Two Google developers, Reilly Grant and Ken Rockot, have uploaded an unofficial (for now) draft to the World Wide Web Consortium's Web Incubator Community Group (W3C WICG) that describes a method of interconnecting USB-capable devices to Web pages.
The WebUSB API draft, published on March 21, describes an API (Application Program Interface) that will provide a safe way to expose USB-capable devices to Web services.
This API doesn't address USB thumb drives as some of you might think, but all devices that connect to PCs through USB ports, and can vary from USB keyboards to complex Internet of Things (IoT) equipment.
Some of the Netherland' most popular websites have fallen victim to a malvertising campaign that managed to compromise a widely used ad platform, security researchers reported on Monday.
The malicious ads were served over at least 11 sites including marktplaats.nl, the Netherlands equivalent to eBay and the country's seventh most visited website, according to a blog post published by security firm Fox IT. Other affected sites included news site nu.nl (which is ranked No. 14), weather site buienradar.nl (54), and startpagina.nl (67). Other widely visited sites were operated by commercial TV stations and magazines.
The attack knocked out the web pages of as many as 20 major US banks and financial institutions, sometimes for several days.
Speaking to AFP, military spokesman Mikael Abramsson said that a server in the Swedish defense system had a flaw which was exploited by hackers to carry out the attacks, confirming a report in the Swedish daily DN.
Analysts from Risk Based Security (RBS) examined the data dump, which they say contained 38,768 folders with 274,477 files from 55 different website domains, belonging to both national agencies and private companies. The data contained database dumps, and even server passwords.
If attackers have control over the browser on the PC of a user using Google services (like Gmail, Google+, etc.), they can push any app with any permission on any of the user's Android devices, and activate it - allowing one to bypass 2-factor authentication via the phone. Moreover, the installation can be stealthy (without any icon appearing on the screen). For short, we refer to the vulnerability as the BAndroid (Browser-to-Android) vulnerability and to attacks that abuse it as BAndroid attacks.
CVE-2016-1019 affects all versions of Adobe Flash Player but is only currently exploitable to versions 126.96.36.1996 and earlier. It is a type confusion vulnerability which exists in Action script 2 FileReference class’s type checking mechanism.
One year after the release of the technical analysis of the Mumblehard Linux botnet, we are pleased to report that it is no longer active. ESET, in cooperation with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the Mumblehard botnet, stopping all its spamming activities since February 29th, 2016.