Cisco Talos reports a new strain of spyware called Rombertik that escalates its anti-detection capabilities by destroying the Master Boot Record if the code is audited.
Tag Archives: Web Security
Google Updates Password Alert Extension, But Some Bypasses Still Work
For the second time in less than a week, Google has updated its Password Alert extension for Chrome to address a method for bypassing the warning screens that alert users that they’re entering data on a non-Google site. However, the researcher who discovered the most-recent bypass method said his technique still works on the latest […]
Google Patches Clickjacking Bug
Google paid out a $1,337 bounty to a researcher who found a clickjacking vulnerability in Google API Explorer.
Researchers, FBI Warn of Nepal Earthquake Scams
The earthquake that hit Nepal late last month has caused untold damage in the region and kicked off a massive relief and aid effort. Attackers are loathe to let a chance like that go by, and they have concocted a number of schemes to deprive victims of their money and hope for relief funds. Aid organizations […]
Mozilla Moving Toward Full HTTPS Enforcement in Firefox
The Mozilla Foundation announced yesterday that it is in the process making HTTP connections incompatible with its popular Firefox Web browser.
Researcher Finds Method to Bypass Google Password Alert
A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week. The Password Alert extension is designed to warn users when they’re about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain […]
Threatpost News Wrap, May 1, 2015
Dennis Fisher and Mike Mimoso discuss the post-RSA news, including the MySQL bug, the progress of the OpenSSL overhaul and the wildly entertaining House hearing on crypto backdoors.
Dyre Banking Trojan Jumps Out of Sandbox
Researchers at Seculert have found a new version of the Dyre banking malware, one that is adept at avoiding sandbox detection.
MySQL Bug Can Strip SSL Protection From Connections
Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some […]
Congress, Crypto and Craziness
A Congressional hearing on encryption and “frontdoors” produced a generous amount of the usual “crazy” from lawmakers and law enforcement.