Researchers warn that since public disclosure of a file-upload vulnerability in the WordPress Symposium plug-in and the availability of proof-of-concept exploit code, scans and exploit attempts are on the rise.
Tag Archives: Web Security
XXE Bug Patched in Facebook Careers Third-Party Service
A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page.
Internet Systems Consortium Site Redirects to Angler Exploit
The website of the Internet Systems Consortium, the developers of the BIND DNS software deployed all over the Web, was reportedly infected with malware last week.
HP’s Zero Day Initiative Changes Bug-Buying Guidelines
HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inception several years ago, has decided that it will […]
2014 Year in Review
Mike Mimoso and Dennis Fisher look back on the crazy year that was in security, including the big Internet-wide bugs such as Heartbleed and Shellshock, the Home Depot and Sony breaches and what lessons we learned in 2014.
SoakSoak Malware Campaign Evolves
The attackers behind the SoakSoak malware campaign are continuing to modify their tactics and have infected a new group of Web sites. The Javascript code that the attackers target with the malware has also changed. Last week, Google took the step of blacklisting thousands of sites that had been infected by SoakSoak. The malware is targeting WordPress […]
2014: A Specious Odyssey
The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it’s time to scramble again. In 2014, those small moments of downtime were hard to come by.
Staples Confirms 1.2 Million Cards Lost in Breach
Staples confirmed that it lost close to 1.2 million payment cards in a data breach lasting close to six months and affecting 115 locations in 35 states.
Tor Project Warns of Possible Upcoming Attack on Network
The Tor Project is warning that an unnamed attacker is planning to try to cripple the network by seizing directory authorities, the servers that help Tor clients find Tor relays in the network. Tor officials said that the network right now is still safe to use, and also emphasized that they are taking steps to […]
Exploits Circulating for Remote Code Execution Flaws in NTP Protocol
Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used […]