Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks
95 percent of vulnerable NTP servers leveraged in massive DDoS attacks earlier this year have been patched, but the remaining servers still have experts concerned.
Web Security
AskMen Site Compromised by Nuclear Pack Exploit Kit
Users who visit AskMen.com, a men’s entertainment and lifestyle portal, are being hit with malicious code – possibly stemming from the Nuclear Pack exploit kit – researchers announced today.
Cisco Releases Open Source FNR Cipher
Cisco has released a new open-source block cipher called FNR that is designed for encrypting small chunks of data, such as MAC addresses or IP addresses. The cipher is still in the experimental stage, but Cisco has released the source code and a demo application. The company suggests that the new cipher–called Flexible Naor and […]
A private preview of Microsoft’s new Interflow security threat information-sharing platform opens this week. Interflow, built on industry standards such as STIX and TAXII, automates information sharing across industries.
The FBI has formed a new cybercrime task force with the New York Police Department and the Metropolitan Transit Authority whose job will be to go after high-level financial cyber crimes, employing a model of interagency cooperation that the bureau and other federal law enforcement agencies have used with notable success in other areas. The […]
Although the developers behind the TrueCrypt encryption software have given up the ghost and decided to no longer maintain the application, interest in the project has never been higher. But, one of the developers says that a nascent effort to fork TrueCrypt is unlikely to succeed. Matthew Green, a cryptographer and professor at Johns Hopkins […]
There’s a serious security vulnerability in the Belkin N150 wireless router that can enable a remote, unauthenticated attacker to read any system file on a vulnerable router. The bug is a directory traversal vulnerability and the CERT/CC advisory says that all versions of the router that are running firmware up to and including firmware version […]
It’s difficult to remember now–and seems quaint even if you can recall it–but there was a time in the not-so-distant past when industry analysts and security experts were worried about the coming mobile malware apocalypse. Self-replicating malware would soon be flooding our phones, deleting our coveted ringtones and preventing us all from playing Snake. Mobile phones […]
Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at a newer banker Trojan that has the […]
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.
