The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem is related to the […]
Tag Archives: Web Security
Cisco Fixes DoS Vulnerability in ASR 1000 Routers
Cisco has patched a denial-of-service vulnerability in its ASR 1000 line of routers, a bug that’s caused by an issue with the way the routers handle some fragmented packets. The company said the DoS vulnerability affects all of the ASR 1000 Series Aggregation Services Routers that are running a vulnerable version of the IOS XE […]
Writing Advanced OS X Malware an ‘Elegant’ Solution to Improving Detection
OS X security researcher Patrick Wardle is expected at Black Hat to demonstrate how to write advanced Mac malware, including Gatekeeper and Xprotect bypasses, in hopes of raising awareness to the current state of OS malware detection.
Moonpig Warns Customers of ‘Security Issue’
Moonpig has warned customers that some of their email addresses, passwords, and account balances have been published after what it calls a “security issue”. The company, which sells custom greeting cards, said in a message to users that attackers were not able to get any credit card information, as Moonpig does not store that data. […]
New Chrome Extension Helps Combat Keyboard Biometric Profiling
A new Chrome extension called KeyboardPrivacy injects delays into typing patterns, thwarting attempts to build biometric profiles of users for authentication.
Yahoo Touts Success of Bug Bounty Program
Yahoo established its formal bug bounty program nearly two years ago, and the company has paid out more than $1 million in rewards to researchers in that time. But security officials say the value the program has provided to the company has been just as great. Although Yahoo was among the latter wave of major […]
New Hammertoss Espionage Tool Tied to MiniDuke Gang
Hammertoss, a backdoor uncovered by researchers at FireEye, combines many previous communication venues used by APT29, a espionage outfit linked to the Russian government.
NSA Says It Will End Access to 215 Records in November
The National Security Agency says that once its legal authority to conduct Section 215 bulk telephone surveillance ends on Nov. 29, its analysts no longer will be allowed to access the database that holds all of the collected Section 215 records. In May, an appeals court ruled that bulk telephone metadata collection as performed by […]
Valve Patches Password Reset Vulnerability in Steam
Valve Software has patched a vulnerability in the Steam gaming platform that enabled account hijacking through its password reset mechanism.
PHP File Manager Riddled With Vulnerabilities, Including Backdoor
Multiple critical vulnerabilities have existed, some for nearly five years, in PHP File Manager, a web-based file manager used by several high profile corporations.