Yahoo officials say that the company will disclose any new vulnerabilities that the company’s security team finds within 90 days of discovery. The new policy is the same one used by Google’s Project Zero, a team of researchers that looks for vulnerabilities in a variety of commonly used software packages and platforms. That team has […]
Tag Archives: Web Security
New Version of Destover Malware Signed by Stolen Sony Certificate
Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used […]
Linux Modules Connected to Turla APT Discovered
Researchers at Kaspersky Lab have found two Linux modules connected to the Turla APT campaigns.
Researchers Say POODLE Attack Affects Some TLS Implementations
The POODLE attack against SSLv3 that researchers from Google revealed earlier this year also affects some implementations of TLS and vendors now are scrambling to release patches for gear affected by the vulnerability. Soon after the POODLE attack was disclosed in October, researchers began looking into whether it might affect protocols other than SSLv3. It quickly […]
Several Vulnerabilities Found in Google App Engine
A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox.
EC3 Head Paints Bleak Cybercrime Picture
Troels Oerting, head of Europol’s EC3, explains the extreme difficulties law enforcement faces when investigating and prosecuting cybercrime at Georgetown Law’s Cybercrime 2020.
Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape
Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Google’s Project Zero released details and exploit code earlier this week.
DOJ Launches New Cyber Unit, Claims Privacy is Mission Critical
The United States Department of Justice yesterday announced the creation of a new cybercrime unit within its Computer Crime and Intellectual Property Section.
Critical Remote Code Execution Flaw Found in WordPress Plugin
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site. The vulnerability is in the WP Download Manager, versions 2.7.4 and lower, and it could […]
Google No CAPTCHA Simple for Humans, Tough on Bots
Google has reworked its reCAPTCHA authentication system with a new API that relies on reputation checking, and presents safe users with a simplified CAPTCHA.