Building a business can be expensive and time-consuming, and owners will look for ways to save money wherever they can. Researchers from RSA Security have found a VPN provider in China that is taking this to an unusual extreme: hacking Windows servers around the world for use as VPN nodes on a network that is[…]
A major information-sharing bill that’s in the Senate right now would allow private organizations to share threat data with any government agency, something that the Department of Homeland Security says could have severe privacy implications and cause confusion and inefficiencies inside the federal government. The bill, known as the Cybersecurity Information Sharing Act, would allow[…]
At Black Hat, researchers are expected to disclose new firmware attacks that work against OS X and self replicated to Thunderbolt peripherals.
After years of discussions, disagreements, and digressions, the Do Not Track header is supported by all of the major browsers. But because there’s no real requirement for sites or advertisers to respect it, DNT is not as effective as it could be. Now, the EFF, Disconnect, and several other organizations are publishing a new DNT standard[…]
Spam messages spoofing Microsoft and promising a free Windows 10 upgrade instead drop the CTB-Locker crypto-ransomware on compromised machines.
The U.S. Commerce Department this week agreed to rewrite the proposed U.S. implementation of the Wassenaar Arrangement, a decision lauded by security experts.
Dennis Fisher and Mike Mimoso discuss the hacked sniper rifle, the huge Android bug in Stagefright, Samy Kamkar’s OwnStar device, and the joy and pain of next week’s Black Hat conference.
Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, the familiar[…]
The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem is related to the[…]
Cisco has patched a denial-of-service vulnerability in its ASR 1000 line of routers, a bug that’s caused by an issue with the way the routers handle some fragmented packets. The company said the DoS vulnerability affects all of the ASR 1000 Series Aggregation Services Routers that are running a vulnerable version of the IOS XE[…]