Apache Patches DoS, Information Disclosure Bugs in Tomcat
Apache recently patched denial of service and information disclosure vulnerabilities in its Tomcat web server.
Web Security
Monsanto Suffers Data Breach at Precision Planting Unit
Monsanto has disclosed a data breach that involved the personal information of customers and employees of its Precision Planting subsidiary.
San Diego State Warns of Possible Data Breach
San Diego State University has notified some of its current and former enrollees that some of their personal information may have been accessed by unauthorized users.
The Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project.
HackerOne, has scored a major coup in hiring Katie Moussouris, the driving force behind Microsoft’s bounty program, to oversee its policy and disclosure philosophy and work with customers on the intricacies of vulnerability disclosure.
Pinterest has become the latest major Web property to start a bug bounty program, joining the Bugcrowd platform and offering researchers rewards of up to…a shirt. The site, which enables users to post photos, recipes and other information, announced the new reward program Tuesday. Company officials said that Pinterest was looking for more people to […]
UPDATE–The small, but growing, group of companies that supply so-called lawful intercept gear to intelligence agencies and law enforcement organizations around the world have operated mostly under the radar until very recently. Their products are used to record and scrutinize the communications of suspected criminals and terrorists, but now they’re finding that their products are […]
Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to crash by sendin specially crafted packets to the Web interface of a vulnerable device. […]
The LulzSec hacker-turned-informant known as Sabu avoided any more jail time and was sentenced to time served on Tuesday for his part in leading several of the group’s attacks on high-profile targets. Hector Monsegur walked out of court in New York a free man, thanks to his cooperation with the FBI in identifying and tracking […]
UPDATE–Researchers have discovered a hybrid Trojan that combines elements of two of the more notorious crimeware strains of the last few years: Zeus and Carberp. It’s not uncommon for malware writers to steal bits and pieces of code from one another, but both Zeus and Carberp were once exclusively private tools, but the source code […]
