A Silverlight vulnerability patched yesterday by Microsoft could be tied to a Russian hacker who tried to sell a similar zero day to the Hacking Team.
Tag Archives: Web Security
Microsoft Patches Six Critical Flaws With First Update of 2016
Microsoft only released nine bulletins for its first Patch Tuesday of 2016, but six of them are marked critical and seven can lead to remote code execution.
Adobe Patches Code Execution Flaws in Reader, Acrobat
Adobe today patched 17 remote code execution vulnerabilities in Acrobat and Reader.
Questions Linger as Juniper Removes Backdoored Dual_EC RNG
Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored.
Older IE Versions Losing Security Support on Tuesday
Tuesday’s impending deadline ending security support for Internet Explorer 8, 9 and 10 is putting companies on notices about moving off older versions of the browser.
Threatpost News Wrap, January 8, 2016
Mike Mimoso and Chris Brook discuss the week in news: How the Dutch are opening encryption with open arms, the end of support for IE 8, 9, and 10, and the latest bounty offered up by Zerodium.
Mozilla Warns of SHA-1 Deprecation Side Effects
Mozilla warns Firefox users that the browser’s rejection of new SHA-1 certificates is keeping some users behind security scanners and antivirus software from reaching HTTPS sites.
WordPress 4.4.1 Update Resolves XSS Vulnerability
Developers at WordPress are warning users of the content management system to download and apply the most recent update, pushed yesterday, to address a cross-site scripting vulnerability.
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
Researchers have demonstrated new collision attacks against SHA-1 and MD5 implementations in TLS, IKE and SSH.
All Drupal Versions Susceptible to Code Execution, Credential Theft Vulnerabilities
A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns.