New ASLR-busting JavaScript is about to make drive-by exploits much nastier

Saturday, February 18th, 2017

For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious ...

Posted in Internet, Security | No Comments

Easy-to-exploit authentication bypass flaw puts Netgear routers at risk

Wednesday, February 1st, 2017

For the past half year Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it's still not done. While Netgear has worked to fix the issue, the list of affected router models increased to 30, of which only 20 have firmware fixes available ...

Posted in Hardware, Internet, Networking, Security | No Comments

Widely used WebEx plugin for Chrome will execute attack code

Monday, January 23rd, 2017

The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit. A combination of factors makes the vulnerabilities among the most ...

Posted in Internet, Security, Software | No Comments

Mozilla and Tor release urgent update for Firefox 0-day under active attack

Wednesday, November 30th, 2016

Developers with both Mozilla and Tor have published browser updates that patch a critical Firefox vulnerability being actively exploited to deanonymize people using the privacy service. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. ...

Posted in Internet, Security, Windows | No Comments

Moving Beyond EMET

Thursday, November 3rd, 2016

Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply ...

Posted in Internet, Security, Windows | No Comments

Copyright 2008-2021 PC Sympathy - Entries (RSS) - Sitemap