Security Alerts & News
by Tymoteusz A. Góral

History
#1477 Mozilla patching Firefox certificate pinning vulnerability
Mozilla is expected tomorrow to patch a critical vulnerability in Firefox’s automated update process for extensions that should put the wraps on a confusing set of twists surrounding this bug. The flaw also affected the Tor Browser and was patched Friday by the Tor Project.

The vulnerability first saw light of day last week when a researcher who goes by the handle movrck published his disclosure. He said that a resourced attacker with the ability to steal or forge a TLS certificate for addons.mozilla.org could put the entire Tor (and Firefox) ecosystem at risk to compromise.
Read more
#1486 DDoS mitigation firm has history of hijacks
#1485 Data-stealing Qadars Trojan malware takes aim at 18 UK banks
#1484 Vulnerability patched in WordPress theme that allows unrestricted uploads
#1483 324,000 payment cards breached, CVVs included
#1482 Fake AV makes it onto Google Play
#1481 Cisco IOS Software Checker
#1480 Untangling the Ripper ATM malware
#1479 Ransomware's next target: Your car and your home
#1478 Cisco warns of second firewall bug exposed by Shadow Brokers
#1477 Mozilla patching Firefox certificate pinning vulnerability
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12