Collaborate Disseminate
An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.The flaw was discovered by researchers from security consultancy DefenseCode and is located … Continue reading Unpatched vulnerability exposes Magento online shops to hacking
An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.The flaw was discovered by researchers from security consultancy DefenseCode and is located … Continue reading Unpatched vulnerability exposes Magento online shops to hacking
Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers.The top priority this month should be given to the Microsoft Office security update because one… Continue reading Microsoft fixes 45 flaws, including three actively exploited vulnerabilities
Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers.The top priority this month should be given to the Microsoft Office security update because one… Continue reading Microsoft fixes 45 flaws, including three actively exploited vulnerabilities
In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.
The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn’t have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.
The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain. The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.
To read this article in full or to leave a comment, please click here
Continue reading DNS record will help prevent unauthorized SSL certificates
In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.
The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn’t have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.
The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain. The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.
To read this article in full or to leave a comment, please click here
Continue reading DNS record will help prevent unauthorized SSL certificates
The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit and used it to target millions of users.
The exploit’s existence was revealed Friday by security researchers from antivirus vendor McAfee, but targeted attacks using it have been happening since January. After McAfee’s limited public disclosure, researchers from FireEye confirmed having tracked the attacks for several weeks as well.
The exploit takes advantage of a logic bug in the Windows Object Linking and Embedding (OLE) feature of Microsoft Office. It allows attackers to embed malicious code inside of Microsoft Word documents, with the code automatically executed when those files are opened.
To read this article in full or to leave a comment, please click here
Continue reading Dridex gang uses unpatched Microsoft Word exploit to target millions
The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit and used it to target millions of users.
The exploit’s existence was revealed Friday by security researchers from antivirus vendor McAfee, but targeted attacks using it have been happening since January. After McAfee’s limited public disclosure, researchers from FireEye confirmed having tracked the attacks for several weeks as well.
The exploit takes advantage of a logic bug in the Windows Object Linking and Embedding (OLE) feature of Microsoft Office. It allows attackers to embed malicious code inside of Microsoft Word documents, with the code automatically executed when those files are opened.
To read this article in full or to leave a comment, please click here
Continue reading Dridex gang uses unpatched Microsoft Word exploit to target millions
A group of hackers that has been trying to sell exploits and malware allegedly used by the U.S. National Security Agency decided to make the data available for free over the weekend.The security community was expecting the password-encrypted archive… Continue reading Latest Shadow Brokers exploit dump poses little threat
A group of hackers that has been trying to sell exploits and malware allegedly used by the U.S. National Security Agency decided to make the data available for free over the weekend.The security community was expecting the password-encrypted archive… Continue reading Latest Shadow Brokers exploit dump poses little threat