AV engines are riddled with exploitable bugs

Tuesday, July 29th, 2014

A security researcher has found a great number of exploitable vulnerabilities in popular security solutions and the AV engines they use, proving not only that AV engines are as vulnerable to zero day attacks as the applications they try to protect, but can also lower the operating system's exploit mitigations. "Installing ...

Angler Exploit Kit delivers Tor-using Critroni ransomware

Tuesday, July 22nd, 2014

Following an international takedown of Cryptolocker, new ransomware identified by Microsoft as Critroni.A has been gaining momentum since making a June appearance in underground marketplaces, according to a security researcher going by the name Kafeine. The malware – which is marketed as CTB-Locker (Curve-Tor-Bitcoin Locker) and costs $3,000 per month – ...

“Weaponized” exploit can steal sensitive user data on eBay, Tumblr, et al.

Tuesday, July 8th, 2014

A serious attack involving a widely used Web communication format is exposing millions of end users' authentication credentials on sites including eBay, Tumblr, and Instagram, a well-respected security researcher said Tuesday. The exploit—which stems from the ease of embedding malicious commands into Adobe Flash files before they're executed—has been largely mitigated ...

New OpenSSL vulnerability puts encrypted communications at risk of spying

Friday, June 6th, 2014

A newly discovered vulnerability that allows spying on encrypted SSL/TLS communications has been identified and fixed in the widely used OpenSSL library. The vulnerability, which is being tracked as CVE-2014-0224, can be exploited to decrypt and modify SSL (Secure Sockets Layer) and TLS (Transport Layer Security) traffic between clients and servers ...

Microsoft will patch IE zero day but doesn’t give timeline

Friday, May 23rd, 2014

Microsoft said Thursday it plans eventually to patch a vulnerability in Internet Explorer 8 that it's known about for seven months, but it didn't say when. A security research group within Hewlett-Packard called the Zero Day Initiative (ZDI) released details of the flaw on Wednesday after giving Microsoft months to address ...