Web Security News, Articles and Updates

Researcher scores $10K+ bounty for digging up Vine's source code

Researcher scores $10K+ bounty for digging up Vine's source code

By

A researcher earned $10,080 from Twitter's bug bounty program after discovering he could access a supposedly private online registry that led him to the complete source code for Twitter's Vine video-sharing service.

Pornhub subscriber info exposed, but relax, it was a bug bounty exploit

Pornhub subscriber info exposed, but relax, it was a bug bounty exploit

By

White hat hackers seeking a $20,000 bug bounty were able to gain remote code execution and tap into the inner workings of popular porn site Pornhub.

Chrome browser extensions discovered engaging in Facebook click fraud

Chrome browser extensions discovered engaging in Facebook click fraud

By

Google has removed a group of malicious browser extensions from its Chrome Web Store, after an independent researcher discovered the programs were hijacking users' Facebook accounts for click-fraud purposes.

Hackers compromising checkout process on retail sites, redirecting shoppers to phishing page

Hackers compromising checkout process on retail sites, redirecting shoppers to phishing page

By

Researchers at Sucuri has uncovered a sampling of novel e-commerce attacks that combine the classic duplicity of phishing schemes with the insidiousness of malicious webpage redirects.

Change in exploit tactics caused dramatic surge of Realstatistics malware infections

Change in exploit tactics caused dramatic surge of Realstatistics malware infections

By

The Realstatistics malware campaign discovered in June to be infecting thousands of Joomla! websites gained steam by shifting infection tactics after the introduction of ModSecurity rules closed off its original attack method.

Google offers 'New Hope' for cryptanalysis resistant public-key crypto

Google offers 'New Hope' for cryptanalysis resistant public-key crypto

Google has taken to its online security blog to announce it has started to experiment with cryptanalysis resistant public-key cryptography.

Junos crypto flaw patched

Junos crypto flaw patched

By

A crypto flaw that allowed cyber attackers to eavesdrop on communications running through VPNs has been patched in Juniper Networks's Junos operating system.

Drupal zero-day opened door of Panama Papers law firm, report

Drupal zero-day opened door of Panama Papers law firm, report

By

A zero-day flaw in Drupal is now being said to be how hackers penetrated the network of law firm Mossack Fonseca and siphoned out 11.5 million files.

Hidden voice commands in YouTube vids can hack mobile devices

Hidden voice commands in YouTube vids can hack mobile devices

By

Hidden voice commands embedded in a YouTube video can trigger mobile devices to download malware and alter configuration settings.

Women In Security - Power Players

Women In Security - Power Players

By

These 10 women were selected for their longstanding contributions to the IT security space.

Angler EK death leads to decrease in malvertising

Angler EK death leads to decrease in malvertising

By

The apparent death of the Angler Exploit Kit has not only caused a pause in the amount of malvertising showing up in the wild, but also has pushed cybercriminals to start using the Neutrino EK for distributing malvertising.

Phishing scam targets Brexit anxiety

Phishing scam targets Brexit anxiety

By

A cyberscam has been unfolding in the wake of the Brexit vote.

10K Facebook users infected by malware

10K Facebook users infected by malware

By

A message seeming to come from a Facebook friend was instead a source of malware that ensnared 10,000 users.

Dating website Muslim Match hacked, user info exposed

Dating website Muslim Match hacked, user info exposed

By

Muslim Match, a dating website for Muslims, was hacked and user credentials and profiles of 150,000 subscribers posted online.

Hacker appoints himself new Oculus CEO on hijacked Twitter account

Hacker appoints himself new Oculus CEO on hijacked Twitter account

By

A hacker yesterday accessed the Twitter account of Oculus CEO Brendan Iribe and posted several fake tweets, including one that announced a leadership change.

OurMine hackers take Uber CEO's Twitter page for a joyride

OurMine hackers take Uber CEO's Twitter page for a joyride

By

Uber CEO Travis Kalanick last night became the latest public target of the OurMine hacking group, which posted an unauthorized message on his Twitter page, likely after hijacking his linked Quora account.

Media files at risk from malware targeting Viber

Media files at risk from malware targeting Viber

By

Viber, a popular social media app, is being targeted by malware capable of stealing photos and videos.

IRS implements new authentication safeguards

IRS implements new authentication safeguards

By

The Internal Revenue Service (IRS) has beefed up the authentication requirements on its website to better protect taxpayers and loan applicants.

Google CEO Sundar Pichai Quora account hijacked by Zuckerberg hackers

Google CEO Sundar Pichai Quora account hijacked by Zuckerberg hackers

By

Three weeks after hijacking Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts, the mischievous OurMine hacking group appears to have briefly seized control of Google CEO Sundar Pichai's Quora account.

Air India frequent flier miles hacked

Air India frequent flier miles hacked

By

Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.

Severe flaws detected in popular compression library

Severe flaws detected in popular compression library

By

Patches have been made available for programming errors found in libarchive that could make software used in a number of platforms vulnerable to exploitation.

WordPress 4.5.3 release mends eight security flaws, 17 bugs

WordPress 4.5.3 release mends eight security flaws, 17 bugs

By

WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.

Demand for IPv4 addresses creates a thriving black market

Demand for IPv4 addresses creates a thriving black market

By

The continuing need for the now out of stock IPv4 addresses has helped create a black market for these, according to the American Registry for Internet Numbers (ARIN).

GoToMyPC, but not until you reset your password

GoToMyPC, but not until you reset your password

Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC

BadTunnel flaw affects every Windows OS

BadTunnel flaw affects every Windows OS

By

Every version of the Microsoft Windows operating system is at risk from a number of security weaknesses detected by a Chinese researcher.

Apple to enforce HTTPS connections for app developers

Apple to enforce HTTPS connections for app developers

By

Apple is making it mandatory for its App Store developers to use HTTPS when connecting to the company's servers.

Ransomware distributors evolving their delivery strategies

Ransomware distributors evolving their delivery strategies

By

Developers behind the Nemucod downloader are working diligently to avoid detection.

Leakedsource.com finds 45M leaked VerticalScope user records

Leakedsource.com finds 45M leaked VerticalScope user records

By

The outdoor and motorsports-centric website aggregator VerticalScope was hacked according to an industry watchdog with about 45 million records from more than 1,100 websites being taken and posted to the internet.

After Orlando massacre, Clinton pledges 'intelligence surge,' solicits tech orgs' help

After Orlando massacre, Clinton pledges 'intelligence surge,' solicits tech orgs' help

By

Presumptive Democratic presidential nominee Hillary Clinton told a crowd in Cleveland that she would push tech companies to cooperate with government requests for help in tracking and identifying terrorists and foiling their plots.

Twitter, HealthCare.gov top annual list of most trustworthy websites

Twitter, HealthCare.gov top annual list of most trustworthy websites

By

At one time ridiculed over lax cybersecurity, the federal health insurance exchange site HealthCare.gov scored second-highest out of approximately 1,000 websites in the Online Trust Alliance's eighth annual Trust Audit and Honor Roll.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US