Grant Wilcox, an ethical hacking degree candidate at the University of Northumbria in the U.K., said the Wassenaar Arrangement rules were one reason he decided not to publish exploits he developed for his dissertation.
Tag Archives: Web Security
Ad Fraud Malware Updating Flash on Infected PCs
Ad fraud malware is one of the more profitable specialties in the cybercrime world, and the attackers who use it often have to adapt their tactics in order to keep the money rolling in. One of the tactics that they have adopted in recent months is that of updating the version of Flash that’s installed on an infected machine.
Hackers Release Hacking Team Internal Documents After Breach
Attackers have compromised the network of Italian intrusion software vendor Hacking Team and released a large cache of the company’s private documents, including customer invoices that show sales to oppressive governments.
Evasion Techniques Keep Angler EK’s Cryptowall Business Thriving
The SANS Internet Storm Center reports that the Angler Exploit Kit, pushing Cryptowall 3.0 ransomware, uses rapidly changing URL patterns—almost daily changes—to evade detection and rake in profits.
Senator Demands Answers on FBI’s Use of Zero Days, Phishing
The chairman of the powerful Senate Judiciary Committee is asking some pointed questions of the FBI director about the bureau’s use of zero-day vulnerabilities, phishing attacks, spyware, and other controversial tools. Sen. Charles Grassley (R-Iowa) has sent a letter to FBI Director James Comey asking for “more specific information about the FBI’s current use of […]
Cisco UCDM Platform Ships With Default, Static Password
A week after admitting that several of its security appliances ship with static SSH keys, Cisco warned customers on Wednesday that its Unified Communications Domain Manager platform has a default, static password for an account that carries root privileges. The vulnerability affects versions of the software prior to 4.4.5 and the company said there are no […]
Attackers Revive Deprecated RIPv1 Routing Protocol in DDoS Attacks
An advisory from Akamai warns of a recent reflection style DDoS attack in which the deprecated RIPv1 routing protocol was leveraged against targets.
Pinterest Fixes Validation Vulnerability in API
Pinterest recently fixed an issue in the API of its web app that could have allowed remote attackers to compromise emails and carry out session hijacking and phishing attacks.
LifeLock Patches XSS That Could’ve Led to Phishing
Researchers identified a cross-site scripting vulnerability in a page on the LifeLock website that could allow an attacker to create an authentic-looking login page for the service and harvest usernames and passwords from customers. LifeLock patched the vulnerability quickly after researchers Blake Welsh and Eric Taylor from Cinder Cyber Research reported it. Welsh said via […]
Patched Apple QuickTime Vulnerability Details Disclosed
Researchers at Cisco Talos released details on a use-after-free vulnerability in Apple QuickTime that could lead to remote code execution.