Archives for October, 2016
Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk.
A variant of the Nymaim dropper has surfaced, and it includes new delivery methods, obfuscation techniques, and the use of PowerShell to download payloads.
The Shadowbrokers dumped lists of hacked servers compromised by the Equation Group and allegedly used in its campaigns.
The Article 29 Working Party, an EU privacy coalition urges WhatsApp to clarify that user information shared between the company and Facebook is compliant with data protection laws on the books in Europe.
In a move to bolster security for the Chrome browser, Google sets a date for making Certificate Transparency mandatory for website owners.
A buffer overflow found in the Mirai botnet could eliminate its ability to carry out HTTP flood attacks. But exploiting that vulnerability puts defenders in a gray area with regard to hacking back.
Apple addressed vulnerabilities in iTunes and iCloud for Windows, and Xcode Server on Thursday.
Mike Mimoso and Chris Brook recap the news of the week, including the storylines around last week's Dyn DDoS attack, Keen Team winning big again at Pwn2Own, and a fake Windows installer.
Cisco warns of 16 flaws in its latest security bulletin, mostly impacting its Cisco AsyncOS software used in its Email Security Appliances.
Microsoft announced it has extended a feature in Office 2016 that protects against malicious macros to Office 2013.