Cloud-based password manager LastPass said its network has been breached and attackers stole personal information as well as salts and hashes.
The U.S.-China Economic and Security Review Commission tackled China and cyberespionage today in a D.C. hearing.
The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and many other companies. Researchers at Kaspersky Lab, who discovered[…]
The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to execute arbitrary HTML code. The bug may have been reported to the plugin’s developer as long as two years ago, but it was still[…]
A RFP, which has since been taken down, surfaced last week from the Naval Supply Systems Command seeking operational exploits and vulnerability intelligence for commercial software from leading IT vendors.
Microsoft has reclassified the Ask Toolbar as unwanted software, which means its security tools will automatically detect and remove all versions, except for the most recent, from Windows computers.
Cisco patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.
Dennis Fisher and Mike Mimoso discuss the Duqu 2.0 attack and its ramifications, the addition of HSTS support to Windows 7 and 8.1 and the rest of the news of the week.
Snapchat has given its users the choice of enabling two-factor authentication in the latest version of the photo- and video-sharing app.
The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software.