Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.
Tag Archives: Web Security
Facebook Debuts Open Source Detection Tool for Windows
Facebook finished porting its SQL-powered detection tool, osquery, to Windows this week.
New Google Tools Help Devs Improve Content Security Policy Protection
Google released CSP Evaluator and CSP Mitigator to aid developers in building better Content Security Policy protections for web applications.
Sofacy APT Targeting OS X Machines with Komplex Trojan
APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems.
Questions Mount Around Yahoo Breach
Crypto company Venafi points out potential holes in Yahoo’s processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.
MarsJoke Ransomware Targets .EDU, .GOV Agencies
Researchers have identified a new ransomware strain that spoofs tracking services via spam messages and contain URLs that link to malicious files.
500 Million Yahoo Accounts Stolen By State-Sponsored Hackers
Yahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network.
Drupal Patches Three Vulnerabilities in Core Engine
Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.
Cisco Warns of Command Injection Flaw in Cloud Platform
Cisco rolls out a bevy of patches tied to vulnerabilities found in its cloud services platform, IOS software and Prime Home products.
Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials
Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012.