Google and Mozilla today announced they’ve settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm.
Tag Archives: Vulnerabilities
UPnP Trouble Puts Devices Behind Firewall at Risk
Networked devices behind a firewall are at risk to attack because of poor authentication in the UPnP protocol in most home routers.
CERT Warns of Slew of Bugs in Belkin N600 Routers
The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with […]
NSF Awards $6M Grants for Internet of Things Security
The National Science Foundation awarded $6 million in grants to fund projects working toward securing networked things.
BitTorrent Patch Throttles Reflective DDoS Attacks
BitTorrent today announced that a patch has been rolled out in the libuTP protocol used by many of its clients, fixing a vulnerability that allows attackers to carry out distributed reflective denial of service attacks.
Adobe Hotfix Patches XXE Vulnerability in ColdFusion
Adobe today pushed out a hotfix to ColdFusion implementations patching a vulnerability it had already patched nine days ago on the LiveCycle Data Services application framework.
Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products
There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by German firm Endress+Hauser that can cause affected products to hang indefinitely.
CERT Warns of Hard-Coded Credentials in DSL SOHO Routers
DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.
AutoIt Used in Targeted Attacks to Move RATs
Researchers at Cisco spotted targeted attacks moving remote access Trojans via the AutoIt administration and scripting tool.
AlienSpy RAT Resurfaces as JSocket
The dismantled AlientSpy remote access Trojan, the same malware found on the phone of dead Argentine prosecutor Alberto Nisman, has resurfaced with new crypto and a new name.