A SANS ISC report indicates a prominent cybercrime group has begun using the Neutrino Exploit Kit, but that hardly spells the end of the road for the notorious Angler EK.
Tag Archives: Web Security
Holes Patched in Online Bookmarking App Pocket
Developers with the service Pocket recently fixed some vulnerabilities that could have allowed users to exfiltrate data, including sensitive information regarding web services, internal IP addresses, and more.
Inside the Unpatched OS X Vulnerabilities
Italian researcher Luca Todesco explains how exploiting two vulnerabilities in OS X gain enable root access for a hacker. He won’t, however, say why he went public with details and exploit code before Apple patched.
Emergency IE Patch Fixes Vulnerability Under Attack
Microsoft released an out-of-band patch for an Internet Explorer vulnerability under attack.
Core Infrastructure Initiative Launches Open Source Security Badge Program
The Core Infrastructure Initiative, which has funded OpenSSL among other open source security projects, announced a badge program that evaluates secure development best practices.
Adobe Patches XXE Vulnerability in LiveCycle Data Services
Adobe pushed out a hotfix for LiveCycle Data Services patching an XXE vulnerability in BlazeDS.
Reflection DDoS Attacks Abusing RPC Portmapper
Level 3 Communications has discovered a new type of reflection DDoS attack that takes advantage of RPC Portmapper to overwhelm networking services.
Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
Using BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks
Researchers warn several BitTorrent protocols can be leveraged to carry out distributed reflective denial of service (DRoS) attacks.
AT&T Facilitated NSA Surveillance Efforts, Reports
Published reports say that AT&T was the National Security Agency’s primary telecommunications partner and facilitated much of its surveillance efforts around telephone and Internet traffic collection.