Website Compromises

Hacktivists take claim for Bank of America site disruption

By

Bank of America customers experienced a slowdown in website access, an issue hacktivist "cyber fighters" claimed responsibility for, along with a planned attack on the New York Stock Exchange.

Google issues millions of search, download alerts daily

By

As part of its services, Google sees thousands of new, malicious websites each day, and delivers warnings of poisoned search results and dangerous downloads to millions of users.

Hackers spread trojan following Internet Explorer patch

By

Not surprisingly, malware writers have turned out an exploit for an Internet Explorer vulnerability patched last week by Microsoft. At least one site -- Amnesty International Hong Kong -- was hit.

Report: Top-ranking websites serve malware, too

By

Visiting a well-trafficked, seemingly trusted website won't necessarily save web surfers from getting malware installed on their computers, according to security firm Barracuda Networks.

New mass SQL injection attack could be forming

By

Based on a Google search of a malicious SQL string being used, more than 4,000 websites have been infected in less than 24 hours.

Occupy St. Louis sympathizer hacks mayor's website

By

A person supportive of the Occupy Wall Street movements sweeping the nation has hacked into the website belonging to the St. Louis mayor, defacing it and publicly exposing contact information and emails.

Thousands of WordPress sites sucked into BlackHole

Hackers have compromised a huge number of sites hosting WordPress blogs because of a vulnerable image script.

New exploit toolkit not so nice

By

At least 10,000 websites have been compromised to redirect users to a new exploit toolkit, called "Nice Pack," according to researchers at Dell SecureWorks. Nice Pack, discovered Wednesday, attempts to take advantage of flaws in users' third-party apps, such as Java and Adobe, to install the "Zero Access Trojan," a rootkit that allows attackers to take control of a victim's machine. Though researchers are still looking into the threat, they have discovered that the JavaScript on compromised sites is nearly identical to the malicious code recently found on MySQL.com, which was infected to redirect users to the Black Hole exploit toolkit.

"Sophistication" and the downfall of security

By

Hiding the facts behind a cyberattack only stands to benefit the criminal.

Harvard site back online after "sophisticated" defacement

By

The home page of Harvard University was hacked by pro-Syria supporters in a "sophisticated" attack, but at least one security expert is skeptical of just how advanced the compromise could have been.

MySQL.com hacked to distribute malware

By

Visitors to MySQL.com on Monday were greeted with a drive-by download that attempted to silently install malware on their machine.

GlobalSign discovers "isolated" web server compromise

By

Certificate authority GlobalSign has discovered that the web server hosting its site was compromised by hackers .

Lady Gaga website hacked to expose users' data

By

The personal information belonging to thousands of Lady Gaga fans was stolen after hackers breached the singer's U.K. website.

Hackers steal 1.27M email addresses from Washington Post site

By

Hackers broke into The Washington Post's jobs website late last month and stole approximately 1.27 million user IDs and email addresses, the newspaper disclosed Thursday. No passwords or other personal information was affected. Attackers leveraged a security vulnerability on the site to break in twice, on June 27 and 28. The newspaper has since fixed the flaw and implemented additional unspecified security measures to ensure a similar incident does not recur. Affected individuals may receive an increase in spam and phishing messages as a result of the hack, The Washington Post warned.

Hacker group LulzSec targets FBI partner InfraGard

By

On the heels of successful infiltrations at PBS and Sony, a vigilante hacker collective has compromised the website of the Atlanta chapter of InfraGuard, an FBI partner organization.

Data belonging to Honda customers in Canada stolen

By

The personal data belonging to Honda and Acura customers in Canada was stolen after attackers accessed the information off the companies' e-commerce sites.

"LulzSec" uses zero-day on PBS, promises more attacks

By

There is a new cybervigilante group in town, and its name is LulzSec. Its technical ability became known over the weekend with the infiltration and subsequent defacement of PBS.org.

Hackers disclose SQL injection of Barracuda website

By

Hackers revealed Monday that they exploited an SQL injection vulnerability on the website of Barracuda Networks to steal the names and contact information of partners, end-users and Barracuda employees.

Two more Comodo resellers "owned" in SSL hack

By

Comodo has confirmed that two additional registration authorities affiliated with the company also were compromised in a highly publicized SSL certificate fraud attack disclosed last week.

Oracle's MySQL.com hacked via SQL injection

By

Hackers over the weekend compromised Oracle's MySQL.com customer website via SQL injection and posted a list of usernames and passwords online.

Group outlines web host's role in fighting malware

By

Web hosting providers must, at the very least, quickly respond to reports of customer sites that are infected, according to a new set of best practices from an anti-badware nonprofit.

eHarmony advice site hacked to expose user information

By

eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.

Dating site PlentyOfFish hacked to expose passwords

By

The credentials of nearly 30 million online daters are at risk following the exploit of a common website vulnerability. The exact circumstances of the incident remain in question.

Prominent government and educations sites hijacked

By

A large number of legitimate websites have been infected to redirect users to spam websites.

Gawker breach prompts LinkedIn, Yahoo password resets

By

The recent theft of approximately 1.3 million account details from the servers of Gawker has prompted password resets at a number of popular websites.

Twitter spam campaign linked to Gawker breach

By

A massive spam campaign that has rapidly spread on Twitter has been linked to a recent security breach of online media company Gawker Media.

New Internet Explorer bug found in the wild

By

Microsoft on Wednesday warned of a fresh flaw in Internet Explorer that researchers at Symantec found was being exploited on a legitimate website.

Firefox zero day being exploited in the wild

By

Cybercriminals are exploiting a "critical" zero-day flaw in Mozilla's Firefox web browser to distribute malware, security firms are warning.

Iranian Cyber Army shifts efforts toward malware, botnets

By

A hacker group responsible for defacement attacks against Twitter and Baidu now appears to be amassing a mighty botnet, according to researchers at a security firm.

Cache of stolen FTP credentials discovered

By

Security researchers recently stumbled upon a malicious website that housed a cache of stolen FTP credentials.

Sign up to our newsletters

POLL