Web Security News, Articles and Updates
The US-CERT issued an alert this week, warning of a "domain name collision" bug, causing certain DNS queries to be resolved on public instead of private or enterprise servers, exposing organizations to Man-in-the-Middle attacks.
On the heels of a breach last week at LinkedIn that exposed passwords of 117 million users, Microsoft has put in place new password security for users of its Azure Active Directory.
A security update for Adobe Connect for Windows released Monday resolves an untrusted search path vulnerability in the add-in installer for Connect versions 9.5.2 and earlier.
Information security bug-bounty hunter Arne Swinnen used several flaws with Instagram's login system to brute force his way into the social media giant and gain access to member accounts.
As many as 100 people are believed to have taken part in a heist of nearly $13 million (USD) from 1,400 cash machines in Japan.
A variant of the malware family Acecard was detected in the Google Play store by researchers at Lookout.
Remote attackers have been shut out of the IPsec code of Cisco Adaptive Security Appliance (ASA) Software following Tuesday's patch.
A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.
The new promotional website for season two of the USA Network's computer hacking drama Mr. Robot required an emergency patch after a white-hat hacker discovered a cross-site scripting vulnerability, according to a Forbes.com report.
An unidentified hacker turned the tables on Nulled.io, a popular online forum that facilitates cybercriminal activity, by compromising its website and publicly dumping its sensitive user data and communications.
A hacker calling himself Revolver yesterday advertised on Twitter that he was selling access to Pornhub servers for $1,000 after discovering an exploit, but the pornography video sharing website is disputing the veracity of this hack.
A semi-private database consisting of the identities of 70K users of the dating website was published on the internet.
Mere hours after word spread last week of a remote code execution vulnerability in the image-processing software ImageMagick, bad actors were already actively exploiting it in the wild
A Florida man who logged into a computer system with appropriated credentials now faces felony charges.
In a move to obfuscate network traffic more effectively, Locky ransomware developers recently upgraded the malware to communicate with its command and control server via both symmetric and asymmetric encryption.
Torrent site's users received malware warnings.
A lobbying effort is underway to block the re-election of Sen. Richard Burr for internet policies that at least one digital rights activists has called "idiotic."
Researchers are warning WordPress website administrators of a malware attack, whereby adversaries inject code into the header.php file of a site's current WordPress theme, in order to redirect visitors to malicious domains.
Microsoft announced it will soon cease support for TLS certificates signed by the SHA1 hashing algorithm.
OpenSSL has issued as a series of patches in conjunction with the disclosure yesterday of six vulnerabilities, including two of high severity.
Developers using the corporate messaging tool Slack are carelessly including their Slack tokens (aka credentials) within the coding of newly created automated business tools known as "Slack bots," according to Detectify's research labs division.
A computer programmer was charged with purloining the frequent flier accounts of American Airlines customers to treat himself to more than $260,000 worth of global travel and car rentals
Minutes before the NFL Draft commenced on Thursday night, an apparent hacker accessed the Twitter account of top prospect Laremy Tunsil and posted an old video of the Ole Miss player smoking from a bong, damaging his value.
The day after security researchers discovered the website for toy maker Maisto was not only selling radio-controlled cars and planes, but was also pushing CryptXXX ransomware, the site was down for maintenance.
A supposedly legitimate French software firm, Tuto4PC, has actually infected an estimated 12 million PC users with a generic Trojan disguised as downloadable utilities programs, according to an analysis from Cisco's Talos research division.
Mozilla released 10 security advisories affecting its Firefox open-source web browser.
More than two months after a federal judge ruled the U.S. must privately disclose the hacking technique the FBI used to identify patrons of the child porn site Playpen, lawyers have filed a motion urging the case be dismissed if the government does not comply or drop the charges.
Just-released figure doubles the number from less than a year ago of Facebook users accessing the site via Tor.
The Massachusetts Institute of Technology (MIT) introduced a bug bounty program last week that it termed "experimental."
The two men responsible for the SpyEye banking trojan, used to steal user information from financial institutions, were sentenced to a combined 24-1/2 years in prison.
SC Magazine Articles
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study
- China's quantum communications satellite to improve data security, thwart hackers
- 34% of Brits willing to sacrifice their online safety for weight loss
- Banks fail to innovate, blaming info security fears, report
- It's a trap! WhatsApp Gold 'premium' version lures users to malware
- 2.5K Twitter accounts hacked to spread links to adult content