Cisco announced today its intent to acquire big data security company OpenDNS for $635 million in cash.
Tag Archives: Web Security
Apple Patches Dozens of Flaws in iOS 8.4, OS X 10.10.4
Apple has released new versions of iOS and OS X, both of which include a significant number of security patches, several for bugs that can lead to remote code execution and other serious issues. Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS kernel, WebKit, and CoreText. […]
Cyber UL Could Become Reality Under Leadership of Hacker Mudge
UPDATE–One of the longstanding problems in security–and the software industry in general–is the lack of any universally acknowledged authority on quality and reliability. But the industry moved one step closer to making such a clearinghouse a reality this week when Peiter Zatko, a longtime researcher and hacker better known as Mudge in security circles, announced […]
Researcher Says LG App Update Mechanism Doesn’t Verify SSL Cert
Many smartphones manufactured by LG contain a vulnerability that can allow an attacker to replace an APK file with a malicious file of his choice. The problem is the result of several conditions on LG phones. Like other manufacturers, LG includes custom apps on its handsets, which are not available through the normal Google Play […]
Searches for Pirated Content Lead to Pain and Little Gain
People love to try and get something for nothing, especially on the Internet where there’s all kinds of things available for nothing. But a lot of those free things are illegal and attackers have become very adept at taking advantage of users’ desire for free episodes of Gilmore Girls or bonus Dragon Ball Z content. Researchers […]
Samsung to Patch Windows Update Issue Within Days
Samsung said today it will no longer automatically disable Windows updates on PCs and laptops it manufactures and will release a patch “within a few days.”
IETF Officially Deprecates SSLv3
The IETF, in RFC7568, declared SSLv3 “not sufficiently secure” and prohibited its use. SSLv3 fallbacks were to blame for the POODLE and BEAST attacks.
New Chrome Extension Blocks BeEF Attacks
An engineer has come up with a new way to help combat BeEF, or browser exploit framework attacks.
NIST Drops Weak Dual_EC RNG From Official Recommendations
NIST officially has removed the controversial and compromised Dual_EC_DRBG from its list of recommended algorithms for generating random numbers.
Threatpost News Wrap, June 26, 2015
Dennis Fisher and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good ones.