The appetite for Twitter user data from governments around the world continues to grow, with the volume of such requests increasing by 40 percent in the second half of 2014. Requests from the United States government alone went up 29 percent, the company said in its latest transparency report. Government requests for Twitter user information […]
Tag Archives: Web Security
Siemens Fixes Critical Flaws in Some WinCC Versions
More than two months after the original advisory went out, Siemens has released patches for a pair of critical vulnerabilities in some versions of its Simatic WinCC SCADA product that remained vulnerable. Both of the vulnerabilities are remotely exploitable and have potentially damaging consequences for companies running affected versions of the product. One of the […]
Enterprise Apps in Scope of Ghost glibc Vulnerability
Researchers at Veracode examined whether enterprise applications were also vulnerable to the Ghost vulnerability in glibc.
Analyzing Angler: The World’s Most Sophisticated Exploit Kit
Angler’s unique obfuscation, ability to detect antivirus and virtual machines, encrypted payload and fileless infection have some calling it the most sophisticated exploit kit.
Threatpost News Wrap, February 6, 2015
Dennis Fisher and Mike Mimoso discuss the Anthem data breach, the continuing Flash 0-day happy fun times, the expansion of exploit kits and the crowd funding support for GnuPG.
Cheezburgers, Warrant Canaries and Cat Memes
Surveillance, privacy and security are serious subjects. So too, for some people, are cat memes and GIFs of screaming goats. And Cheezburger Inc., the premier purveyor of said memes and GIFs, wants its users to know that the company is standing up for their rights. The folks at Cheezburger have built an online empire on […]
Security, Tech Communities Rally to Support GnuPG
The last year has seen a big swing in the support from the technology community for open-source security tools, many of which are maintained by tiny staffs or volunteers. OpenSSL last year received a large chunk of funding from the Core Infrastructure Initiative, and now it’s GnuPG’s turn. After a story on ProPublica Thursday publicized […]
Following Exploits, Zero Day in WordPress Plugin FancyBox Patched
Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added, via an iFrame, to infected sites.
IE Memory Attacks Net ZDI $125,000 Microsoft Bounty
Three HP ZDI researchers won a $125,000 bounty from Microsoft for successful attacks against memory protections introduced last summer into Internet Explorer.
Flash Zero Days Dominate Exploit Landscape
The recent Flash zero-day vulnerabilities and exploits have uncovered the relatively quiet Hanjuan exploit kit, and further exposed the dangers of malvertising.