Google and Mozilla today announced they’ve settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm.
Tag Archives: Web Security
UPnP Trouble Puts Devices Behind Firewall at Risk
Networked devices behind a firewall are at risk to attack because of poor authentication in the UPnP protocol in most home routers.
CERT Warns of Slew of Bugs in Belkin N600 Routers
The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with […]
NSF Awards $6M Grants for Internet of Things Security
The National Science Foundation awarded $6 million in grants to fund projects working toward securing networked things.
CoreBot Malware Steals Credentials-For Now
CoreBot is new information-stealing malware in the wild with a modular design that could turn the credential-stealing malware into something much worse.
Latest APT 28 Campaign Incorporates Fake EFF Spearphishing Scam
An attack that uses the same path names, Java payloads, and Java exploit as one earlier this summer was found leveraging a fake EFF site.
Threatpost News Wrap, August 28, 2015
Dennis Fisher and Mike Mimoso discuss the quasi-interesting fallout from the Ashley Madison hack, the appeals court decision about the Wyndham data breaches, and Charlie Miller leaving Twitter.
FBI: Social Engineering, Hacks Lead to Millions Lost to Wire Fraud
U.S. businesses are losing millions in fraudulent wire transfers that have their root in email compromises of accounts belonging to top executives.
Google to Pause Flash Ads in Chrome Starting Next Week
Google on Tuesday will begin pausing Flash ads by default in Chrome, a move that is designed mainly to help improve browser speed, but that will also be a security upgrade for users. The company announced the plan back in June and said this week that it will make the behavior the default setting for […]
BitTorrent Patch Throttles Reflective DDoS Attacks
BitTorrent today announced that a patch has been rolled out in the libuTP protocol used by many of its clients, fixing a vulnerability that allows attackers to carry out distributed reflective denial of service attacks.