The federal government is seeking more legal power to step in and shut down botnets through an amendment to the existing criminal law, which would allow the Department of Justice to obtain injunctions to disrupt these malicious networks. The Obama administration has proposed an amendment to existing United Stated federal law that would give it […]
Tag Archives: Web Security
Dropbox Patches Remotely Exploitable Vulnerability in SDK
Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the app that enabled attackers to connect applications on some devices to a Dropbox account without the user’s consent.
Facebook Issues Present Possible Threat to Users
A security researcher has identified a pair of security issues in Facebook, one of which can be used to to upload an arbitrary file to the site, and the other of which can allow an attacker to gain control of a victim’s machine under some limited circumstances with user interaction. The more serious of the vulnerabilities, which […]
Equation APT Group Attack Platform A Study in Stealth
The EquationDrug cyberespionage platform is a complicated system that is used selectively against only certain target machines, one that can be extended via a collection of 116 malware plug-ins, researchers at Kaspersky Lab said.
CloudFlare Aims to Defeat Massive DDoS Attacks with Virtual DNS
DDoS attacks have been a persistent problem for the the better part of 20 years, and as ISPs and enterprises have adjusted their defenses, attackers have adapted their tactics. One of the more effective tools in the attackers’ arsenal now is the use of botnets to generate massive numbers of DNS queries for a target […]
OpenSSL Security Audit Ready to Start
NCC Group Cryptography Services announced it will shortly begin an audit of OpenSSL.
Rowhammer Hardware Exploit Poses Threat to DRAM Memory in Many Laptops, PCs
Software, from web apps, to operating systems to firmware, has been abused and exploited every which way from Sunday for decades by both researchers and attackers. Now, it is hardware’s turn in the spotlight, as researchers have published details of a new method for exploiting a problem with some DRAM memory devices that can allow […]
Seagate Confirms NAS Zero Day, Won’t Patch Until May
Seagate confirmed a publicly disclosed vulnerability in one of its network attached storage products, but said it won’t have a patch available until May.
TextSecure to Drop Support for Encrypted SMS
Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security and performance issues inherent […]
Dridex Banking Trojan Spreading Via Macros in XML Files
A phishing campaign that spiked this week is pushing the Dridex banking Trojan via malicious macros embedded in XML file attachments.