Security Alerts & News
by Tymoteusz A. Góral

History
#1975 Newly discovered flaw undermines HTTPS connections for almost 1,000 sites
Encrypted connections established by at least 949 of the top 1 million websites are leaking potentially sensitive data because of a recently discovered software vulnerability in appliances that stabilize and secure Internet traffic, a security researcher said Thursday.

The bug resides in a wide range of firewalls and load balancers marketed under the F5 BIG-IP name. By sending specially crafted packets to vulnerable sites, an attacker can obtain small chunks of data residing in the memory of connected Web servers. The risk is that by stringing together enough requests, an attacker could obtain cryptographic keys or other secrets used to secure HTTPS sessions end users have established with the sites, security researcher Filippo Valsorda told Ars.
Read more
#1978 Google Project Zero: How we cracked Samsung's DoD and NSA-certified Knox
#1977 AthenaGo RAT uses Tor2Web proxy system to hide C&C server
#1976 DynA-Crypt not only encrypts your files, but also steals your info
#1975 Newly discovered flaw undermines HTTPS connections for almost 1,000 sites
#1974 Finding Ticketbleed
#1973 Google let scammers post a perfectly spoofed Amazon ad in its search results
#1972 The startup paying people to legally hack Uber, Nintendo, and Starbucks just got another $40 million to keep growing
#1971 Fileless attacks against enterprise networks
#1970 Mirai gets a Windows version to boost distribution efforts
#1969 This modular backdoor malware is now the most common threat to Android smartphones
#1968 Mac malware, possibly made in Iran, targets US defense industry
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12