An advisory from Akamai warns of a recent reflection style DDoS attack in which the deprecated RIPv1 routing protocol was leveraged against targets.
Tag Archives: Hacks
Emergency Adobe Flash Patch Fixes Zero Day Under Attack
Adobe released an emergency patch for a Flash zero day used in targeted attacks by APT3, the same group behind 2014’s Clandestine Fox attacks.
RubyGems Patches Serious Redirection Vulnerability
RubyGems maintainers patched a vulnerability, reported by Trustwave and OpenDNS, that allows RubyGem clients to be redirected to an attacker-controlled gem server.
FBI Investigating Alleged Attack on Houston Astros
In one of the more bizarre alleged hacking stories to emerge recently, federal authorities are investigating whether employees of the St. Louis Cardinals hacked into systems belonging to the Houston Astros and got access to internal team conversations about players, trades, scouting reports, and other sensitive information. The alleged attack against the Astros’ network is the focus […]
US Navy Soliciting Zero Days
A RFP, which has since been taken down, surfaced last week from the Naval Supply Systems Command seeking operational exploits and vulnerability intelligence for commercial software from leading IT vendors.
Bug Bounties in Crosshairs of Proposed US Wassenaar Rules
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.
Threatpost News Wrap, June 5, 2015
Dennis Fisher and Mike Mimoso discuss Facebook’s moves toward encrypted notifications and SHA-2 usage, the audit of GitHub SSH keys and the awesome OpenSesame garage door hack from Samy Kamkar.
Tesla Motors Starts Bug Bounty–But Not For Its Cars
Tesla Motors has started a bug bounty program that will pay researchers up to $1,000 for disclosing vulnerabilities. However, the rewards don’t apply to bugs found in the company’s vehicles. The program’s scope is quite narrow, with only the main teslamotors.com domain and other domains owned by the company being legitimate targets. The company’s shopping site […]
Zero-Day Disclosed in Unity Web Player
A zero-day vulnerability has been disclosed in the popular Unity Web Player browser plugin. The flaw allows an attacker crossdomain access to websites and services using the victim’s credentials.
Researchers: Hola Fixes Incomplete
Researchers who discovered a half-dozen vulnerabilities in the free Hola VPN said today that fixes rolled out by Hola do not address the security issues they identified.