The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws. The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities, but they do fix some interesting vulnerabilities. Two of the bugs are rated moderate and the other […]
Tag Archives: Vulnerabilities
Backdoors Found Leveraging Pastebin
Instead of relying on their own sites to host malware, hackers are using a series of strings of malicious backdoor code on Pastebin sites and calling upon it to execute malware.
Malvertising Campaign Uses AOL Ad Network, Leads to Exploit Kit
Researchers have detected a malvertising campaign running on a pair of sites owned by Huffington Post that is using ads distributed through an AOL ad network. The attack is sending victims through a series of redirects that eventually brings them to a landing page that is running an exploit kit. The campaign emerged first on huffingtonpost.ca […]
Moonpig API Vulnerability Exposes Payment Card Data
A researcher has called out U.K.-based personalized greeting card vendor Moonpig for a 17-month-old vulnerability that puts customer and payment card data at risk.
Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack
The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact Linux distribution for servers, appliances and […]
WordPress Symposium Plug-In Plagued by File Upload Vulnerability
Researchers warn that since public disclosure of a file-upload vulnerability in the WordPress Symposium plug-in and the availability of proof-of-concept exploit code, scans and exploit attempts are on the rise.
XXE Bug Patched in Facebook Careers Third-Party Service
A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page.
Internet Systems Consortium Site Redirects to Angler Exploit
The website of the Internet Systems Consortium, the developers of the BIND DNS software deployed all over the Web, was reportedly infected with malware last week.
HP’s Zero Day Initiative Changes Bug-Buying Guidelines
HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inception several years ago, has decided that it will […]
2014 Year in Review
Mike Mimoso and Dennis Fisher look back on the crazy year that was in security, including the big Internet-wide bugs such as Heartbleed and Shellshock, the Home Depot and Sony breaches and what lessons we learned in 2014.