A sandboxed alpha version of the Tor Browser was released over the weekend and while there are still some rough edges and bugs, it could be a step toward protecting Tor users from recent de-anonymization exploits.
Tag Archives: Web Security
Threatpost News Wrap, December 8, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google’s new open source fuzzer.
Yahoo Mail XSS Bug Worth Another $10K to Researcher
Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.
Critical Vulnerability Patched in Roundcube Webmail
Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.
Hackers Gamify DDoS Attacks With Collaborative Platform
A hacking group is luring participants to use a DDoS platform where they can compete with peers to earn redeemable points exchangeable for hacking tools and click-fraud software.
Flash Exploit Found in Seven Exploit Kits
An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future.
DailyMotion Hack Leaks Emails, Passwords of 87M Users
The video sharing website DailyMotion admitted early Tuesday that it recently suffered an “external security problem” which resulted in the compromise of its users data.
Google Debuts Continuous Fuzzer for Open Source Software
A new Google program OSS-Fuzz is aimed at continuously fuzzing open source software and has already detected over 150 bugs.
Distributed Guessing Attack Reels in Payment Card Data
A research paper describes vulnerabilities enabling distributed guessing attacks which allow an attacker to collect payment card data across a number of sites without triggering alerts.
Google Fixes 12 High-Severity Flaws In Chrome Browser
Chrome 55.0.2883.75 for Windows, Mac, and Linux was released Thursday and patched 36 vulnerabilities, including 12 high-severity flaws eligible for bounties.