Criminals have found a safe haven abusing legitimate processes, such as real-time bidding, implemented by online advertising networks to move exploits and malware, and build botnets and fraud campaigns.
Tag Archives: Web Security
Slack Discloses Breach of Its User Profile Database, Implements 2FA
Collaboration providers Slack disclosed that a database storing its user profile information has been breached. The break-in has been stopped, and Slack announced that it has implemented two-factor authentication going forward.
GitHub Hit With DDoS Attack
A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.
Hotel Internet Gateways Patched Against Remote Exploit
A critical vulnerability in a popular hotel and convention center Internet gateway from AntLabs called InnGate has been patched. The flaw allows attackers read and write access to the devices from the Internet.
MIT Researchers Debut Debugger for Integer Overflows
Students from M.I.T. have devised a new way to scour raw code for integer overflows.
U.S. Government Requests for Yahoo User Data Drop
Yahoo received nearly 5,000 requests for user data from the United States government in the last six months of 2014 and disclosed some content in nearly 25 percent of those cases. The company said in its new transparency report that it received between 0-999 National Security Letters from the U.S. government, too. The latest report from […]
Denial of Service and Memory Vulnerabilities Patched in Cisco IOS
Cisco released its semiannual set of patches for its Cisco IOS router and switch operating system. The patches address 16 vulnerabilities.
GE Fixes Buffer Overflow Bug in DTM Library
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM library affects four of GE’s products, as […]
Default Setting in Windows 7, 8.1 Could Allow Privilege Escalation, Sandbox Escape
A default setting in both Windows 7 and 8.1 could allow local users to elevate privileges and in some situations, escape application sandboxes.
Tech Companies, Privacy Advocates Call for NSA Reform
A group of technology companies, non-profits and privacy and human rights organizations have sent a letter to President Barack Obama, the director of national intelligence and a wide range of Congressional leaders, calling for an end to the bulk collection of phone metadata under Section 215 of the USA PATRIOT Act. The letter, sent by […]