Web Security

While the group of vulnerabilities that the OpenSSL Project patched last week hasn’t grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products.

TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today.

News aggregator Feedly and note-taking service Evernote were both knocked offline by distributed denial of service attacks in the last 24 hours.

Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution.

As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development.

There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user. The vulnerability affects the Cisco Email Security Appliance, the Cisco Web Security Appliance and the Content Security Management Appliance. Cisco has released updated software to fix […]

The RIG Exploit Kit is using malvertising to infect victims with Cryptowall ransomware, including one tiny New Hampshire town that proved backup is king when confronting ransomware.