In this Threatpost op-ed, Dave Dittrich and Katherine Carpenter explain the dangers of conflating measurable events, or observables, with indicators of compromise, which require context and other constructs to provide true threat intelligence.
Tag Archives: Vulnerabilities
Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quickly
Google determined that Safe Browsing warnings correlate with quicker remediation times, though not as quick as direct contact with webmasters who have registered with Google Search Console.
New MIT Scanner Finds Web App Flaws in a Minute
A Berkeley postdoctoral researcher and former MIT student will soon unveil Space, a static-analysis web-application security tool that can find vulnerabilities in a minute.
3.2 Million Servers Vulnerable to JBoss Attack
Cisco Talos said that 3.2 million servers are vulnerable to the JBoss flaw used as the initial point of compromise in the recent SamSam ransomware attacks.
Threatpost News Wrap, April 15, 2016
Mike Mimoso and Chris Brook recap the news of the week, including the Badlock bust, encryption legislation, and cryptoworm ransomware. Mike also discusses last week’s Infiltrate Con.
Apple Deprecates QuickTime For Windows, Won’t Patch New Flaws
The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product.
Banking Trojans Nymaim, Gozi Merge to Steal $4M
“Double-headed beast” Trojan, GozNym, drains $4 million from banks in past two weeks.
Latest Chrome Update Addresses Two High-Severity Vulnerabilities
Google updated Chrome to version 50.0.2662.75, patching 20 vulnerabilities, including two high-severity bugs that qualified for rewards.
Broken IBM Java Patch Prompts Another Disclosure
Current versions of IBM SDK 7 and SDK 8 remain vulnerable to a 2013 Java vulnerability. Security Explorations discovered the original patch is broken and disclosed details on the flaw and a proof-of-concept exploit.
Microsoft Unleashes 13 Bulletins, Six Critical
Microsoft released six critical vulnerabilities in addition to patching the much-hyped Badlock vulnerability.