Web Security News, Articles and Updates

OpenSSL patches memory corruption and unauthorized decryption vulnerabilities

OpenSSL patches memory corruption and unauthorized decryption vulnerabilities

By

OpenSSL has issued as a series of patches in conjunction with the disclosure yesterday of six vulnerabilities, including two of high severity.

Slack users expose corporate credentials while creating new 'bot' tools

Slack users expose corporate credentials while creating new 'bot' tools

By

Developers using the corporate messaging tool Slack are carelessly including their Slack tokens (aka credentials) within the coding of newly created automated business tools known as "Slack bots," according to Detectify's research labs division.

Miami programmer facing jail for hacking frequent flyer accounts

Miami programmer facing jail for hacking frequent flyer accounts

By

A computer programmer was charged with purloining the frequent flier accounts of American Airlines customers to treat himself to more than $260,000 worth of global travel and car rentals

Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts

Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts

By

Minutes before the NFL Draft commenced on Thursday night, an apparent hacker accessed the Twitter account of top prospect Laremy Tunsil and posted an old video of the Ole Miss player smoking from a bong, damaging his value.

CryptXXX ransomware being served by toy company site

CryptXXX ransomware being served by toy company site

By

The day after security researchers discovered the website for toy maker Maisto was not only selling radio-controlled cars and planes, but was also pushing CryptXXX ransomware, the site was down for maintenance.

'Wizz' kids: Talos researchers pinpoint French firm as source of spyware-adware threat

'Wizz' kids: Talos researchers pinpoint French firm as source of spyware-adware threat

By

A supposedly legitimate French software firm, Tuto4PC, has actually infected an estimated 12 million PC users with a generic Trojan disguised as downloadable utilities programs, according to an analysis from Cisco's Talos research division.

Firefox patches issued, one critical

Firefox patches issued, one critical

By

Mozilla released 10 security advisories affecting its Firefox open-source web browser.

Defense to judge: Make feds disclose hacking technique in child porn case or dismiss charges

Defense to judge: Make feds disclose hacking technique in child porn case or dismiss charges

By

More than two months after a federal judge ruled the U.S. must privately disclose the hacking technique the FBI used to identify patrons of the child porn site Playpen, lawyers have filed a motion urging the case be dismissed if the government does not comply or drop the charges.

A million-plus accessed Facebook via Tor last month

A million-plus accessed Facebook via Tor last month

By

Just-released figure doubles the number from less than a year ago of Facebook users accessing the site via Tor.

MIT launches bug bounty program

MIT launches bug bounty program

By

The Massachusetts Institute of Technology (MIT) introduced a bug bounty program last week that it termed "experimental."

SpyEye authors headed to prison

SpyEye authors headed to prison

By

The two men responsible for the SpyEye banking trojan, used to steal user information from financial institutions, were sentenced to a combined 24-1/2 years in prison.

Sixth teen arrested in breach of U.K. ISP TalkTalk

Sixth teen arrested in breach of U.K. ISP TalkTalk

By

A teenager turned himself in to police in Staffordshire, U.K., where he was arrested on charges stemming from a breach of internet services provider TalkTalk.

World's largest international cyber-defence exercise underway in Tallinn

World's largest international cyber-defence exercise underway in Tallinn

Some 26 nations and more than 550 computer experts are engaged in the worlds biggest 'live fire' international cyber-defence exercise - Locked Shields.

Researchers patrolling dark web uncover trojan plot targeting web hosting service

Researchers patrolling dark web uncover trojan plot targeting web hosting service

By

Web hosting provider Invision Power Services (IPS) was saved from a software compromise that could have potentially damaged its clients after researchers gathered intelligence on a cybercriminal operation taking place on the dark web.

Talos: 3.2 million machines vulnerable to malicious JexBoss exploit tool

Talos: 3.2 million machines vulnerable to malicious JexBoss exploit tool

By

A deeper probe into the JBoss server vulnerabilities linked to recent Samsam ransomware attacks has uncovered 3.2 million unpatched machines that are potentially susceptible to this attack vector.

