The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate.
Tag Archives: Web Security
VUPEN Launches New Zero-Day Acquisition Firm Zerodium
In the weeks since the Hacking Team breach, the spotlight has shone squarely on the small and often shadowy companies that are in the business of buying and selling exploits nd vulnerabilities. One such company, Netragard, this week decided to get out of that business after its dealings with Hacking Team were exposed. But now […]
Several Critical Flaws Patched in Drupal Module
There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (RDF) […]
WordPress Patches Critical XSS Vulnerability in All Builds
WordPress rolled out a new version of its content management system this morning that addresses a nasty cross-site scripting (XSS) vulnerability that could ultimately lead to site compromise.
Four Zero Days Disclosed in Internet Explorer Mobile
UPDATE–As if all of the vulnerabilities in Flash and Windows discovered in the Hacking Team document cache and the 193 bugs Oracle fixed last week weren’t enough for organizations to deal with, HP’s Zero Day Initiative has released four new zero days in Internet Explorer Mobile that can lead to remote code execution on Windows Phones. […]
Bartalex Variants Spotted Dropping Pony, Dyre Malware
Some strains of Bartalex malware, a macro-based malware that first surfaced earlier this year, are dropping Pony malware and the Dyre banking Trojan.
Hacking Team Claims It Always Sold ‘Strictly Within the Law’
Hacking Team officials are disputing reports that the company sold its surveillance and intrusion software to oppressive regimes in countries that were under sanction. The company said it sold its products “strictly within the law and regulation as it applied at the time any sale was made.” The new statement from Hacking Team comes after two […]
Google Patches 43 Bugs in Chrome
A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category. Two of the more serious vulnerabilities fixed in Chrome 44 are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout engine in Chrome. The […]
Possible Breach Results in Shutdown of Many Retail Photo Services
A potential data breach at a third-party provider has resulted in the shut down of retail photo-printing services at a number of chains, including CVS, Costco, Rite Aid, and several others. The breach reportedly hit PNI Digital Media, a Canadian company that provides the online photo platform for many retailers. The company was acquired by Staples […]
Free Tool Looks for HackingTeam Malware
UPDATE–Researchers at Rook Security have released a new tool that looks for HackingTeam malware on target systems, and also have published a set of indicators of compromise to help organizations look for signs of an infection from the intrusion software.