Information Security News mailing list archives
Researchers uncover signs of Superfish-style attacks
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 27 Feb 2015 09:28:02 +0000 (UTC)
http://www.computerworld.com/article/2889469/researchers-uncover-signs-of-superfish-style-attacks.html By Gregg Keizer Computerworld Feb 26, 2015Researchers at the Electronic Frontier Foundation (EFF) yesterday said that they had found evidence that implies attackers have exploited a security vulnerability in the Superfish adware and a slew of other programs.
Superfish, a company that markets a visual search product, made the news last week when Lenovo was found to have pre-loaded the program on its consumer-grade PCs during a four-month span late last year. Lenovo has acknowledged that Superfish poses a security threat to customers, and has released a tool to eradicate the software.
Microsoft, McAfee -- both Lenovo partners -- and Symantec have also issued anti-malware updates that scrub Superfish from PCs.
But the problem extends beyond Superfish, security experts have discovered. Other programs also rely on the same code library -- one created by Israeli company Komodia -- to circumvent Web encryption with a proxy.
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- Researchers uncover signs of Superfish-style attacks InfoSec News (Feb 27)