A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys.
Browsing Category: Web Security
A new version of Adobe Shockwave Player patches two memory corruption vulnerabilities that could lead to remote code execution.
There was a cross-site scripting vulnerability in an eBay domain that could have allowed an attacker to steal users’ session cookies and take over their accounts. The company has removed the vulnerable page, according to the researcher who discovered the bug and disclosed it to eBay, Aditya Sood. The vulnerability existed on an eBay subdomain,[…]
After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as[…]
Dennis Fisher and Mike Mimoso talk about the potential US sanctions against China over cyberespionage, the browser vendors dumping RC4, the trouble at Mobile Pwn2Own and more security news of the week.
Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable.
New variants of the notorious Carbanak Trojan have surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed.
Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications.
Google promoted Chrome 45 to a stable release, patching 29 security vulnerabilities. It has also started pausing ads running Flash.
Google and Mozilla today announced they’ve settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm.