Security Alerts & News
by Tymoteusz A. Góral

History
#1254 New attack steals SSNs, e-mail addresses, and more from HTTPS pages
The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don't have the ability to monitor a targeted end user's Internet connection.

The exploit is notable because it doesn't require a man-in-the-middle position. Instead, an end user need only encounter an innocuous-looking JavaScript file hidden in an Web advertisement or hosted directly on a webpage. The malicious code can then query a variety of pages protected by the secure sockets layer or transport layer security protocols and measure the precise file sizes of the encrypted data they transmit. As its name suggests, the HEIST technique—short for HTTP Encrypted Information can be Stolen Through TCP-Windows—works by exploiting the way HTTPS responses are delivered over the transmission control protocol, one of the Internet's most basic building blocks.
Read more
#1254 New attack steals SSNs, e-mail addresses, and more from HTTPS pages
#1253 Hacker compromises Fosshub to distribute MBR-hijacking malware
#1252 Bitcoin value falls off cliff after $77M stolen in Hong Kong exchange hack
#1251 SMiShing and the rise of mobile banking attacks
#1250 FBI's hacking tool found to have compromised dozens of computers in Austria
#1249 Google patches dozens of critical Qualcomm components flaws
#1248 Hackers hijack a big rig truck’s accelerator and brakes
#1247 Data of 200 nillion Yahoo users pops up for sale on the Dark Web
#1246 Hackers break into Telegram, revealing 15 million users’ phone numbers
#1245 Cloud storage provider Backblaze really likes the reliability of the new 8TB drives
#1244 Bitfinex bitcoin exchange offline after potentially costly security breach
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12