Cisco routers are built into the fabric of the Internet and enterprise networks, a fact that makes them highly attractive targets for attackers. Researchers at FireEye have come across attacks recently in which hackers have been modifying the firmware of Cisco routers and using that foothold to maintain persistence on the victim’s network. Such a technique […]
Tag Archives: Web Security
New Debian Releases Fix PHP, VirtualBox Bugs
The maintainers of Debian have released new versions of the operating system to fix several vulnerabilities, including a number of bugs in PHP and an unspecified flaw in Oracle’s VirtualBox application. There are new versions of the stable and oldstable releases of Debian available, which fix the security vulnerabilities. Among the patches is one for […]
Series of Buffer Overflows Plague Many Yokogawa ICS Products
There is a series of stack buffer overflows in nearly 20 ICS products manufactured by Japanese vendor Yokogawa that can lead to remote code execution. The bugs affect a long list of the company’s products, which are used in a variety of industries around the world. The Yokogawa products are mainly control systems, plant-management systems, event-analysis […]
Just Like Old Days: IOT Security Pits Regulators Against Market
A panel discussion at the Security of Things Forum debated the need for regulation to ensure the security and privacy of connected devices.
Pair of Drupal Modules Patch Access Bypass Flaws
A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users. One of the modules fixed is the Twitter module, which allows users to take a variety of actions, including pulling in public […]
NY Health Provider Excellus Discloses Data Breach Dating to 2013
Excellus BlueCross BlueShield, a large health care provider in New York state, says it was hit by an attack that began in 2013 and wasn’t discovered until last month, resulting in the compromise of members’ personal information, including Social Security numbers, addresses, financial and account information. The company did not specify how many people potentially […]
FTC, Experts Push Startups to Think About Security From the Beginning
About a decade ago, many large software makers learned some very difficult lessons about software security and building security into their products from the start. Some are still learning. The FTC and a variety of security experts are hoping that today’s crop of start-ups will not have to go through that same painful process. The FTC […]
Android Stagefright Exploit Code Released to Public
Exploit code for the Android Stagefright vulnerability was made public, and researcher Joshua Drake hopes organizations will test Android systems and devices against the code.
Turla APT Group Abusing Satellite Internet Links
Researchers at Kaspersky Lab have revealed that the Turla APT gang is using satellite-based Internet links to hide command-and-control activities.
Jessy Irwin on Password Security, Opsec and User Education
Dennis Fisher talks with Jessy Irwin of 1Password about her path into the security world, the many security challenges in the education sector, the password-security problem, and security jewelry.