Tag: Bugs

windows

Windows 8.1 Vulnerability Discovered by Google Security Team

Members of Google’s highly-regarded Zero security team have released details about a new privilege exploit they discovered buried deep in the central architecture of Windows 8.1. The exploit works by hijacking the way Microsoft validates impersonation level access keys in system bound processes (such as BITS). It was first reported to representatives at Technet back […]

obamacare

Agency Discovers Vulnerabilities In IRS Obamacare Fee Calculator

The IRS (Internal Revenue Agency) has not completely secured its system that calculates fees for pharmaceutical firms and health insurers under Obamacare, according to a report by an inspector general. Under the Affordable Care Act, the IRS is required to process sales information from drug manufacturers and premiums from health insurers for specific government-subsidized programs. […]

tor

Tor & Mozilla Team Up for Polaris

The Tor Project has announced a new partnership with Mozilla following much speculation on what the anonymous browser’s future plans are. The Polaris initiative also brings together the Center for Democracy & Technology. The three organizations will collaborate on new privacy features for users. Primarily Mozilla will be working with Tor on engineering and network […]

Mozilla Patches Flaw in Bugzilla Bug Reporter

In one of the more “Inception-esque” exploits this side of 2014, the security outfit CheckPoint Security have announced they have discovered a crack in Mozilla’s Bugzilla bug reporting software which allowed anyone who knew their way in the ability to view and record all the latest bugs that were appearing in system-wide version revisions of […]

VPN Providers Release ShellShock Updates

A number of VPN providers have posted updates regarding their services pertaining to ShellShock, the Bash vulnerability that has the security community on their toes this week. Viking VPN has announced that it has completed emergency patching on its services. “All VikingVPN services are now hardened against the attack,” writes Derek Zimmer on the VPN […]

Malware BlackEnergy Returns, Claims Over 100 Victims

Security firm ESET says that the ongoing malware attacks on Ukraine, Poland, and Brussels are aimed at stealing government and industrial secrets and not cash. According to ESET, these campaigns are spearheaded by criminal hackers rather than the government of Russia. A ‘Lite’ version of the malicious software BlackEnergy has been discovered in Poland and […]

Tor Developer Alleges that NSA and GCHQ ‘Leak’ Bugs in the Browser

Andrew Lewman, the executive director of the Tor browser, feels that American and British intelligence agents are thwarting their colleagues’ attempts to control and monitor the ‘Dark Web’ – a hidden area of the Internet where all identities and activities are concealed. The Tor browser allows people to access ‘hidden’ sites. While spies from both […]

Microsoft Releases Newest Round of Fixes

Microsoft has patched a number of bugs with nine new fixes, most notably updating Internet Explorer. Vulnerabilities that affect Internet Explorer 6 through 11 have been addressed. Some of the flaws discovered by Microsoft could have allowed remote code execution (RCE). “The most severe of these vulnerabilities could allow remote code execution if a user […]

Mozilla Releases Versions 31 of Firefox, Complete with Security Add-Ons

This week, Mozilla announced the release of the latest full update for Mozilla Firefox, which will include a bevvy of new features, including the ability to run individual file downloads against Google’s Safe Browsing repository. The service, which is designed to run files against reputation certificates on a global scale, should prevent illicit email attachments […]

Rosetta

Rosetta Flash Attack Takes eBay, Tumblr by Storm

A new problematic attack, which piggybacks on a commonly used web communication format, has started to plague popular websites like eBay, Tumblr, and Instagram, according to Google security engineer Michele Spagnuoio. The exploit, which relies on an embedded command found in most browser-based Flash versions, uses the internal binary of a SWF (or “Shockwave file”, […]

Symantec Declares Anti-virus “Dead”

A recent report from the Wall Street Journal confirmed what many of us have already known for years now: endpoint single-user anti-virus is dead, and we have advanced malware tactics to thank for that. According to several independent studies on the subject, commercially available anti-virus products only catch around half of all the attacks that […]