Report: Feds staying mum on possible Firefox vulnerability

Report: Feds staying mum on possible Firefox vulnerability

By

Experts are speculating that the FBI may be closely guarding a secret vulnerability in the Firefox browser that it can exploit for future law enforcement purposes, according to a Motherboard report yesterday.

Lizard Squad possibly behind Blizzard DDoS attack

Lizard Squad possibly behind Blizzard DDoS attack

By

The hacking group Lizard Squad is taking credit for unleashing a distributed denial of service (DDoS) attack Wednesday against Blizzard that prevented some customers from signing onto Battle.net for several hours.

Facebook scam promises friend's video, delivers malware instead

Facebook scam promises friend's video, delivers malware instead

By

A new spam campaign tries to fool Facebook users into downloading malware by luring them to a fake YouTube page supposedly featuring a friend's video.

Reboot flaw leaves millions of ARRIS SURFboard modems vulnerable

Reboot flaw leaves millions of ARRIS SURFboard modems vulnerable

By

An unauthenticated reboot flaw has potentially left millions of ARRIS SURFboard modems vulnerable to a simple attack.

Cyberattack glitch exposes new strain of Qbot malware

Cyberattack glitch exposes new strain of Qbot malware

By

The malware Qbot relies on stealth to secretly steal victims' credentials, but an unexpected glitch during a recent cyberattack alerted researchers to a new campaign featuring a more virulent strain of the software.

Ramdo click-fraud malware uses evasive maneuvers to draw first blood from researchers

Ramdo click-fraud malware uses evasive maneuvers to draw first blood from researchers

By

A thorough dissection of the click-fraud malware Ramdo shows a constantly evolving threat whose capabilities now include traffic encryption, random domain generation and improved virtualization detection.

Security researchers defeat reCAPTCHA

Security researchers defeat reCAPTCHA

Automated attack breaks access system used by Google and Facebook

Australian fashion blogger's Instragram account reportedly hijacked

Australian fashion blogger's Instragram account reportedly hijacked

By

The Instagram account of Australian fashion blogger Rozalia Russian was hijacked by an American hacker, who extorted $5,000 from her before handing back her credentials, according to a report in the Sydney Morning Herald.

WhatsApp end-to-end encryption completed

WhatsApp end-to-end encryption completed

By

WhatsApp integrated the Signal Protocol into its online messaging service, delivering on a promise to provide end-to-end encryption to its users.

GitHub recovers from major outage; cause unknown

GitHub recovers from major outage; cause unknown

By

GitHub experienced a major outage early Tuesday morning, but within approximately 90 minutes the software development hosting service identified the problem and announced that its online operations were running normally.

Magento e-commerce platform targeted with new ransomware KimcilWare

Magento e-commerce platform targeted with new ransomware KimcilWare

By

Users of the Magento e-commerce platform are being targeted with a new ransomware called KimcilWare.

Hacker 'weev' takes credit for mass printing of white supremacist fliers

Hacker 'weev' takes credit for mass printing of white supremacist fliers

By

White nationalist hacker Andrew Auernheimer, who goes by the online alias weev, has claimed responsibility for executing a command to printers across the open Internet to print racist and anti-Semitic fliers.

Bug detected in Autodesk Backburner Manager

Bug detected in Autodesk Backburner Manager

By

A stack-based buffer overflow vulnerability has been detected in Autodesk Backburner Manager.

Researchers detect surge in Samsam ransomware that spreads via vulnerabilities

Researchers detect surge in Samsam ransomware that spreads via vulnerabilities

By

A ransomware campaign with an unusual method of propagation—infecting servers via unpatched vulnerabilities, then spreading laterally across the local network—experienced a marked spike in activity Monday, according to researchers at Talos.

Google adds HTTPS report card to transparency report; 77 percent of its traffic encrypted

Google adds HTTPS report card to transparency report; 77 percent of its traffic encrypted

By

For the first time, Google has added an HTTPS report card to its Transparency Report, tracking its progress toward its stated goal of 100 percent SSL/TSL encryption of data in transit.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US