GitHub is encouraging Mac and Windows users to immediately install an update that resolves a serious arbitrary code execution vulnerability.
Tag Archives: Web Security
Dave Aitel on the Sony Hack
Dennis Fisher and security expert Dave Aitel discuss the Sony hack and why it makes sense for North Korea to be responsible for it.
USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in […]
12 Million Home Routers Vulnerable to Takeover
Check Point has disclosed few details on a cookie vulnerability in the RomPager webserver running inside 12 million embedded devices. The flaw puts home routers at risk to attack.
Attackers Compromise ICANN, Access Zone Files System
Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started […]
Google Releases End-To-End Chrome Extension to Open Source
Google announced that it was making the source code for its End-to-End Chrome Extension available for review on GitHub. End-to-End encrypts and signs Gmail messages.
Google Adds Content Security Policy Support to Gmail
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s been supported in a number of browsers […]
Sony: Employee Health Information May Have Been Compromised
Sony Pictures Entertainment has sent a letter to employees warning them that, along with huge amounts of corporate and employee information, some personal health data belonging to SPE employees may also have been compromised in the attack that hit the company in late November. The letter, which also was sent to the California Office of […]
Two Cisco Products Vulnerable to POODLE Attack on TLS
Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who discovered that if an attacker can force a vulnerable Web server to fall back from […]
Google Proposes Marking ‘HTTP’ as Insecure in 2015
Google proposes that browser vendors begin issuing address bar warnings to users that HTTP connections provide no data security protection.