DoS attacks that took down big game sites abused Web’s time: Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets. Rather than directly flooding the targeted services with torrents of […]

WordPress Plugins Exploitation Through the Big Data Prism: According to Wikipedia, WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL, which runs on a web hosting service. Features include a plug-in architecture and a template system. WordPress is used by more than 18.9% of […]

Yahoo’s Malware Problem Highlights Need for Web Security Systems: Oscar Marquez, chief product officer at Total Defense, explained to me in an email that the methodology used in the recent Yahoo attack is not new, but what makes this attack different is the scope of the infection. Marquez explained: There was no user interaction needed […]

The Internet of Things Is Wildly Insecure — And Often Unpatchable: We’re at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself — as with the Internet of Things. These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them. […]

Security Expert Calls Yahoo’s Implementation of HTTPS “Troubling”IT Security News aggregated: On the surface, the fact that Yahoo! finally enabled HTTPS encryption for all Yahoo Mail users sounds like good news. However, one security expert called the move “too little too late” and found Yahoo’s actions “quite troubling.” As SecurityWeek reported, Yahoo announced this week […]

Siemens Fixes Authentication Bugs in Scalance X: Researchers have discovered two serious vulnerabilities in industrial Ethernet switches manufactured by Siemens that could enable attackers to perform unauthorized actions on the switches without authentication. One of the bugs allows attackers to hijack Web sessions and the other enables them to perform admin tasks on the switches. […]

Linux Kernel, Font Bugs Fixed in Ubuntu: A huge number of security vulnerabilities have been fixed in Ubuntu, including a remotely exploitable font flaw that an attacker could use to run arbitrary code on vulnerable machines. A number of Linux kernel flaws also were patched in some versions of the operating system. The font vulnerability […]

VMware Patches Vulnerabilities in ESX, ESXi: VMware has patched a vulnerability in its ESX and ESXi hypervisors that could allow unauthorized local access to files. “This issue may allow an unprivileged vCenter Server user with the privilege ‘Add Existing Disk’ to obtain read and write access to arbitrary files on ESXi or ESX,” the company […]

Sierra Wireless industrial gateways security vulnerabilities: A wireless gateway suitable for a number of industrial applications is vulnerable to remote exploit because of a lack of encryption in its update and reprogramming processes, an advisory from the Industrial Control Systems Cyber Emergency Response Team said yesterday. The Sierra Wireless AirLink Raven X EV-DO application has […]

OpenSSL site defacement involving hypervisor hack rattles nerves (updated): The official website for the widely used OpenSSL code library was compromised four days ago in an incident that is stoking concerns among some security professionals. Code repositories remained untouched in the December 29 hack, and the only outward sign of a breach was a defacement […]