A trove of data belonging to Ameriprise Financial was found earlier this month and included Social Security number, decryption keys and confidential internal company documents.
Tag Archives: Web Security
Nagios Core Patches Root, RCE Vulnerabilities
Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software.
Tales of WordPress Plugin Insecurity Overblown, Researchers Say
The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it’s not as bad as it seems, experts claim.
Threatpost News Wrap, December 16, 2016
Mike Mimoso and Chris Brook discuss the news of the week including Yahoo’s latest breach announcement, a DDoS-for-hire crackdown, hackers seeking help with Mirai, and some new Adobe patches.
DNSChanger Exploit Kit Hijacks Routers, Not Browsers
An exploit kit called DNSChanger is attacking routers, not browsers, through a malvertising campaign.
Microsoft, Google to Block Flash by Default in Edge, Chrome
Microsoft followed Google’s lead and said it will soon block Flash Player by default in the Edge browser.
Code Reuse a Peril for Secure Software Development
Open source and third-party software bugs haunt even the best developers’ projects, despite the industry’s best efforts to avoid them.
Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities
Microsoft patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet.
Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack
As part of Patch Tuesday Adobe patched a zero-day vulnerability in Flash Player the company claims is being used in targeted attacks against Internet Explorer users on Windows.
Facebook Releases Free Certificate Transparency Monitoring Tool
Facebook makes freely available an internal tool used to monitor CT logs for new TLS certificates issued for a domain. Users can monitor and audit this information for malicious or mistakenly issued certs.