The way that National Security Letters are approved and used is one of the government’s more opaque processes. Now, you can add some more confusion into the mix, courtesy of some new comments from the FBI about when recipients are able to disclose the fact that they have received an NSL. More than a year […]
Tag Archives: Web Security
Adobe Starts Vulnerability Disclosure Program on HackerOne
Adobe launched its first vulnerability disclosure program this week. It will use the HackerOne platform and will not pay out bounties, instead researchers can bulk up their HackerOne reputation scores. Only vulnerabilities in Adobe web applications or web-based services are in scope.
New Analytics Tool Defines Language Used By Malicious Domains
OpenDNS went public with a new analytics tool that can be used to detect malicious domains used in APT and cybercrime campaigns.
Mandarin Oriental Confirms Data Breach at U.S., European Hotels
The Mandarin Oriental luxury hotel chain is investigating a data breach that affects credit cards used in an “isolated number” of its hotels in the United States and Europe. Company officials said that the attack involved “undetectable” malware on some of its systems and emphasized that only credit card data, and no other personal information, […]
CSI: Cyber: We Watched So You Didn’t Have To
From the time the first commercials aired during the American pro football championship game last month, CSI: Cyber has been one of the more talked-about and least-anticipated shows in recent memory. At least in tech circles. For normal viewers, it’s one of those shows that you wake up in the middle of at 10:27 after […]
Google Fixes 51 Bugs in Chrome 41
Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties.
Firefox 37 to Include New OneCRL Certificate Blocklist
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]
Domain Shadowing Latest Angler Exploit Kit Evasion Technique
The Angler Exploit Kit has begun using domain shadowing as a technique to avoid detection and blocking, researchers at Cisco Talos said.
New FREAK Attack Threatens Many SSL Clients
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL […]
D-Link Routers Haunted by Remote Command Injection Bug
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it. […]