Mike Mimoso and Chris Brook discuss the week in news–including how researchers disrupted a campaign using the Angler Exploit Kit, how a researcher was forced to pull a talk from a conference, and how a practical SHA-1 collision could be months away, not years.
Tag Archives: Web Security
Researchers Disrupt Angler Exploit Kit Ecosystem, Derail $30M Ransomware Campaign
Researchers took a big step towards eradicating the Angler exploit kit, disrupting a large ransomware campaign connected to the kit that purportedly netted a hacker behind it more than $60 million annually.
Canceled Talk Re-Ignites Controversy Over Legitimate Security Research
Citing vendor pressure, a researcher pulled a talk at HITB GSEC Singapore on the security of IP-enabled surveillance cameras.
WordPress Jetpack Plugin Patched Against Stored XSS Vulnerability
The popular Jetpack WordPress plugin was updated this week in order to patch a critical stored cross-site scripting vulnerability.
Unsupported Honeywell Experion PKS Vulnerable to Public Attacks
Unsupported versions of Honeywell distributed control system software are vulnerable to publicly available remote exploits.
Dyreza Trojan Targeting IT Supply Chain Credentials
The Dyreza, or Dyre, Trojan has been spotted phishing credentials in attacks against the IT supply chain.
JavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second
CloudFlare reports a massive JavaScript-based DDoS attack against one its customers, likely carried out by unsuspecting mobile browsers served a malicious ad.
Mozilla Fixes 14-Year-Old Bug in Firefox 41
Developers at Mozilla pushed out Firefox 41 this week and brought some much needed relief to AdBlockPlus users by finally fixing a 14-year old bug in the browser.
New Attacks Recall Old Problems with Browser Cookies
DHS CERT published an alert prompted by a paper delivered at USENIX regarding the security of browser cookies.
Curbing the For-Profit Cybercrime Food Chain
Researchers with Google and a handful of universities believe security practitioners need to focus on evaluating how cybercriminals adapt to interventions instead of trying to protect users.