A bug in the way that the hugely popular Apache Web server handles some types of HTTP “range” header requests can enable a remote attacker to cause a denial-of-service condition on a vulnerable server. The flaw, which affects all versions of Apache 1.3 and Apache 2, reportedly already is being exploited in the wild and Apache Software Foundation officials are working on a fix for the bug, which is expected to be released within a few days.
By Jorge MieresAfter rumors about the supposed merger between SpyEye and ZeuS, and the public release of the source of the latter, it was logical that the range of possibilities opened up even more for new cybercriminals into the ecosystem of crimeware.
A day after warning users about a serious bug in the cryptographic function in PHP 5.3.7 and telling them not to upgrade to that release, the maintainers of the scripting language pushed out version 5.3.8, which fixes the crypto problem as well as another security related issue.
Ubuntu has fixed a pile of security vulnerabilities in some of its current releases, including 22 vulnerabilities in the WebKit framework that’s part of the operating system. The WebKit flaws include some issues that could be exploited by remote attackers to run code on vulnerable machines.
Google has patched 11 vulnerabilities in its Chrome browser, one of them critical, and paid out more than $8,500 in rewards to researchers for reporting bugs.
The news last week was that the U.S. House Energy & Commerce Committee has asked the Government Accountability Office to investigate the security of the software that runs medical devices. But a prominent researcher says that security flaws in such devices are common, and that more federal oversight is necessary to change what he describes as a culture of lax security among medical device makers.
The maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved.
For nearly two decades, the DEFCON hacking conference has brought together people with an interest in investigating technology and cracking security. In recent years, however, DEFCON has suffered significant growing pains. Getting between sessions meant pushing through crowds reminiscent of major crossroads in Tokyo. Entering an almost-completed session to get a jump on the next was not allowed, so people lined up in the hallways, further clogging the byways. And, the smaller sessions — such as the lockpicking village — failed to offer a sanctuary from the crowds and were routinely packed as well. While attendees were always destined to miss the majority of the happenings at the conference, DEFCON increasingly seems to be more about moving from location to location, and less about all of the learning in between.
The hack of a commercially available insulin pump earlier this month at the DEFCON hacker conference has attracted the attention of members of the House Energy & Commerce Committee, which is now calling for a formal review of wireless medical devices like the pump.
A group of researchers have developed a new attack that enables them to find AES keys several times faster than was previously thought possible, reducing the complexity of finding the keys on AES-128, AES-192 and AES-256. However, the attack does not pose any practical threat to currently deployed systems that use the AES encryption algorithm, the researchers said.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
