Web Security News, Articles and Updates

IRS implements new authentication safeguards

IRS implements new authentication safeguards

By

The Internal Revenue Service (IRS) has beefed up the authentication requirements on its website to better protect taxpayers and loan applicants.

Google CEO Sundar Pichai Quora account hijacked by Zuckerberg hackers

Google CEO Sundar Pichai Quora account hijacked by Zuckerberg hackers

By

Three weeks after hijacking Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts, the mischievous OurMine hacking group appears to have briefly seized control of Google CEO Sundar Pichai's Quora account.

Air India frequent flier miles hacked

Air India frequent flier miles hacked

By

Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.

Severe flaws detected in popular compression library

Severe flaws detected in popular compression library

By

Patches have been made available for programming errors found in libarchive that could make software used in a number of platforms vulnerable to exploitation.

WordPress 4.5.3 release mends eight security flaws, 17 bugs

WordPress 4.5.3 release mends eight security flaws, 17 bugs

By

WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.

Demand for IPv4 addresses creates a thriving black market

Demand for IPv4 addresses creates a thriving black market

By

The continuing need for the now out of stock IPv4 addresses has helped create a black market for these, according to the American Registry for Internet Numbers (ARIN).

GoToMyPC, but not until you reset your password

GoToMyPC, but not until you reset your password

Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC

BadTunnel flaw affects every Windows OS

BadTunnel flaw affects every Windows OS

By

Every version of the Microsoft Windows operating system is at risk from a number of security weaknesses detected by a Chinese researcher.

Apple to enforce HTTPS connections for app developers

Apple to enforce HTTPS connections for app developers

By

Apple is making it mandatory for its App Store developers to use HTTPS when connecting to the company's servers.

Ransomware distributors evolving their delivery strategies

Ransomware distributors evolving their delivery strategies

By

Developers behind the Nemucod downloader are working diligently to avoid detection.

Leakedsource.com finds 45M leaked VerticalScope user records

Leakedsource.com finds 45M leaked VerticalScope user records

By

The outdoor and motorsports-centric website aggregator VerticalScope was hacked according to an industry watchdog with about 45 million records from more than 1,100 websites being taken and posted to the internet.

After Orlando massacre, Clinton pledges 'intelligence surge,' solicits tech orgs' help

After Orlando massacre, Clinton pledges 'intelligence surge,' solicits tech orgs' help

By

Presumptive Democratic presidential nominee Hillary Clinton told a crowd in Cleveland that she would push tech companies to cooperate with government requests for help in tracking and identifying terrorists and foiling their plots.

Twitter, HealthCare.gov top annual list of most trustworthy websites

Twitter, HealthCare.gov top annual list of most trustworthy websites

By

At one time ridiculed over lax cybersecurity, the federal health insurance exchange site HealthCare.gov scored second-highest out of approximately 1,000 websites in the Online Trust Alliance's eighth annual Trust Audit and Honor Roll.

For sale: 51M iMesh user accounts

For sale: 51M iMesh user accounts

By

A database of user accounts of the once popular video and music-sharing site iMesh has been made available on the dark web.

Journalist facing $250K restitution

Journalist facing $250K restitution

By

A journalist convicted of hacking is facing a fine of $250K to pay back the employer he violated

Mozilla's Firefox 47 patches 13 vulnerabilities, two critical

Mozilla's Firefox 47 patches 13 vulnerabilities, two critical

By

In its latest Firefox browser release, Mozilla this week fixed two critical vulnerabilities - a buffer overflow hazard and a set of memory safety hazards - plus 11 other security holes ranging from low to high in severity.

Two-factor authentication added to IRS site

Two-factor authentication added to IRS site

By

The IRS has pumped up its web security by adding multifactor authentication to thwart cyberthieves eager for the trove of taxpayer information held in its databases.

Facebook Messenger flaw fixed promptly

Facebook Messenger flaw fixed promptly

By

After Check Point notified Facebook of a flaw in its Facebook Online Chat & Messenger App earlier this month, the social media giant responded and quickly fixed the vulnerability.

'Cruel' lesson: GhostShell hacking group leaks 36M records as punishment for using databases on public servers

'Cruel' lesson: GhostShell hacking group leaks 36M records as punishment for using databases on public servers

By

Calling its actions a "cruel reminder of what happens when you don't use proper security hygiene," the hacker group GhostShell doxxed approximately 36 million online accounts from various databases found on public servers that don't require credentials to access.

Yahoo reveals details of FBI demands found in National Security Letters

Yahoo reveals details of FBI demands found in National Security Letters

By

For the first time, Yahoo unveiled the details of three National Security Letters (NSLs) it received from the FBI that demanded a laundry list of user personal information.

Jetpack plug-in for WordPress vulnerable to XSS

Jetpack plug-in for WordPress vulnerable to XSS

By

Bloggers using the WordPress platform are being advised to update the JetPack plug-in to avoid a cross-site scripting (XSS) vulnerability.

Options surety: Case study

Options surety: Case study

By

The MIAX Options Exchange needed more than a way to appease regulators, it also required security assurance. Greg Masters reports.

Users warming up to replacing traditional passwords with next-level authentication

Users warming up to replacing traditional passwords with next-level authentication

By

A new study has come to light in which 52 percent of surveyed consumers said they would prefer a more modernized method of user authentication, such as biometrics, over traditional username and password mechanisms.

Teenage Dream, turned nightmare: Hacker breaks into Katy Perry's Twitter account

Teenage Dream, turned nightmare: Hacker breaks into Katy Perry's Twitter account

By

A hacker just went after the biggest target on all of Twitter, breaking into the account of singer-songwriter Katy Perry, whose 89 million followers make her the most popular presence on the entire social media platform.

Chrome 51 serves up 42 security fixes, $65K in bug bounties

Chrome 51 serves up 42 security fixes, $65K in bug bounties

By

Google Chrome 51 for Windows and Mac contained 42 security fixes, including 23 from outside researchers resulting in a more than $65,000 pay out in bug bounties.

Knock Knock! Unique new backdoor Trojan infecting computers

Knock Knock! Unique new backdoor Trojan infecting computers

Backdoors normally implement remote control tool TeamViewer in order to get unauthorised access to an infected computer. However, a newly-discovered Trojan, BackDoor.TeamViewer.49, uses the tool for less obvious reasons.

Workplace security awareness programs lacking in efficacy, says study

Workplace security awareness programs lacking in efficacy, says study

By

Just because a company offers a cybersecurity training program to its employees doesn't mean it's necessarily doing enough to change workers' dangerous online behaviors, according to a report from Experian and Ponemon Institute.

Latest Flash Exploit being used to create drive-by ransomware attack

Latest Flash Exploit being used to create drive-by ransomware attack

By

A criminal enterprise well known for using malware-laced fake display ads is ramping up efforts by infecting dozens of popular websites using a recently patched Flash Player exploit to deliver the Angler EK in a drive-by style attack.

Mouse trap: Hacking group tampers with musician deadmau5's SoundCloud account

Mouse trap: Hacking group tampers with musician deadmau5's SoundCloud account

By

Deejay and house music producer deadmau5 had to face the music when the mischievous hacking group Our Mine accessed his personal SoundCloud account and uploaded outside content.

US-CERT: Domain name collision bug could result in MitM attacks

US-CERT: Domain name collision bug could result in MitM attacks

By

The US-CERT issued an alert this week, warning of a "domain name collision" bug, causing certain DNS queries to be resolved on public instead of private or enterprise servers, exposing organizations to Man-in-the-Middle attacks.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US