Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft’s Internet Explorer browser.
Tag Archives: Web Security
Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox
Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essentially running man-in-the-middle attacks on connections to secure sites–in the name of […]
Seagate Business NAS Firmware Vulnerabilities Disclosed
Remote code execution vulnerabilities in Seagate Business NAS firmware were disclosed after a 100-plus day deadline passed without a fix from the vendor.
Pharming Attack Targets Home Router DNS Settings
A pharming attack has been detected targeting home routers distributed from Brazil’s largest telco, a rare instance of a web-based attack changing DNS settings in order to redirect traffic.
Twitter Changes Abuse Reporting Process to Address Doxing
Twitter has revised and simplified its rules and process for reporting abusive behavior on the service, and users now have the ability to report people who are posting their personal information. The change essentially gives Twitter users a method to combat doxing, which is the process of dumping a victim’s personal information online. This often […]
Komodia Certificate Manipulation Likely Led To Man-In-The-Middle Attacks
The EFF’s Decentralized SSL Observatory turned up 1,600 certificates that should have been rejected but instead passed browser checks because they were manipulated by Komodia’s SSL Digester interception module.
DDoS Exploit Targets Open Source Rejetto HFS
An automated attack targeting users of the open source Rejetto webserver and file-sharing application tried to inject the IptabLes DDoS tool.
Firefox 36 Arrives With Patches For Three Critical Flaws
Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser. One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances. “Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video […]
Facebook Bug Bounty Submissions Climb in 2014
Facebook released final numbers on 2014 submissions and payouts from its bug bounty program, showing continued growth in both areas.
More than 1 Million WordPress Sites Open to SQL Injection Attacks
More than one million different WordPress sites may be vulnerable to a critical plugin issue that could lead to SQL injections and in turn, total site takeover.