Archives: December 2015
You are here: Home \ 2015 \ December \ Page 2
Juniper Networks today has released an emergency patch that removes what it’s calling “unauthorized code” from ScreenOS that could allow attackers to decrypt VPN traffic from NetScreen devices. Juniper has not commented on the origin of the code it found. However, Juniper’s products were singled out, among others, in the National Security Agency’s product catalog...
A security researcher is in a bit of a scrum with Facebook over vulnerability disclosures that not only tested the boundaries of the social network’s bug bounty program, but also prompted threats of legal and criminal action. Wesley Wineberg, a contract employee of security company Synack, said today in a personal blogpost and in emails...
A strain of point-of-sale malware that began making the rounds on underground markets late last month is easy to use, but less sophisticated than initial reports suggested. According to researchers at Talos, Cisco’s research division, Pro PoS is mostly built on Alina, another type of POS malware which had its source code leaked earlier this...
Four leading network management system providers are busying patching and preparing fixes for a half-dozen critical cross-site scripting and SQL injection vulnerabilities disclosed Wednesday by Rapid7. Two of the affected vendors, Spiceworks and Opsview, have already patched their respective products, while Ipswitch had promised to patch two bugs in its NMS product yesterday, and Castle...
A trove of MacKeeper user data—some 13 million records—has been locked down after a researcher found an exposed and accessible database using a simple Shodan query. Chris Vickery revealed his discovery on Monday on Reddit in more of an appeal to reach officials at Kromtech, the parent company that owns MacKeeper, a suite of performance...
Attacks are accelerating against a now-patched Joomla zero-day vulnerability, putting pressure on site administrators to update quickly. The patch was published on Monday, but not before attacks were spotted in the wild and carried out for at least two days, said researchers at security company Sucuri. The zero-day vulnerability affects all Joomla versions from 1.5 to...
A relatively small number of Twitter users, including a few connected to security and privacy advocacy, have been informed that their accounts have been targeted by state-sponsored hackers. Notifications began appearing in the inboxes of affected users two days ago, with very little concrete information accompanying the warning. Twitter said in the notification that the...
A new run of Spy Banker banking malware infections has been targeting Portuguese-speaking victims in Brazil. While Spy Banker is an old threat, dating back to 2009 according to some security companies, the latest wrinkle attackers are taking is a new one. The campaign, spotted by researchers at Zscaler, spreads primarily over social media—Facebook for...
Now that encryption has been elevated to a default technology on mobile devices, the government has heightened its “Going Dark” rhetoric, again on Wednesday insisting during a Senate Judicial Committee hearing that Silicon Valley figure out how to deliver plain-text communication between criminal and terror suspects to law enforcement. FBI Director James Comey and California...
An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses. The attacks happened on Nov. 30 and again on Dec. 1, and each time, massive volumes of traffic, peaking at five million queries per second, were fired...