Mozilla released a new version of Firefox on Wednesday to address a zero day vulnerability that was actively being exploited to de-anonymize Tor Browser users.
Tag Archives: Web Security
Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass
Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser.
Tor Patched Against Zero Day Under Attack
The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users.
New Cerber Variant Leverages Tor2Web Proxies, Google Redirects
Researchers have discovered that criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection.
New Mirai Variant Targets Routers, Knocks 900,000 Offline
Attackers are targeting DSL routers this week with what’s being called a potent new variant of the Mirai malware that knocked offline major Internet companies like Twitter and Spotify last month.
PayPal Fixes OAuth Token Leaking Vulnerability
PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application.
Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11
Microsoft confirmed Feb. 14, 2017 is the cutoff date for SHA-1 support in its Microsoft Edge and Internet Explorer 11 browsers.
WordPress Plugins Leave Black Friday Shoppers Vulnerable
Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws.
Office 365 Vulnerability Identified Bogus Microsoft.com Email as Valid
An email scam tricked Yandex email recipients into thinking phishing emails were certified legit and from the Microsoft.com domain.
Drupal Fixes ‘Moderately Critical’ Vulnerabilities in Core Engine
Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition.