D-Link Working on Firmware Updates for Three Critical Bugs
D-Link is in the midst of pushing out firmware updates for eight of its home router models, addressing three serious remote code injection vulnerabilities.
Vulnerabilities
Firefox 37 to Include New OneCRL Certificate Blocklist
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]
New FREAK Attack Threatens Many SSL Clients
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL […]
A GAO report takes the Federal Aviation Administration to the woodshed over its sub-par information security controls and policies.
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it. […]
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft’s Internet Explorer browser.
Remote code execution vulnerabilities in Seagate Business NAS firmware were disclosed after a 100-plus day deadline passed without a fix from the vendor.
A pharming attack has been detected targeting home routers distributed from Brazil’s largest telco, a rare instance of a web-based attack changing DNS settings in order to redirect traffic.
An automated attack targeting users of the open source Rejetto webserver and file-sharing application tried to inject the IptabLes DDoS tool.
Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser. One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances. “Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video […]
