A Brazilian political website has been compromised and is injecting iFrames that attempt to change the victim’s router DNS settings.
Tag Archives: Web Security
Key Flaw Enables Recovery of Files Encrypted by TorrentLocker
Crypto ransomware, a relatively unknown phenomenon a couple of years ago, has exploded into one of the nastier malware problems for Internet users. Variants such as CryptoLocker and CryptoWall have been siphoning money from victims for some time, and now researchers have dissected a newer variant known as TorrentLocker and found that the creators made […]
Details Disclosed for Critical Vulnerability Patched in Webmin
The University of Texas information security office disclosed details of a vulnerability in remote management software Webmin that could allow someone to remotely delete files on a host server.
Apache Warns of Tomcat Remote Code Execution Vulnerability
Some older versions of Apache Tomcat, the company’s open source web server and servlet container, are vulnerable to remote code execution.
Adobe Patches Host of Memory Bugs in Flash Player
Adobe announced security updates and a new version of Flash Player for Windows, Mac and Linux; the company also announced it was postponing a scheduled update for Reader and Acrobat.
Research Finds No Large Scale Heartbleed Exploit Attempts Before Vulnerability Disclosure
In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations–perhaps the NSA–that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but […]
More 1024-Bit Certificates to Be Deprecated in Firefox
When Mozilla released Firefox 32 last week, the company removed several root certificates from the trust store for the browser. The move wasn’t because the certificates were fraudulent or the CAs that issued them were compromised, but because the certificates use 1024-bit keys. This is the first step in a process that Mozilla officials say […]
Google ‘Sunsetting’ Weak SHA-1 Crypto Algorithm
Google has initiated a process to revoke trust from any certificates that rely on the outdated SHA-1crytpographic hash algorithm.
OpenSSL Publishes its Security Policy
The OpenSSL Project yesterday for the first time made the OpenSSL security policy public.
Israeli Think-Tank Site Serves Sweet Orange Exploit
Drive-by malware downloads have been spotted on the website of a prominent Israel think-tank, the Jerusalem Center for Public Affairs. The attacks seems to target bank credentials.