Google Project Zero has disclosed a pair of unpatched Windows vulnerabilities after the expiration of its 90-day deadline. Microsoft said it will patch one bug in February, and both sides agree the second does not merit a security bulletin.
Tag Archives: Web Security
Google AdWords Campaigns Hijacked by Malvertisers
Two Google AdWords campaigns have been hijacked by malvertisers and users are being redirected to fraud sites without even clicking the poisoned ads.
Pirelli Home Broadband Routers Exposed for Two Years
Administration files for Pirelli routers, issued by the biggest ISP in Spain, can be accessed from anywhere putting WPA keys, PINs, certificates and more at risk.
Marriott Agrees to Stop Blocking Guest WiFi Devices
Marriott, which last year paid a $600,000 fine for blocking customers’ WiFi devices in its hotels, has said that it no longer will prevent guests from using personal hotspots or similar devices. The situation resulted from a complaint by a guest who stayed at Marriott’s Gaylord Opryland hotel in 2013 and found that he couldn’t […]
Skeleton Key Malware Opens Door to Espionage
The Skeleton Key malware bypasses single-factor authentication on Active Directory domain controllers and paves the way to stealthy cyberespionage.
Phony Oracle Patches Making the Rounds
Attackers are circulating fake fixes for Oracle error messages and the company is warning users not to download any patches that don’t come directly from Oracle.
New Strain of Crowti Ransomware Moving in I2P Network
A new strain of the Crowti ransomware, also dubbed Cryptowall 3.0, is moving on the I2P anonymity network.
NSA Official: Support for Compromised Dual EC Algorithm Was ‘Regrettable’
In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National […]
GE Ethernet Switches Have Hard-Coded SSL Key
There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number of GE Ethernet switches, including the GE Multilink […]
Adobe Patches Nine Vulnerabilities in Flash
Adobe patched Flash Player , addressing nine vulnerabilities in the software including critical bugs that could allow an attacker to take control of an affected system.