Dennis Fisher and Mike Mimoso discuss the post-RSA news, including the MySQL bug, the progress of the OpenSSL overhaul and the wildly entertaining House hearing on crypto backdoors.
Browsing Category: Web Security
Researchers at Seculert have found a new version of the Dyre banking malware, one that is adept at avoiding sandbox detection.
Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some[…]
A Congressional hearing on encryption and “frontdoors” produced a generous amount of the usual “crazy” from lawmakers and law enforcement.
Details on a number of unpatched vulnerabilities in a popular WordPress ecommerce plugin called CartPress were disclosed.
A potentially dangerous XSS vulnerability has existed in eBay for more than a year and it doesn’t appear the company is a rush to fix the issue.
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.
Google is rolling out a new extension for Chrome that will monitor users’ logins and warn them if they enter a Google password on a non-Google page, a move designed to help protect users against phishing attacks. The new extension, called Password Alert, works for both consumer accounts and Google Apps for Work accounts. Company[…]
Malware that uses macros as part of its infection method has been around for more than a decade, and was one of the first major techniques to drive changes at software vendors such as Microsoft. The tactic has been making a comeback of late, and Microsoft is seeing a major spike in the volume of[…]
WordPress quickly turned around a patch for a stored cross-site scripting zero-day vulnerability in the CMS’ core engine.