threatpost (13)

What Triggers HTTPS Chrome Browser Warnings?

Researchers combed through 2,000 Chrome error reports to better classify HTTPS error warnings.

Malware Steals Data From Air-Gapped Network via Security Cameras

Proof-of-concept malware called aIR-Jumper can be used to bypass air-gapped network protections and send data in and out of network.

Deep-Learning PassGAN Tool Improves Password Guessing

A deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.

Cloud-Focused Firms Earn High Marks for Software Security in BSIMM8 Report

Businesses that are cloud-focused tend to run the most secure software, while the healthcare sector is struggling the most when it comes to accomplishing the same goal, according to the BSIMM8 Report.

iOS 11 Update includes Patches for Eight Vulnerabilities

Apple released a number of patches, including a security update for iOS 11, which is available today.

Equifax Suffered Earlier Breach in March

Equifax suffered another breach of its systems, back in March, the company revealed Monday.

Risks Limited With Latest Apache Bug, Optionsbleed

The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw.

Attackers Use Undocumented MS Office Feature to Leak System Profile Data

An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed.

Pirate Bay Spotted Hosting Monero Cryptocurrency Miner

A cryptocurrency miner surfaced on The Pirate Bay for a day over the weekend.

Rogue WordPress Plugin Allowed Spam Injection

A rogue version of the WordPress plugin called Display Widget' allowed third-parties to injecting spam advertising content into victims' sites.

VMware Patches Bug That Allows Guest to Execute Code on Host

Users who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, are being encouraged to update to address a series of vulnerabilities, one critical.

Equifax Confirms March Struts Vulnerability Behind Breach

Equifax divulged on Wednesday that the culprit behind this summer's breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March.

Premium SMS Malware 'ExpensiveWall' Infects Millions of Android Devices

Google has ejected 50 apps from its Google Play store that were harboring mobile malware dubbed ExpensiveWall.