Hackers targeted and compromised computer networks at United States Department of Energy headquarters in Washington DC two weeks ago, according to a report published by the Washington Free Beacon earlier this morning.
SAN JUAN, Puerto Rico – It’s the vulnerability that never was. Or was it?
UPDATE Some systems running older versions of Juniper Networks’ Junos OS software could be vulnerable to a transmission control protocol (TCP) flaw that can enable a hacker to crash and reboot certain routers.
A buffer overflow could occur in VideoLAN’s VLC cross-platform multimedia player when attempting to parse a specially crafted advanced systems format (ASF) movie, a researcher reported.
A number of security vulnerabilities were repaired in the latest version of the Opera browser, which was released today. However, a security researcher says that users who downloaded the browser from Apple’s Mac App Store won’t have access to version 12.13; in fact you’ll be two revs behind as of today.Graham Cluley of Sophos reported today that Opera 12.11 is the latest version available at the Mac App Store. Version 12.12 was released Dec. 18.
In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks.
Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year.
Back in the dark days of dial-up connectivity, attackers wouldn’t bother compromising home computers as bots to be used in distributed denial-of-service. The lack of bandwidth made PCs persona non grata in the DDoS world. Instead, attackers targeted Web servers, the only machines with the high-speed broadband connections to make DDoS viable.In the years since, broadband has literally come home and personal machines have been compromised by the millions for everything from spam to flood attacks against websites and online services.
Search giant Google is planning a third iteration of its vulnerability-finding contest, Pwnium. This year’s competition is set to be held alongside next month’s CanSecWest security conference on March 7 in Vancouver, BC. Unlike last year’s inaugural Pwnium, which was parallel to CanSecWest’s older Pwn2Own competition, this year Google teamed up with HP’s Zero Day Initiative, the group behind Pwn2Own, to work on the contest’s outlines and “underwrite a portion of the winnings.”
WordPress pushed out version 3.5.1 of its open source blogging platform yesterday, fixing 37 bugs including several cross-site scripting (XSS) errors and a vulnerability that could have allowed an attacker to expose information and compromise an unpatched site.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
