A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.
Browsing Author: Dennis Fisher
Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts.
There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric’s HMI products, and an attacker who exploits them may be able to run arbitrary code.
Yahoo received nearly 5,000 requests for user data from the United States government in the last six months of 2014 and disclosed some content in nearly 25 percent of those cases.
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code.
A group of technology companies, non-profits and privacy and human rights organizations have sent a letter to President Barack Obama, the director of national intelligence and a wide range of Congressional leaders, calling for an end to the bulk collection of phone metadata under Section 215 of the USA PATRIOT Act.
Google is continuing to refine its Safe Browsing API and now is giving users warnings about not just malicious software on sites they’re attempting to visit, but also about unwanted software.
A security researcher says there is a bug in the Instagram API that could enable an attacker to post a message with a link to a page he controls that hosts a malicious file, but when the user downloads the file it will appear to come from a legitimate Instagram domain, leading the victim to trust[…]
Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain. Google’s engineers were able to block the fraudulent certificates in the company’s Chrome browser by pushing an[…]
Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones. Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is[…]