There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.
Tag Archives: Web Security
DARPA Working on Provably Secure Embedded Software
DARPA is working on a new kind of software that is provably secure for specific properties.
Google Ups Chrome Bug Bounty, Offers More Money For Exploits
Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submit a working exploit for […]
OpenVPN Vulnerable to Shellshock Bash Vulnerability
OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. Fredrik Stromberg of Mullvad said the vulnerability is dangerous because it’s pre-authentication in OpenVPN.
New Signed Version of CryptoWall Ransomware On the Loose
Researchers have discovered a variant of the CryptoWall ransomware that has a valid digital signature and is being distributed through malicious ads on several top-ranked Alexa Web sites. CryptoWall is one of the more successful ransomware strains in recent memory, with researchers estimating last month that the malware had grossed more than $1 million for […]
Apple Patches Shellshock Vulnerability in Bash for OS X
Apple released its patch for the Bash vulnerability, repairing versions of OS X vulnerable to Shellshock exploits.
WPScan Vulnerability Database a New WordPress Security Resource
Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. It’s available for pen-testers, WordPress administrators and developers.
CloudFlare Rolls Out Free SSL
In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available […]
FBI to Open Up Malware Investigator Portal to External Researchers
SEATTLE–The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. […]
Apple: OS X Safe By Default Against Bash Vulnerability
Apple said it is working on a patch for OS X to counter the Bash vulnerability, but in the meantime is telling users the OS is safe by default.