Web Security News, Articles and Updates
A researcher earned $10,080 from Twitter's bug bounty program after discovering he could access a supposedly private online registry that led him to the complete source code for Twitter's Vine video-sharing service.
White hat hackers seeking a $20,000 bug bounty were able to gain remote code execution and tap into the inner workings of popular porn site Pornhub.
Google has removed a group of malicious browser extensions from its Chrome Web Store, after an independent researcher discovered the programs were hijacking users' Facebook accounts for click-fraud purposes.
Researchers at Sucuri has uncovered a sampling of novel e-commerce attacks that combine the classic duplicity of phishing schemes with the insidiousness of malicious webpage redirects.
The Realstatistics malware campaign discovered in June to be infecting thousands of Joomla! websites gained steam by shifting infection tactics after the introduction of ModSecurity rules closed off its original attack method.
Google has taken to its online security blog to announce it has started to experiment with cryptanalysis resistant public-key cryptography.
A crypto flaw that allowed cyber attackers to eavesdrop on communications running through VPNs has been patched in Juniper Networks's Junos operating system.
A zero-day flaw in Drupal is now being said to be how hackers penetrated the network of law firm Mossack Fonseca and siphoned out 11.5 million files.
Hidden voice commands embedded in a YouTube video can trigger mobile devices to download malware and alter configuration settings.
These 10 women were selected for their longstanding contributions to the IT security space.
The apparent death of the Angler Exploit Kit has not only caused a pause in the amount of malvertising showing up in the wild, but also has pushed cybercriminals to start using the Neutrino EK for distributing malvertising.
A cyberscam has been unfolding in the wake of the Brexit vote.
A message seeming to come from a Facebook friend was instead a source of malware that ensnared 10,000 users.
Muslim Match, a dating website for Muslims, was hacked and user credentials and profiles of 150,000 subscribers posted online.
A hacker yesterday accessed the Twitter account of Oculus CEO Brendan Iribe and posted several fake tweets, including one that announced a leadership change.
Uber CEO Travis Kalanick last night became the latest public target of the OurMine hacking group, which posted an unauthorized message on his Twitter page, likely after hijacking his linked Quora account.
Viber, a popular social media app, is being targeted by malware capable of stealing photos and videos.
The Internal Revenue Service (IRS) has beefed up the authentication requirements on its website to better protect taxpayers and loan applicants.
Three weeks after hijacking Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts, the mischievous OurMine hacking group appears to have briefly seized control of Google CEO Sundar Pichai's Quora account.
Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.
Patches have been made available for programming errors found in libarchive that could make software used in a number of platforms vulnerable to exploitation.
WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.
The continuing need for the now out of stock IPv4 addresses has helped create a black market for these, according to the American Registry for Internet Numbers (ARIN).
Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC
Every version of the Microsoft Windows operating system is at risk from a number of security weaknesses detected by a Chinese researcher.
Apple is making it mandatory for its App Store developers to use HTTPS when connecting to the company's servers.
Developers behind the Nemucod downloader are working diligently to avoid detection.
The outdoor and motorsports-centric website aggregator VerticalScope was hacked according to an industry watchdog with about 45 million records from more than 1,100 websites being taken and posted to the internet.
Presumptive Democratic presidential nominee Hillary Clinton told a crowd in Cleveland that she would push tech companies to cooperate with government requests for help in tracking and identifying terrorists and foiling their plots.
At one time ridiculed over lax cybersecurity, the federal health insurance exchange site HealthCare.gov scored second-highest out of approximately 1,000 websites in the Online Trust Alliance's eighth annual Trust Audit and Honor Roll.
SC Magazine Articles
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- Wi-Fi warning! Study finds U.S. unaware of public Wi-fi risks