The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software. Most of the vulnerabilities fixed in the new releases are denial-of-service bugs, but one of them can potentially cause memory corruption. That vulnerability only affected older versions of OpenSSL. […]
Tag Archives: Web Security
Cryptowall 3.0 Infections Spike from Angler EK, Malicious Spam Campaigns
SANS Institute reports that Cryptowall 3.0 ransomware infections emanating from the Angler Exploit Kit are on the rise, and coincide with a spike from malicious spam campaigns.
Apple Moving to 2FA, Six-Digit Passcodes in iOS 9
With each new release of iOS, Apple has been improving the security of the mobile operating system, adding new features, inserting exploit mitigations, and taking away avenues for attack. In the forthcoming iOS 9.0 release, the company is continuing this movement with the addition of two-factor authentication and a number of other security features. Last […]
Mozilla Bug Bounty Payouts Going Up
Mozilla announced that it has increased rewards for vulnerabilities submitted to its bug bounty program, and that for the first time it will pay for some bugs whose severity is rated moderate.
Microsoft Brings HSTS to Windows 7 and 8.1
Microsoft announced it has added HTTP Strict Transport Security (HSTS) to Internet Explorer 11 on Windows 8.1 and Windows 7, in addition to its native inclusion in Microsoft Edge on Windows 10.
Congress Looking Into Restricting Power of Government-Owned CAs
UPDATE–As the debate over potential government interference with encryption technologies rages in countries around the world, Congress is now going down a different path, asking technology companies whether it’s feasible and potentially effective for certificate authorities to restricting the way that government-owned CAs can issue certificates. Members of the House Committee on Energy and Commerce […]
New APT Duqu 2.0 Hits High-Value Victims, Including Kaspersky Lab
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims, including some related to the Iran nuclear talks […]
Apple Pushing Developers Toward HTTPS Connections From Apps
Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. The move is yet one more sign that major Internet and technology companies are becoming ever more resistant to large-scale, passive surveillance […]
Banking Malware Vawtrak Spotted Using Tor2Web
Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another level of difficulty when it comes to uncovering their activity.
Adobe Patches 13 Vulnerabilities in Flash Player
Adobe’s monthly patch release features just an update for Flash Player, addressing 13 security vulnerabilities that expose the software to remote attacks.