Yahoo says that it is investigating an alleged massive breach of its users’ credential that are available for sale online.
Tag Archives: Vulnerabilities
Kaspersky Lab Launches Bug Bounty Program
Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry.
New Technique Checks Mitigation Bypasses Earlier
Researchers at Endgame are expected at Black Hat to introduce Hardware Assisted Control Flow Integrity (HA-CFI), which leverages features in the micro-architecture of Intel processors for security.
WPAD Flaws Leak HTTPS URLs
Sniffing HTTPS URLs with malicious PAC files gets easier with a new technique that exploits flaws in the Web Proxy AutoDiscovery protocol.
Threatpost News Wrap, July 29, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including a wireless keyboard vulnerability – KeySniffer, NIST’s statement on 2FA, a LastPass remote compromise bug, and a new Tor paper.
LastPass Patches Ormandy Remote Compromise Flaw
LastPass has patched a vulnerability in its Firefox add-on that allows attackers complete remote compromise of the password manager
Attributing Advanced Attacks Remains Challenge For Researchers
Kaspersky Lab researchers participated in a Reddit AMA, touching on topics such as attack attribution, critical infrastructure security, attacker and researcher tradecraft, and the shortage of security talent.
Public, Private Sector Team to Fight Ransomware
Security firms and law enforcement launch No More Ransom, a web-based effort dedicated to ransomware awareness and decryption tools.
PayPal Fixes CSRF Vulnerability in PayPal.me
PayPal recently fixed a vulnerability on its PayPal.me site that could’ve let an attacker change a user’s profile without their permission.
Google Fixes 48 Bugs, Sandbox Escape, in Chrome
Google fixed a whopping 48 security flaws in version 52 of its Chrome web browser.