target through sound surfing practices. Still, it never hurts to stay on top of emerging security dangers.
Besides these exploits, web users must contend with on-going threats like SQL injection and cross-site scripting. While new and exotic security exploits get all the press, it’s the more mundane threats that are likely to hurt you. Protecting your personal dataon the web is all about making yourself a low-profile target through sound surfing practices. Still, it never hurts to stay on top of emerging security dangers.
0 Response to "Mid-2014 Tech Security Rundown: 5 Current Exploits Worth Knowing About"
Post a Comment