Mozilla released Firefox 46, which includes patches for one critical and four high-severity vulnerabilities, all of which can lead to remote code execution.
Tag Archives: Web Security
Platinum APT Group Abuses Windows Hotpatching
Microsoft disclosed details on the Platinum APT group and its arsenal of backdoors, keyloggers and its abuse of Windows hotpatching to load malicious code on compromised computers.
Empty DDoS Threats Still Net Attackers $100,000
A group posing as the Armada Collective is threatening businesses with large-scale DDoS attacks without carrying out the attacks. So far, they’ve been paid more than $100,000.
Android Ransomware Attacks Using Towelroot, Hacking Team Exploits
Drive-by exploits install ransomware on outdated Android devices using a stolen Hacking Team exploit and the first weaponized Towelroot attack.
MIT Launches Experimental Bug Bounty Program
The Massachusetts Institute of Technology announced this week that it will launch its own experimental bug bounty program.
Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout
Was the Federal Bureau of Investigation justified in paying over $1.3 million for a hacking tool that opened the iPhone 5c of San Bernardino terrorist?
Core Windows Utility Can Be Used to Bypass AppLocker
A researcher has discovered that Windows’ Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker’s whitelisting protections.
PoS Attacks Net Crooks 20 Million Stolen Bank Cards
A report released Thursday shines a bright light on point-of-sales system attack targeting hospitality and retail businesses that could of given earned cyber crooks a $400 million payday.
Adobe Patches DOM-XSS Flaw in Analytics AppMeasurement for Flash Library
Adobe today patched a DOM-based cross-site scripting vulnerability in the Adobe Analytics AppMeasurement for Flash library.
Misunderstanding Indicators of Compromise
In this Threatpost op-ed, Dave Dittrich and Katherine Carpenter explain the dangers of conflating measurable events, or observables, with indicators of compromise, which require context and other constructs to provide true threat intelligence.