LAS VEGAS--A security researcher has found a slew of fundamental problems with the way that modern browsers are designed and built, leading to serious questions about the security of these applications and the way that they handle SSL sessions.

Two years after a major flaw was exposed in the Internet's Domain Name System (DNS), a major upgrade to the infrastructure protocol that fixes that weakness is now up and running in all of the Internet root servers. Read the full article. [Dark Reading]

LAS VEGAS -- Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

A researcher has uncovered a sophisticated check counterfeiting ring that uses compromised computers to steal and print millions of dollars worth of bogus invoices and then recruit money mules to cash them. Read the full article. [The Register]

Isolated strains of mainstream malware that took advantage of how the zero-day Windows flaw first exploited by the sophisticated Stuxnet worm began appearing late last week. The same approach has since been applied by the dodgy sorts behind Zeus, a family of sophisticated toolkits frequently used to steal bank login credentials and the like from compromised systems. Read the full article. [The Register]

Google has released version 5.0.375.125 of Chrome, a security update that addresses three "high" risk vulnerabilities in its WebKit-based browser. According to the developers, two of the high risk issues could lead to memory corruption while SVG handling or rendering code. Read the full article. [The H Security]

Organizations are getting hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year, according to a newly published benchmark study of 45 U.S. organizations hit by data breaches. Read the full article. [Dark Reading]

Citigroup has urged customers conducting mobile banking from their iPhones to immediately upgrade because a security flaw in the older app secreted account information on the smartphone. Read the full article.  [Computerworld]

Digital Underground podcast with Dennis Fisher

Dennis Fisher talks with Paul Judge and David Maynor of Barracuda about new research the pair will be presenting at BSides Las Vegas and Defcon this week on the start of a reputation system for Twitter accounts, how attackers use search engines to spread malware and what kinds of sites are most likely to be serving you SEO-related malware.

digital_underground_66.mp3

For the second time in two months, Mozilla has rushed out a fix for Firefox to patch a problem with a browser update issued just days before. Read the full article. [Computerworld]