Details on WordPress Zero Day Disclosed

LinuxSecurity.com: WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver.

From: Linux Security

Share

Google Provides Detailed Analysis of GitHub Attack Traffic

LinuxSecurity.com: The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections.

From: Linux Security

Share

The Further Democratization of Stingray

LinuxSecurity.com: Stingray is the code name for an IMSI-catcher, which is basically a fake cell phone tower sold by Harris Corporation to various law enforcement agencies. (It’s actually just one of a series of devices with fish names — Amberjack is another — but it’s the name used in the media.) What is basically does is trick nearby cell phones into connecting to it.

From: Linux Security

Share

Paypal Exec Aims to take Biometrics to a Whole New Level: Goodbye Passwords

LinuxSecurity.com: The head of developer advocacy for Paypal and Braintree, Jonathan Leblanc, has an idea that will seem absurd to some, innovative to others and terrifying to still others. The executive of the multi-billion dollar eBay subsidiary suggests in a recent presentation called “Kill All Passwords” that “true integration with the human body” is the way forward.

From: Linux Security

Share

Hacking Airplanes

LinuxSecurity.com: Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some “Die Hard” reboot, but it’s actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.

From: Linux Security

Share