Latest news

Hackers Targeting Critical Apache Struts Flaw
Hacking

Hackers Targeting Critical Apache Struts Flaw

Attackers are targeting a critical vulnerability in the Apache Struts framework, using exploits that have been published online to go after thousands of vulnerable sites. On Monday, the Apache Software Foundation published an advisory about the vulnerability, saying that the bug enabled remote code execution in certain situations. Almost immediately afterward, […]

Questions Arise Over CIA Handling of Vulnerabilities
Hacking

Questions Arise Over CIA Handling of Vulnerabilities

The release of a large trove of documents and tools that are linked to CIA’s cyber espionage activities has raised a lot of questions, especially about the way that the agency and other government groups handle information on undisclosed vulnerabilities. Some of the documents, released by Wikileaks Tuesday, show that […]

Bill Would Legalize Active Defense Against Hacks
Hacking

Bill Would Legalize Active Defense Against Hacks

A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as […]

Multistage Malware Uses DNS System for Communications
Hacking

Multistage Malware Uses DNS System for Communications

Security researchers have identified a multi-stage piece of malware that uses a number of innovative tricks to stay persistent on infected machines and employs the DNS infrastructure as a command-and-control mechanism. The malware, analyzed by researchers at Cisco Talos, comes in the form of a rigged Word document contained in […]

Yahoo: 32 Million User Cookies Were Stolen
Hacking

Yahoo: 32 Million User Cookies Were Stolen

Yahoo executives didn’t understand the severity and scope of the 2014 attack that led to the theft of user data and, as a result, failed to investigate the incident as well as they should have, the company said in a regulatory filing. Attackers, who the company has said were state […]