Internet Security | SC Media

Internet Security

We interviewed cyber experts on a Vegas ferris wheel. Then ride security showed up…

In the film “Ocean’s 11,” Danny Ocean and his team of expert cybercriminals execute a daring casino heist in glitzy Las Vegas. This past summer at the Black Hat and DEF CON conferences in Sin City, the editorial staff at SC Media attempted to pull off a less ambitious – and decidedly more legal –…

Adobe leaves Creative Cloud database open, 7.5 million users exposed

An unsecured Elasticsearch database left exposed the account information of about 7.5 million Adobe Creative Cloud users. Comparitech, in association with security researcher Bob Diachenko, found the Adobe database, which could be accessed without a password or any login credentials. The company was notified on October 19 and the database was locked down that day.…

DDoS attack sidelines AWS DNS web service for hours

Amazon Web Services’ Router 53 domain name system (DNS) service was waylaid by a prolonged distributed denial of service attack earlier this week, affecting a number of online sites and services that rely on AWS. According to multiple reports, a flood of fake traffic disrupted legitimate attempts to resolve DNS requests to connect to Amazon…

Avast’s network penetrated, CCleaner targeted again

The Czech-based security firm Avast reported its internal network had been accessed through a temporary and loosely protected VPN profile with compromised credentials . The incident began on September 23 when the company noted suspicious behavior taking place on its network and started an investigation that included Czech national intelligence and cybersecurity assets. It was…

Google launches Password Checkup security tool

Google has added a new feature to its password manager that will study a person’s passwords and then inform them on its strength and whether it has been compromised. Password Checkup will not only check a user’s personal choices, but also make personalized recommendations, wrote Andreas Tuerk, product manager for Password Manager. The three primary…

WordPress Rich Review plugin vulnerable to malvertising

An estimated 16,000 WordPress websites are running a plugin that is vulnerable to unauthenticated plugin option updates. WordFence, a WordPress security solution provider, has reported that the plugin Rich Reviews has a vulnerability that is currently being abused and can be exploited to deliver stored cross-site scripting (XSS) payloads. This can result in malvertisements being…

IE, Firefox, Chrome and Safari's protection against phishing was tested.

Microsoft patches flaws in IE, Defender

Microsoft Corp. yesterday issued out-of-band updates for a pair of security vulnerabilities, one in Internet Explorer and one in its Defender anti-malware software for Windows. Discovered by Clément Lecigne of Google’s Threat Analysis Group and designated CVE-2019-1367, the IE bug is a memory corruption vulnerability that can be exploited for remote code execution in the…

Next post in Vulnerabilities