Browsing Category: Vulnerabilities

Jerusalem Center for Public Affairs Serving Malware

Israeli Think-Tank Site Serves Sweet Orange Exploit

Drive-by malware downloads have been spotted on the website of a prominent Israel think-tank, the Jerusalem Center for Public Affairs. The attacks seems to target bank credentials.

Read more...

home depot breach

Feared Home Depot Breach Sparks More Interest in Backoff PoS Malware

Security experts are digging into point-of-sale malware, Backoff in particular, as speculation rages on about how hackers pulled off the Home Depot data breach.

Read more...

Touchstone_CableModemGroup

Some Cable Modems Found to Leak Sensitive Data Via SNMP

Cable modems sold by two manufacturers expose a wide variety of sensitive information over SNMP, including usernames and passwords, WEP keys and SSIDs. Researchers who discovered the vulnerabilities say they’re trivially exploitable and plan to release Metasploit modules for them later this month. The broadband modems, manufactured by Netmaster and ARRIS, leak the sensitive information[...]

Read more...

Validation concept

CERT/CC Enumerates Android App SSL Validation Failures

The CERT Coordination Center at Carnegie Mellon today released a list of Android applications hosted on Google Play and Amazon that it says fail to validate SSL certificates over HTTPS.

Read more...

twitter sand castle

Twitter Launches Bug Bounty Program

Twitter is the latest major Internet company to establish a bug bounty program, and has put no upper limit on the bounty that a researcher can earn for reporting a vulnerability. The company announced on Wednesday that it will operate its bounty program through the HackerOne platform, a bug bounty system that enables vendors to[...]

Read more...

firefox_logo-only_RGB-300dpi

Firefox 32 Debuts With Public-Key Pinning, Several Security Fixes

Mozilla has released Firefox 32, the latest version of its browser, which now supports public-key pinning and also includes fixes for several critical security vulnerabilities. The move to support public-key pinning is an important one for Firefox, as it helps protect users against man-in-the-middle attacks that rely on forged certificates. The feature binds a set[...]

Read more...

gary-mcgraw

Gary McGraw on the IEEE Center for Secure Design

Dennis Fisher talks with Gary McGraw of Cigital about the IEEE’s new Center for Secure Design program, the difficulty of defeating large classes of bugs and the collaborative effort it will take to solve the software security problem.

Read more...

Watering Hole Attack

Watering Hole Attack Targets Automotive, Aerospace Industries

A new watering hole attack is targeting the aerospace, automotive and manufacturing industries with a new reconnaissance malware tool called “Scanbox.”

Read more...