Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored.
Tag Archives: Vulnerabilities
Older IE Versions Losing Security Support on Tuesday
Tuesday’s impending deadline ending security support for Internet Explorer 8, 9 and 10 is putting companies on notices about moving off older versions of the browser.
WordPress 4.4.1 Update Resolves XSS Vulnerability
Developers at WordPress are warning users of the content management system to download and apply the most recent update, pushed yesterday, to address a cross-site scripting vulnerability.
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
Researchers have demonstrated new collision attacks against SHA-1 and MD5 implementations in TLS, IKE and SSH.
All Drupal Versions Susceptible to Code Execution, Credential Theft Vulnerabilities
A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns.
Zerodium Offers $100K for Adobe Flash Heap Isolation Bypasses
Exploit acquisition company Zerodium announced it would pay up to $100,000 for heap isolation mitigation bypasses against Adobe Flash Player.
Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack
Researchers at Synacktiv have disclosed a vulnerability in the Cisco Jabber Client for various platforms that exposes devices to man-in-the-middle attacks.
Six Things to Watch for in 2016
Computer security research and innovation took a beating in 2015. Some prep work in advance might help us cope next year. Here are six things to keep in mind.
Threatpost’s 2015 Year in Review
With 2015 more or less in the rear view mirror Mike Mimoso and Chris Brook discuss the year in security: Wassenaar, ransomware, mobile threats like Stagefright, Carbanak and Equation Group, and more.
Oracle Settles with FTC Over ‘Deceptive’ Java Security Updates
Oracle will be required to provide users with a mechanism to uninstall older and vulnerable versions of Java, following a settlement with the Federal Trade Commission.