Sally Beauty Supply confirmed Monday that an attacker was able to penetrate its system and make off with “fewer than 25,000 records” of its customers’ sensitive banking information.
Advanced attackers are ahead of researchers when it comes to understanding firmware vulnerabilities and BIOS forensics, experts from MITRE and Intel said during last week’s CanSecWest.
Apache has released version 2.4.9 of its ubiquitous HTTP web server (HTTPD), resolving two security vulnerabilities and a number of other bugs in the process.
Trying to enumerate the compromised sites on the Internet is a Sisyphian task. Luckily, it’s not a task that anyone really needs to perform any longer, especially now that Barracuda Labs has released its new Threatglass tool, a Web-based frontend that allows users to query a massive database of compromised sites to get detailed information[...]
Now that CanSecWest and the Pwn2Own hacking contest has wrapped up for another year, we’re left to still ponder the security of web browsers, whether BIOS attacks are the next frontier, and how exploit brokers will shape the business end of vulnerability research.
Google on Monday released fixes for a number of bugs in Chrome discovered and exploited during Pwn2Own, releasing new versions of the browser for Windows, Mac and Linux.
In a letter sent to President Obama and members of Congress, former members and staff of the Church Committee on intelligence said that the revelations of the NSA activities have caused “a crisis of public confidence” and encouraged the formation of a new committee to undertake “significant and public reexamination of intelligence community practices”.
When it comes to the security of a critical infrastructure, it takes a mixed team with enough knowledge overall to make the right decisions, and to safely walk through a “SCADA Triangle”.
More than 7,600 different power, chemical and petrochemical plants may still be vulnerable to a handful of SCADA vulnerabilities made public this week.
Dennis Fisher and Mike Mimoso talk about the news from the CanSecWest conference, the drama and melodrama at Pwn2Own and the bad year that RNGs have had.