Information Disclosure

Microsoft on Friday warned of a new Windows scripting vulnerability that could result in information disclosure.

The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM

Facebook has plugged a cross-site request forgery (CSRF) vulnerability that could have allowed attackers to alter privacy settings and deface profiles on the behalf of unwitting users, according to a security advisory released Monday by network security firm Alert Logic. The "critical" bug could had been exploited by bypassing Facebook's anti-CSRF controls and tricking a logged-in user to click on a malicious link. The vulnerability, discovered by M.J. Keith, senior security analyst at Alert Logic, was reported to Facebook on May 11 and patched Monday. The flaw appears to never have been publicly known. — DK

The organized and well-resourced cybercriminals who compromised systems at Google, Adobe and more than 30 other large companies used a previously unknown, zero-day Internet Explorer exploit as part of their arsenal to install data-stealing malware on target machines, researchers at McAfee revealed Thursday.

For the first time, the U.S. House of Representatives will require its staff and members to take part in an annual IT security training program -- one of the mandates under new policy set to take effect next year.

Another day, another social-networking threat -- this one involving the potential of information disclosure on Facebook.