Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data.
Browsing Category: Vulnerabilities
BadUSB-style attacks against industrial control systems are theoretically possible, but bear watching according to Michael Toecker today at the Security Analyst Summit.
Staffan Truve spoke Monday at the Kaspersky Analyst Summit about the efforts his company Recorded Future is taking to index the dark web, or what he called the underbelly.
CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve Adegbite, who spoke on the challenges of detecting silent[…]
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.
WordPress has become a huge target for attackers and vulnerability researchers, and with good reason. The software runs a large fraction of the sites on the Internet and serious vulnerabilities in the platform have not been hard to come by lately. But there’s now a new bug that’s been disclosed in all versions of WordPress that[…]
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft.
In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future. As much of users’ computing has moved into their browsers in the last few years, extensions and add-ons have become important tools.[…]
Facebook announced ThreatExchange, an API-based platform for the exchange of attack and threat data.