Security News

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.

The operation converted its sales into crypto-coins that were sent to ISIS. Uncle Sam said the seized coins will be sent to a fund established for the victims of terrorist attacks. The team at Trend Micro has spotted something you don't see every day: malware for macOS exploiting zero-days.

Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy rules since Chrome 73. Tracked as CVE-2020-6519, the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites.

Google's Chrome Web Store is once again under fire for poor policing of harmful extensions. The bad extensions consist of fake ad blockers that inject adverts into search results rather than blocking them, fake ad blockers that engage in cookie stuffing to defraud advertisers, and extensions involved in spam-related abuse.

A spokesperson for Intel told us the information was likely taken from its Resource and Design Center, which is a private library of resources for computer manufacturers and the like to build systems using Intel's silicon. The IOH SR 17 probably refers to scratchpad register 17 in the I/O hub, part of Intel's chipsets, that is used by firmware code.

A spokesperson for Intel told us the information was likely taken from its Resource and Design Center, which is a private library of resources for computer manufacturers and the like to build systems using Intel's silicon. The IOH SR 17 probably refers to scratchpad register 17 in the I/O hub, part of Intel's chipsets, that is used by firmware code.

"I poked about in the Zoom app and noticed the default passwords being six digits and numeric, meaning one million maximum passwords," Anthony explained in a write-up this week. While Anthony focused on the web client for his research, he believed the issue was present in all forms of the Zoom client.

Citrix Web App and API Protection is a new, cloud-delivered service that provides comprehensive security for applications and APIs in multi-cloud environments. "The flexible models for work and multi-cloud application deployment that companies must now support have greatly expanded the attack surface that IT needs to defend," said Mihir Maniar, Vice President of Product Management, Networking, Citrix.

Amazon Web Services, an Amazon.com company, announced the general availability of Amazon Interactive Video Service, a new fully managed service that makes it easy to set up live, interactive video streams for a web or mobile application in just a few minutes. Customers can then combine the Amazon IVS SDK and APIs to attach structured text data to video streams, and create interactive content, including polls, surveys, and leaderboards, all of which are automatically synchronized to the live video.

NSS Labs released the results of its web browser security test after testing Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, for phishing protection and malware protection. Key takeaways Phishing protection rates ranged from 79.2% to 95.5%. For malware, the highest block rate was 98.5% and the lowest block rate was 5.6%. Protection improved over time; the most consistent products provided the best protection against phishing and malware.