Yahoo says that it is investigating an alleged massive breach of its users’ credential that are available for sale online.
Tag Archives: Web Security
Kaspersky Lab Launches Bug Bounty Program
Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry.
Google Domain Enables HSTS Protection
Google ensures HTTPS connections to its domains with support for HTTP Strict Transport Security, or HSTS.
New Technique Checks Mitigation Bypasses Earlier
Researchers at Endgame are expected at Black Hat to introduce Hardware Assisted Control Flow Integrity (HA-CFI), which leverages features in the micro-architecture of Intel processors for security.
WPAD Flaws Leak HTTPS URLs
Sniffing HTTPS URLs with malicious PAC files gets easier with a new technique that exploits flaws in the Web Proxy AutoDiscovery protocol.
Threatpost News Wrap, July 29, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including a wireless keyboard vulnerability – KeySniffer, NIST’s statement on 2FA, a LastPass remote compromise bug, and a new Tor paper.
LastPass Patches Ormandy Remote Compromise Flaw
LastPass has patched a vulnerability in its Firefox add-on that allows attackers complete remote compromise of the password manager
White House Beefs Up Cyber Threat Response Action Plan
A new White House directive outlines the U.S. cyber threat response strategy along with issuing a color-coded cyber threat schema.
NIST Recommends SMS Two-Factor Authentication Deprecation
The U.S. National Institute for Standards and Technology (NIST) said SMS-based two factor authentication would soon be deprecated.
Attributing Advanced Attacks Remains Challenge For Researchers
Kaspersky Lab researchers participated in a Reddit AMA, touching on topics such as attack attribution, critical infrastructure security, attacker and researcher tradecraft, and the shortage of security talent.