Researchers have released technical details and attack code for 30 security issues affecting Oracle’s Java Cloud Service. Some of the issues make it possible for attackers to read or modify users’ sensitive data or to execute malicious code, the researchers warned. Poland-based Security Explorations typically withholds such public airings until Continue Reading
The exploit that attackers are using to target a zero day vulnerability in Microsoft Word relies on a complex series of pieces, including an ASLR bypass, ROP techniques and shellcode with several layers of tools designed to detect and defeat analysis. Microsoft officials said the exploit is being used in Continue Reading
Facebook unveiled a new automated ThreatData security service, claiming the advanced malware-detection and mitigation service has already helped take down a criminal campaign. Facebook unveiled the ThreatData service in a blog post. ThreatData is a central intelligence tool designed to automatically detect, catalogue, offer IT administrators information on and combat Continue Reading
The number of cyber attacks targeting PHP sites using a known vulnerability has skyrocketed over the past six months, despite the availability of a patch fix for the exploit. Security firm Imperva reported detecting a marked increase in the number of attacks targeting a vulnerability in PHP, which was patched Continue Reading
Mozilla on Tuesday patched five vulnerabilities exploited by researchers last week at the Pwn2Own hacking contest, where they were awarded $200,000 for their collective efforts. Firefox 28 was primarily a security update, patching the five Pwn2Own flaws and 15 others. At the hacking challenge, co-sponsored by HP TippingPoint’s Zero Day Continue Reading
By