OpenDNS went public with a new analytics tool that can be used to detect malicious domains used in APT and cybercrime campaigns.
Browsing Category: Web Security
The Mandarin Oriental luxury hotel chain is investigating a data breach that affects credit cards used in an “isolated number” of its hotels in the United States and Europe. Company officials said that the attack involved “undetectable” malware on some of its systems and emphasized that only credit card data, and no other personal information,[…]
As a public service, the Threatpost team, Mike Mimoso, Dennis Fisher, Brian Donohue and Chris Brook, watched the first episode of CSI: Cyber and kept a running chat log of the “action”. Enjoy.
Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties.
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check[…]
The Angler Exploit Kit has begun using domain shadowing as a technique to avoid detection and blocking, researchers at Cisco Talos said.
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL[…]
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it.[…]
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft’s Internet Explorer browser.
Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essentially running man-in-the-middle attacks on connections to secure sites–in the name of[…]