A SANS ISC report indicates a prominent cybercrime group has begun using the Neutrino Exploit Kit, but that hardly spells the end of the road for the notorious Angler EK.
Browsing Category: Web Security
Developers with the service Pocket recently fixed some vulnerabilities that could have allowed users to exfiltrate data, including sensitive information regarding web services, internal IP addresses, and more.
Italian researcher Luca Todesco explains how exploiting two vulnerabilities in OS X gain enable root access for a hacker. He won’t, however, say why he went public with details and exploit code before Apple patched.
Microsoft released an out-of-band patch for an Internet Explorer vulnerability under attack.
The Core Infrastructure Initiative, which has funded OpenSSL among other open source security projects, announced a badge program that evaluates secure development best practices.
Adobe pushed out a hotfix for LiveCycle Data Services patching an XXE vulnerability in BlazeDS.
Level 3 Communications has discovered a new type of reflection DDoS attack that takes advantage of RPC Portmapper to overwhelm networking services.
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
Researchers warn several BitTorrent protocols can be leveraged to carry out distributed reflective denial of service (DRoS) attacks.
Published reports say that AT&T was the National Security Agency’s primary telecommunications partner and facilitated much of its surveillance efforts around telephone and Internet traffic collection.