For the second time in less than a week, Google has updated its Password Alert extension for Chrome to address a method for bypassing the warning screens that alert users that they’re entering data on a non-Google site. However, the researcher who discovered the most-recent bypass method said his technique still works on the latest[…]
Browsing Category: Vulnerabilities
Google paid out a $1,337 bounty to a researcher who found a clickjacking vulnerability in Google API Explorer.
Attackers have recently taken to the job searching website CareerBuilder to spread Microsoft Word documents that masquerade as job hopefuls’ resumes, but in reality, are laden with malware.
A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week. The Password Alert extension is designed to warn users when they’re about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain[…]
Dennis Fisher and Mike Mimoso discuss the post-RSA news, including the MySQL bug, the progress of the OpenSSL overhaul and the wildly entertaining House hearing on crypto backdoors.
A critical vulnerability in popular household routers such as D-Link and Trendnet could be exploited by attackers to run arbitrary code on devices.
Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some[…]
Details on a number of unpatched vulnerabilities in a popular WordPress ecommerce plugin called CartPress were disclosed.
A potentially dangerous XSS vulnerability has existed in eBay for more than a year and it doesn’t appear the company is a rush to fix the issue.
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.