69 matches found
Microsoft Patches A Pair of Zero-Days Under Active Attack
Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit; and Adobe issued a small group of updates, with surprisingly none for Acrobat Reader or Flash. Eleven of the critical bugs are for scripting...
Why traditional security isn't enough
We are constantly being bombarded with questions around the security of our data, but what about security for the devices needed to connect to that data? The world is a changing place and for those inclined to be unsavoury characters, a great place to anonymously make ill-gotten gains from...
How Reputation Intelligence Improves Application Security
Reputation intelligence is information about cyber entities known for specific activity, whether malicious or benign, which can be fed to and actioned on by a web application firewall WAF. It provides an additional application security layer by effectively identifying and blocking threats from...
Wallarm to sponsor OWASP AppSec USA
If you are a SecOps or DevOps professional you can not miss the application security event of the year: AppSec USA, September 19–22nd at Disney Coronado Spring Resort, Orlando, FL Use the code: UNLM50WLLRM to register to get $50 discount. You will get great information on the new security tools a...
Threat Intelligence for WAF
It’s all about security rules Stephen Hawking said, “Intelligence is the ability to adapt to change”. One could say much the same of web application firewalls and WAF security rules. With web applications now one of the most attacked components of IT infrastructures, organizations have a critical...
Adobe is Finally Killing FLASH — At the End of 2020!
Finally, Adobe is Killing FLASH — the software that helped make the Internet a better place with slick graphics, animation, games and applications and bring online video to the masses, but it has been hated for years by people and developers over its buggy nature. But the end of an era for Adobe...
Microsoft Office Word Malicious Hta Execution Exploit
This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild...
Microsoft Office Word Malicious Hta Execution
This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in...
Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe
Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides...
Microsoft Says Russian APT Group Behind Zero-Day Attacks
Microsoft has singled out Sofacy, an APT group long thought to have ties to Russia’s military intelligence arm GRU, as the entity behind targeted attacks leveraging Windows kernel and Adobe Flash zero days in targeted attacks. The group, which Microsoft calls Strontium, is also known as APT28, Ts...
The IE vulnerability is a doubling of Flash Player easy to be attack-vulnerability warning-the black bar safety net
Recently, foreign security vendor Bromium released a 2 0 1 4 annual security report, in 2 0 1 3 to 2 0 1 4 during the year, IE browser vulnerabilities to the large number doubled. At the same time, the report also analyzed the cybercriminals most commonly used vulnerabilities to attack the...
Microsoft EMET 5.0 Technical Preview Released
SAN FRANCISCO – Enterprises beat up by wave after wave of Java exploits and calls to disable the platform may soon have some relief in sight. Microsoft’s free Enhanced Mitigation Experience Toolkit will soon have a new feature that allows users to configure where plug-ins, especially those target...
Model Predicts Optimal Timing of a Cyber Conflict
Security researchers from the Ford School of Public Policy at the University of Michigan have published a mathematical model they said will produce the proper timing for the delivery of offensive cyberweapons. Defenders can also make use of the model to understand attackers and when an targeted...
Researchers, Vendors Await Google Disclosure Fallout
The endless loop that is the disclosure debate got a jolt of energy yesterday when Google said it would support researchers’ disclosure of details on actively exploited critical vulnerabilities just seven days after the researcher has notified the vendor in question. Google hopes the policy...
Firefox Continues to Curb Out-of-Date, Flawed Third-Party Plug-ins
After pushing its “click-to-play” blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser. The company is planning to make it so only the most recent version of Flash is automatically run on web pages while users will have...
Why I decided to uninstall Microsoft Security Essentials Antivirus?
Today I decided to remove Microsoft Security Essentials Antivirus from my system because Security Essentials failed another certification test by independent testing lab, AV-Test Institute. Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows...
Mozilla Weighing Opt-In Requirement for Web Plugins
Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security...
Mobile Based Wireless Network MiTM Attack Illustration
Mobile Based Wireless Network MiTM Attack Illustration Bilal Bokhari from zer0byte.com Illustrated perfect example of Mobile Based Wireless Network MiTM Attack on his blog. Bilal want to share this article with our Readers at THN, Have a look : If we look at the history of computer development, t...
VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...
Barracuda Networks Launches Bug Bounty Program for Security Products
Barracuda Networks announced on Tuesday that it will pay over $3,100 to anyone who can hack into its security products. This bug bounty program is the first of its kind from a pure-play security vendor. “This initiative reflects our commitment to our customers and the security community at large,...