Information Security News
Federal Cybersecurity by the Numbers: The Biggest Spenders and the Biggest Threats
But the annual scorecard tracking agencies' compliance with the Federal Information Security Management Act, shows some agencies are, in fact, backsliding when it comes to robust security measures. ... First, the good news. The chart above shows the ...
NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.
The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.
"These vulnerabilities allow a seemingly innocuous extension to reuse security-critical functionality provided by other legitimate, benign extensions to stealthily launch confused deputy-style attacks," the researchers wrote in a paper that was presented last week at the Black Hat security conference in Singapore. "Malicious extensions that utilize this technique would be significantly more difficult to detect by current static or dynamic analysis techniques, or extension vetting procedures."
WhatsApp has enabled end-to-end encryption across all versions of its messaging and voice calling software, according to a Tuesday announcement on the company's website.
Given that WhatsApp is already in use by over 1 billion people worldwide, as users upgrade to the latest version, it will become the most widely used end-to-end crypto tool.
"We live in a world where more of our data is digitized than ever before," Jan Koum, a WhatsApp co-founder, wrote in a company blog post on Tuesday. "Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people's digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities."
We have added new features relating to our coverage of Microsoft patches andimported the legacy patch diary tables into our new system going back to 2006.
Please note that the data may be incomplete or inaccurate in some cases. If you find errors, please leave a comment on this thread.
Alex Stanford - GIAC GWEB GSEC,
Research Operations Manager,
SANS Internet Storm Center
Diana Kelley of IBM to Speak at Rock Stars of Risk-Based Security on the Tie Between the Animal Kingdom and ...
PR Newswire (press release)
She also served on the Advisory Board for InfoSec World 2015 and on the IBM Network Science Research Center Smart Grid Advisory Group. Kelley joins a roster of the top minds and innovators in the cyber security field at Rock Stars of Risk-Based ...