The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.
Tag Archives: Web Security
How I Got Here: Marcus Ranum
Dennis Fisher talks with security pioneer Marcus Ranum about writing an early Internet firewall at DEC, the security gold-rush era of the 1990s and early 2000s, why he never patented most of the ideas he has come up with and how he found peace of mind.
New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs
Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade 512-bit Diffie-Hellman cryptography. The most serious […]
Details Surface on Unpatched KCodes NetUSB Bug
KCodes NetUSB, a Linux kernel module that provides USB services over IP, contains unpatched vulnerabilities according to an alert from CERT/CC and Sec Consult
Google Fixes Sandbox Escape in Chrome
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities […]
Address-Spoofing Bug Haunts Android Stock Browser
There’s an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and developed the technique for exploiting it. The problem […]
APT Group Embeds Command and Control Data on TechNet Pages
The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources.
Oracle Patches VENOM Vulnerability
Oracle on Saturday released its patch for the VENOM vulnerability, a guest escape flaw that affects many virtualization platforms.
Several Factors Mitigate VENOM’s Utility for Attackers
Proof of concept code exploiting the VENOM vulnerability has surfaced. Its author says mitigating factors make VENOM difficult to exploit at scale.
Cisco Patches Flaws in TelePresence
Cisco patched command injection, authentication bypass, and denial of service vulnerabilities in a number of its TelePresence products.