A reseller of the Rig Exploit Kit has leaked some of the source code behind the pack after parting ways with the kit’s developer. Experts don’t expect a spike in Rig-based attacks.
Tag Archives: Web Security
Lack of CSPRNG Threatens WordPress Sites
WordPress has become a huge target for attackers and vulnerability researchers, and with good reason. The software runs a large fraction of the sites on the Internet and serious vulnerabilities in the platform have not been hard to come by lately. But there’s now a new bug that’s been disclosed in all versions of WordPress that […]
Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft.
Mozilla to Enforce Signing for Firefox Extensions Soon
In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future. As much of users’ computing has moved into their browsers in the last few years, extensions and add-ons have become important tools. […]
Facebook ThreatExchange Platform Latest Hope for Information Sharing
Facebook announced ThreatExchange, an API-based platform for the exchange of attack and threat data.
Microsoft Group Policy Vulnerability Affects All Windows Computers
Details were released on two Microsoft Group Policy vulnerabilities affecting all Windows machines going back to Windows Server 2003. The flaws were addressed in separate Patch Tuesday security bulletins.
Monster IE Update Top Patch Tuesday Priority
Microsoft released its February 2015 Patch Tuesday security bulletins, including a massive update for Internet Explorer and a patch for a Windows zero day disclosed by Google.
New Cyber Threat Center May Face Challenges
In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats.
Researcher Tries to Get Ahead of CFAA Changes, Dumps 10M Sanitized Passwords
A dump of 10 million sanitized usernames and passwords was released online, sparking debate over its legality in light of proposed changes to the Computer Fraud and Abuse Act.
PlugX, Go-To Malware for Targeted Attacks, More Prominent Than Ever
The popular remote access tool PlugX enjoyed an ascent in popularity in 2014 and is now a go-to malware for attack groups.