Blog: In The News
You are here: Home \ Blog
Successful attacks against firmware are rare but provide hackers with one thing they covet most: persistence. Advanced attack groups have already accelerated their capabilities in finding ways to burrow into the BIOS and EFI as noted by the Snowden leaks’ description of the NSA’s attempts to develop malware implants for the BIOS. Further, last year’s...
It’s the end of an era. Oracle has announced its intent to nail the coffin shut on the Java browser plugin. The company confirmed Wednesday that it expects to deprecate the plugin in JDK 9, slated for release in September, and JRE, in a future Java SE release. Dalibor Topic, a member of Oracle’s Java Strategy...
The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity and exposes many popular applications to attack. The patches are in new releases of OpenSSL, 1.0.1r and 1.0.2f, along with an enhancement to the strength of the cryptography in a previous mitigation for last year’s Logjam...
Mike Mimoso talks to privacy and security veteran Jon Callas of Silent Circle about the digital footprint businesses and consumers leave, how to secure our private data, and how a new documentary sponsored by Silent Circle called “Power of Privacy” helps visualize how personal information is shared-and abused-online. Download: Jon_Callas_on_Securing_Private_Data.mp3 Music by Chris Gonsalves
A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections—where it’s been patched—and not to mention widely deployed application servers such as Oracle WebLogic, IBM WebSphere, Red Hat’s JBoss and others. PayPal this week put...
Attackers have begun using rigged Microsoft Word documents propagated via spearphishing emails to spread the BlackEnergy Trojan. Researchers with Kaspersky Lab’s Global Research and Analysis Team discovered a malicious Word document last week that appears to stem from a campaign against one of the malware’s favorite targets, Ukraine. Russian-speaking actors with the BlackEnergy APT group have...
Earlier this week Israel’s Electric Authority mitigated what officials there are calling a “severe cyber attack.” The Electric Authority is in charge of regulating and overseeing the distribution of electricity in Israel. The State of Israel’s National Infrastructure, Energy and Water Resources Minister Yuval Steinitz disclosed the incident, calling it a virus Tuesday, during closing...
The Internet of Things security challenge is twofold: finding bugs, and more urgent—fixing them. Cisco’s Talos security intelligence and research group found and privately disclosed a serious and trivially exploitable client-side bug in MiniUPnP that was patched in September of last year. The problem is: How many patches were applied by vendors in their products...
Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week. The most serious flaws were memory vulnerabilities that lived in both the public and extended support versions of the browser. A buffer overflow (write) in WebGL, the browser’s Web graphics library, was patched. WebGL...
Amazon is getting into the certificate game. The company announced late last week that it launched a certificate manager to expedite the process of securing SSL/TLS certificates for customers looking to add HTTPS to their sites or apps. The move comes less than a year after Amazon applied to Mozilla and the Android Open Source...
... 230231232233234235236237238 ... 243 ... 252 ... 261 ...