Browsing Category: Vulnerabilities

Categories: Vulnerabilities

One of the more interesting presentations on the schedule at next month’s Black Hat conference is a talk by renowned Web security researcher Billy Hoffman of HP on a new method for implementing a darknet in browsers using just PHP and JavaScript. The approach, which Hoffman and his co-presenter Matt Wood call Veiled, is a low-overhead method for giving users the ability to evade Web monitoring and censorship.

Read more...

Categories: Vulnerabilities

Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.
The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch. Read the full story [zdnet.com]

Read more...

Categories: Podcasts, Vulnerabilities

Dennis Fisher talks with Cormac Herley of Microsoft Research about the paper he co-authored on the realities of the underground economy, why sales of stolen credit cards resemble a market for lemons and how we can get better data on cybercrime activities.

Read more...

Categories: Vulnerabilities

Mozilla has joined this week’s patchapalooza with the release of a Firefox update to fix 11 documented security vulnerabilities.
Six of the 11 issues are in advisories rated “critical” because of the risk of code execution attacks that could allow hackers to take complete control of a compromised machine.  Read the full advisory from Mozilla [mozilla.org]

Read more...

Categories: Vulnerabilities

From The H Security
A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability. Nonetheless, Google considers the vulnerability to be a high risk. Read the full story [h-online.com]

Read more...

From ZDNet (Dancho Danchev)
Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object [paretologic.com] found at a bogus Macintosh PortTube site.
The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.  Read the full story [zdnet.com]

Read more...