Better go make a fresh pot of coffee and pull up a seat: Oracle’s put out a bonanza of a patch dump, offering 253 fixes for 76 products.
Of those, 15 are critical, with a Common Vulnerability Scoring System (CVSS) score of 9.0 or over. Some allow complete system compromise over HTTP.
In its short-form advisory, Oracle also passed on a “please will you fix these things immediately” message, saying that it’s seeing successful attacks on systems that customers didn’t get around to patching.
Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites.
But the Court of Justice of the European Union (CJEU) also said in its judgment on Wednesday that one legitimate reason for a site operator to store them is "to protect itself against cyberattacks."
The case was referred to the CJEU by the German Federal Court of Justice, after an action brought by German Pirate Party politician Patrick Breyer. He asked the courts to grant an injunction to prevent websites that he consults, run by federal German bodies, from collecting and storing his dynamic IP addresses.
PRAGUE — A man identified as a Russian hacker suspected of pursuing targets in the United States has been arrested in the Czech Republic, the police announced Tuesday evening.
The suspect was captured in a raid at a hotel in central Prague on Oct. 5, about 12 hours after the authorities heard that he was in the country, where he drove around in a luxury car with his girlfriend, according to the police. The man did not resist arrest, but he had medical problems and was briefly hospitalized, the police said in a statement.
David Schön, a police spokesman, said on Wednesday that the arrest of the man, whose name has not been released, was not announced immediately “for tactical reasons.”
Researchers have devised a technique that bypasses a key security protection built into just about every operating system. If left unfixed, this could make malware attacks much more potent.
ASLR, short for "address space layout randomization," is a defense against a class of widely used attacks that surreptitiously install malware by exploiting vulnerabilities in an operating system or application. By randomizing the locations in computer memory where software loads specific chunks of code, ASLR often limits the damage of such exploits to a simple computer crash, rather than a catastrophic system compromise. Now, academic researchers have identified a flaw in Intel chips that allows them to effectively bypass this protection. The result are exploits that are much more effective than they would otherwise be.
An alleged Russian hacker arrested in the Czech Republic following an FBI-coordinated tip-off is suspected of taking part in a 2012 breach of LinkedIn that resulted in the theft of more than 117 million user passwords, representatives of the professional networking site said Wednesday.
"Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI's case to pursue those responsible," company officials said in a statement. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity."
Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home.
The domain name where the Mirai source code was originally placed for download — santasbigcandycane[dot]cx — is registered at the same domain name registrar that was used to register the now-defunct DDoS-for-hire service vdos-s[dot]com.
Normally, this would not be remarkable, since most domain registrars have thousands or millions of domains in their stable. But in this case it is interesting mainly because the registrar used by both domains — a company called namecentral.com — has apparently been used to register just 38 domains since its inception by its current owner in 2012, according to a historic WHOIS records gathered by domaintools.com.