Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google’s decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia.
Tag Archives: Government
DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud
It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]
As Ransomware Attacks Evolve, More Potential Victims Are at Risk
In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department needed to go about its daily business had been encrypted […]
Coordinated Takedown Puts End to Simda Botnet
A coordinated operation between international police and private technology companies shuts down the Simda botnet.
Github Attack Perpetrated by China’s Great Cannon Traffic Injection Tool
The Great Firewall’s offensive counterpart, the Great Cannon, which inject malicious scripts to reroute traffic, is responsible for recent massive DDoS attacks targeting Github and GreatFire.org.
New Coalition Launches Fight Against Patriot Act Section 215
A broad group of civil-rights, technology and political groups from across the spectrum has developed a new initiative to advocate for the repeal of Section 215 of the USA PATRIOT Act, the part that provides the authority for the bulk collection of phone metadata and other information. The new group is calling itself Fight215.org and […]
FBI Warns of Phony Sites Offering Government Services
The FBI has warned consumers about a rash of phony websites posing as government services.
Snapchat Publishes First Transparency Report
Snapchat has released its first transparency report, covering a four-month period from November through February, and the data shows that the company didn’t receive any National Security Letters and got fewer than 400 total requests for data from the United States government. Snapchat, a California company that runs a popular chat and media-sharing service, said in the report […]
Threatpost News Wrap, April 2, 2015
Dennis Fisher and Mike Mimoso talk about Google’s decision to drop Chinese CA CNNIC from Chrome’s trust store, the scope of the malvertising threat and Verizon’s super cookie use.
Google, Mozilla Drop Trust in Chinese Certificate Authority CNNIC
UPDATE–Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were misused. Mozilla followed suit on Thursday, also removing CNNIC from its trust store. Google officials announced the severe decision on Wednesday, saying that […]