Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers. The company says it is not sure yet how many customers are affected, but Anthem claims to […]
Tag Archives: Web Security
Adobe Begins Patching Third Flash Player Zero Day
Adobe has begun distributing an emergency update for Flash Player that patched the third of three zero-day vulnerabilities under attack.
U.S. Officials Say Chinese Cyberespionage ‘Needs to Stop’
The top cybersecurity officials in the United States on Wednesday said that China is harming the potential for an open Internet through its policies of censorship, and also said the country’s continued cyberespionage operations are damaging the two countries’ relationship. In a piece co-authored in Politico with Ambassador Robert Holleyman and Alex Niejelow, the chief […]
Siemens ICS Switches Hit With Buffer Overflow, Authentication Bugs
There are a number of serious vulnerabilities in the Siemens Ruggedcom WIN switches, including a remotely exploitable buffer overflow and a flaw that could allow an attacker to take actions on the device without authentication. The vulnerabilities affect several models of the Ruggedcom WIN switches, including WIN51xx all versions prior to SS4.4.4624.35, WIN52xx: all versions […]
Latest Flash 0Day Under Attack; Possible Ties to Group Behind Angler EK
The third Adobe Flash Player zero day in two weeks is also currently under attack. Researchers at Trustwave found an exploit for it in the HanJuan exploit kit, which could be tied to the group behind the Angler kit.
Google Trades Technicality for Brevity With New SSL Warning
Google and the University of Pennsylvania performed a study intended to determine the effect of best practices on the efficacy of SSL browser warnings.
1,800 Domains Overtaken by Flash Zero Day
Researchers at Cisco say that a Flash zero day exploit has compromised 1,800 domains, the majority of those during a 48-hour period last week.
New Wave of CTB-Locker/Critroni Ransomware Hitting Victims
There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries. CTB-Locker is one of the newer variants in the crypto ransomware family, a kind of malware that encrypts victims’ hard drives and demands a relatively large payment in order […]
Canary Watch Site Launches to Track Warrant Canaries
In the years since Edward Snowden began putting much of the NSA‘s business in the street, including its reliance on the secret FISA court and National security Letters, warrant canaries have emerged as a key method for ISPs, telecoms and other technology providers to let the public know whether they have received any secret orders. But […]
DNS Hijack in D-Link Routers, No Authentication Required
There is a remotely exploitable domain name system hijack vulnerability in D-Link’s DSLR2740R router.