Hacking

NSA: We Disclose 90% of the Flaws We Find
Hacking

NSA: We Disclose 90% of the Flaws We Find

In the wake of the release of thousands of documents describing CIA hacking tools and techniques earlier this month, there has been a renewed discussion in the security and government communities about whether government agencies should disclose any vulnerabilities they discover. While raw numbers on vulnerability discovery are hard to come […]

Site Hacks Continue to Spike, Google Says
Hacking

Site Hacks Continue to Spike, Google Says

The number of sites hacked last year increased by nearly one third compared to 2015, Google said in a new report, a trend that the company expects will continue in years to come. Google’s crawlers constantly check sites for a number of different properties, including the presence of certain types […]

Critical Cisco Flaw Found Buried in Vault 7 Documents
Hacking

Critical Cisco Flaw Found Buried in Vault 7 Documents

Hundreds of models of Cisco switches are vulnerable to a remote-code execution bug in the company’s IOS software that can be exploited with a simple Telnet command. The vulnerability was uncovered by company researchers in the CIA hacking tool dump known as Vault 7. The bug is a critical one […]

Struts Vulnerability Attracting Plenty of Attackers
Hacking

Struts Vulnerability Attracting Plenty of Attackers

Attackers are continuing to seek out and exploit vulnerable servers running vulnerable versions of the Apache Struts framework, with hundreds of separate sources trying to take advantage of the bug. The vulnerability lies in the way that some versions of the Struts framework handles some content-type values. An attacker who […]

Hackers Targeting Critical Apache Struts Flaw
Hacking

Hackers Targeting Critical Apache Struts Flaw

Attackers are targeting a critical vulnerability in the Apache Struts framework, using exploits that have been published online to go after thousands of vulnerable sites. On Monday, the Apache Software Foundation published an advisory about the vulnerability, saying that the bug enabled remote code execution in certain situations. Almost immediately afterward, […]

Questions Arise Over CIA Handling of Vulnerabilities
Hacking

Questions Arise Over CIA Handling of Vulnerabilities

The release of a large trove of documents and tools that are linked to CIA’s cyber espionage activities has raised a lot of questions, especially about the way that the agency and other government groups handle information on undisclosed vulnerabilities. Some of the documents, released by Wikileaks Tuesday, show that […]

Bill Would Legalize Active Defense Against Hacks
Hacking

Bill Would Legalize Active Defense Against Hacks

A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as […]