The weaponization of Internet of Things (IoT) botnets helped fuel a 60% increase in the size of distributed denial of service (DDoS) attacks last year, Arbor Networks reports.
read more
Comments Widget Exposed Many Websites to Attacks
A stored cross-site scripting (XSS) vulnerability found in a popular comments widget exposed a large number of websites to attacks. The security hole was quickly patched by the product’s developers.
A 14-year-old security enthusiast named Ibram Marzouk recently discovered a stored XSS flaw in the comments section of code snippet marketplace PasteCoin.
read more
Apple Patches Dozens of Vulnerabilities Across Product Lines
Apple this week released a new set of important security updates for its products, to patch dozens of vulnerabilities in macOS, iOS, watchOS, tvOS, and Safari, as well as in the iCloud and iTunes for Windows applications.
read more
Microsoft Unveils Windows Defender Security Center
The upcoming Windows 10 Creators Update was designed to make available security protections easily accessible via a new experience called the Windows Defender Security Center, Microsoft says.
read more
Shamoon Attacks Possibly Aided by Greenbug Group
The stolen credentials used in the recent Shamoon attacks aimed at organizations in the Persian Gulf may have been supplied by a threat group tracked by Symantec as “Greenbug.”
read more
The Importance of Threat Modeling
In cyber security, it feels like at least once a week there’s a news story that gets people spun up in a panic. While there is no shortage of vulnerabilities and critical issues in the world, not everything applies to everyone. Hence, the importance of threat modeling.
read more
Facebook Vulnerability Allowed Removal of Any Video
Facebook has awarded a researcher $10,000 for finding a serious vulnerability that could have been exploited remotely to delete any video from the social media website.
read more
Critical WebEx Extension Vulnerability Allows Code Execution
Google Project Zero researcher Tavis Ormandy has discovered a critical remote code execution vulnerability in the Cisco WebEx browser extension. Cisco’s initial fix does not appear to be complete, which has led to Google and Mozilla temporarily removing the add-on from their stores.
read more
Source Code for BankBot Android Trojan Leaks Online
The source code of Android banking Trojan BankBot, along with instructions on how to use it, recently emerged on a hacker forum, Doctor Web security researchers have discovered.
read more
Sale of Core Yahoo Assets to Verizon Delayed
San Francisco – Yahoo said Monday that the closing of a $4.8 billion deal to sell its core internet assets to US telecom titan Verizon has been delayed several months.
read more
