Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware.
The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to a different website hosting an installation of the Sweet Orange Exploit Kit, an attack tool that uses exploits for Java, Internet Explorer and Flash Player.
You know how airport security will occasionally ask you to turn on a phone or laptop to prove that it isn't hiding explosives? Well, that's no longer just a rare inconvenience -- if you take certain flights, it's mandatory. The TSA now requires that you power on your gadgets when flying to the US from "certain overseas airports." If you have a dead battery, you're out of luck. You'll likely have to leave that hardware behind, and you might go through "additional screening" at the same time:
The Electronic Frontier Foundation (EFF) is suing the National Security Agency (NSA) over government disclosure of security flaws that have been uncovered by the intelligence community.
Cisco Systems has released a security update that closes a backdoor allowing attackers to control software that large organizations use to manage voice over IP (VoIP) calls and messaging over their networks.
Cisco has discovered spearphishing malware in Microsoft Word that uses an exploit targeting the software's Visual Basic Scripting for Applications feature.
Cisco's investigation into the malware identified a group of attacks by the same threat actor, with Cisco exposing the threat actor's network after it had discovered a Microsoft Word document that downloaded and executed a secondary sample, which began beaconing to a command and control server.