Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.
Tag Archives: Web Security
Massive Twitter Botnet Dormant Since 2013
Researchers from the University College London have found a Twitter botnet of 350,000 bots that has been dormant since shortly after the accounts were registered.
Hadoop, CouchDB Next Targets in Wave of Database Attacks
Insecure Hadoop and CouchDB installations are the latest attack targets of cybercriminals who are hijacking and deleting stolen data.
ProtonMail Gets Own Tor-Accessible .Onion Hidden Service
Encrypted email service ProtonMail announced early Thursday that it had added its own Tor hidden service.
Docker Patches Container Escape Vulnerability
Docker has patched a privilege escalation vulnerability that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container.
SHA-1 End Times Have Arrived
Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.
Threatpost News Wrap, January 13, 2017
The news of the week is discussed, including the ShadowBrokers’ farewell, GoDaddy’s buggy domain validation issue, MongoDB ransoms, and the latest with St. Jude Medical.
WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities
A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.
Buggy Domain Validation Forces GoDaddy to Revoke Certs
A bug in GoDaddy’s domain validation process forced the registrar to revoke SSL certificates and reissue certs for more than 6,000 customers.
Microsoft Issues Record Low Number of Patch Tuesday Bulletins
Microsoft patched vulnerabilities that were tied to a variety of its products including Office 2016, its Edge browser and its Local Security Authority Subsystem Service (LSASS).