Web Security

Avast patches its web browser after Google finds flaw in Chromium-inspired product

Avast patches its web browser after Google finds flaw in Chromium-inspired product

By

Czech security software firm Avast Software has patched a severe vulnerability in its SafeZone web browser that if exploited could have granted hackers sweeping access to compromised computers.

CERT: Poor password policy leaves OpenELEC operating system vulnerable to hackers

CERT: Poor password policy leaves OpenELEC operating system vulnerable to hackers

By

The CERT Division at Carnegie Mellon University yesterday issued an alert detailing a password vulnerability in the Open Embedded Linux Entertainment Center operating system.

Mitigating ransomware

Mitigating ransomware

Ransomware is a complex threat, but its impact can be lessened, says Thomas Gresham.

U.S. online users more concerned with privacy than income loss

U.S. online users more concerned with privacy than income loss

By

American consumers are more preoccupied with data privacy than losing their main source of income with 92 percent of respondents in a new survey.

Lucrative pay offered India hackers to work for ISIS

Lucrative pay offered India hackers to work for ISIS

By

Hackers in India are being handsomely rewarded for taking on work for ISIS.

Zero-click fraud scheme 'subscribes' Japanese victims to porn service, requests $2K fee

Zero-click fraud scheme 'subscribes' Japanese victims to porn service, requests $2K fee

By

Symantec researchers have observed one-click fraud scammers changing to more aggressive tactics in a zero-click fraud scheme that subscribes visitors to porn websites.

Symantec detects 3,500 servers infected with a malicious script

Symantec detects 3,500 servers infected with a malicious script

By

Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects its victims to other compromised websites and said it believes could be part of a recon effort for future attacks.

RSA event asking security execs for Twitter passwords

RSA event asking security execs for Twitter passwords

By

File it under "irony" or "misguided," but executives at some of the world's largest IT security companies willingly gave up Twitter passwords while registering for a security event.

DDoS attack disrupts Irish National Lottery

DDoS attack disrupts Irish National Lottery

The Irish National Lottery website and ticket machines operations have been disrupted by a cyber-attack.

'High risk' for users of FRITZ!Box routers

'High risk' for users of FRITZ!Box routers

By

A number of remote code execution bugs in several models of FRITZ!Box broadband routers could allow intruders to place phone calls through the device.

St. Louis Cards official pleads guilty to hacking Astros site

St. Louis Cards official pleads guilty to hacking Astros site

By

A former director of baseball development for the St. Louis Cardinals pleaded guilty to charges of accessing computers belonging to the Houston Astros without authorization.

Steam confirms info on 34K users likely exposed in Christmas Day DoS attack

Steam confirms info on 34K users likely exposed in Christmas Day DoS attack

By

Steam confirmed that a midday denial-of-service attack on Christmas likely exposed the personal information of 34,000 users via store page requests.

Tor Project to launch bug bounty program in 2016

Tor Project to launch bug bounty program in 2016

By

The Tor Project will team with HackerOne to launch a bug bounty program in 2016, Mike Perry, lead developer of the Tor Browser and Tor Performance developer, said during the State of the Onion address.

Prediction: 2016 to Ratchet Up IoT Vulnerabilities, Ransomware

Prediction: 2016 to Ratchet Up IoT Vulnerabilities, Ransomware

By

The security experts from ESET who report at We Live Security (WLS) took out their crystal ball and predicted the following cybercrime trends for the coming year.

Google Testing Password-Free Logins

Google Testing Password-Free Logins

By

Google beta testers are logging on without passwords, utilizing a new method that authenticates by responding to a notification sent to a smartphone.

Twitter lends its support to Facebook SHA-1 proposal

Twitter lends its support to Facebook SHA-1 proposal

By

Twitter has announced its stance on SHA-1 migration. In a blog post published Tuesday evening, Twitter's trust and information security officer Michael Coates announced support for a "certification switching" proposal offered by Facebook and web security firm CloudFare.

Anonymous Browser Tor Crowdfunds for Support

Anonymous Browser Tor Crowdfunds for Support

By

The Tor Project is embarking on a crowdfunding campaign through Dec. 31 to help raise awareness, educate and finance the anonymous web browser's operations.

Two more Sanders' staffers axed over breach of Clinton database

Two more Sanders' staffers axed over breach of Clinton database

By

Two more individuals were suspended from the staff of presidential candidate Bernie Sanders for inappropriate access to Hillary Clinton's voter database.

Gyft resets some customer passwords following breach

Gyft resets some customer passwords following breach

By

Passwords have been reset for a number of Gyft users as a precaution after account data was reported for sale.

Kripos arrests five men for pushing RAT

Kripos arrests five men for pushing RAT

By

Five men were arrested by Kripos, Norway's national criminal justice investigation service, for using and selling malware, in particular a remote access Trojan (RAT).

Cyber-criminals could launch man-in-the-middle attack on Xbox Live users

Cyber-criminals could launch man-in-the-middle attack on Xbox Live users

Microsoft has been forced to update its Certificate Trust list (CTL) for all supported releases of Microsoft Windows after it had inadvertently leaked private security keys for its xboxlive.com domain.

Internet's root name servers DDoS attacks peak at 5M queries per second

Internet's root name servers DDoS attacks peak at 5M queries per second

By

Two unusual DDoS attacks targeted several of the the internet's root name severs.

Millions of websites vulnerable: Veracode

Millions of websites vulnerable: Veracode

By

A recent study by Veracode shows four of five applications written using PHP, Classic ASP and Cold Fusion will fail an Open Web Application Security Project Top 10 test.

Whale hunting policy leads to hacktivists' DDoS attack on Japan PM's site

Whale hunting policy leads to hacktivists' DDoS attack on Japan PM's site

By

The website of Japan's Prime Minister Shinzo Abe was rendered inaccessible on Thursday owing to a DDoS attack.

5 top security issues enterprises should prepare for in 2016

Join for a special online discussion with Chief Technology Officer, Amrit Williams and CMO Mitch Bishop as they discuss what are expected to be some of the most pressing security issues in 2016, and advice on how to plan ahead.

Millions of smart TVs and remote control apps vulnerable

Millions of smart TVs and remote control apps vulnerable

A new report from Trend Micro has suggested that 6.1 million apps for smart TVs and remote controls could be vulnerable to remote code execution attacks.

A stealthy Command and Control Python App That Uses Twitter

A stealthy Command and Control Python App That Uses Twitter

By

I enjoy following darknet.org.uk because they come up with some great proof of concept projects. Twittor is one of those.

DailyMotion hit with malvertising attack

DailyMotion hit with malvertising attack

By

Researchers at Malwarebytes spotted a malvertising attack targeting the popular video-sharing site DailyMotion.

New ransomware stealing digital wallets

By

A new barrage of ransomware, capable of siphoning off digital wallets from Windows users, has been detected.

Rapid threat containment: Detect & respond quickly to high-impact threats

In this webcast, LogRhythm and Cisco will share some of the latest techniques used by attackers to penetrate networks.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US