Web Security | SC Media

Web Security

Media companies need to lock down content systems as fake news invades

Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information to the public may also want to train themselves be on the lookout for disinformation secretly…

Adobe mends critical code execution flaws in Magento

Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms. The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of which can result in arbitrary code execution. The first issue is credited was reported by…

Avon attackers may have exploited unprotected web server

An openly accessible web server has emerged as a possible attack vector used by cybercriminals in a reported ransomware incident that affected personal care and beauty marketer Avon Products last June. Researchers from Safety Detectives today announced its discovery of a U.S.-based Avon.com server that was not defended by a password, leaving it accessible to…

DNA companies vulnerable to phishing, privacy violations after attacks

A malicious server compromise recently confirmed by DNA investigation services provider GEDmatch serves as a reminder of the incident response challenges and privacy ramifications that companies face when they trade in sensitive data – in this case, DNA, the most personal of data – especially when such incidents create unique opportunities for targeted phishing campaigns. Owned by…

Twitter hack is a reminder of the dangers of unfettered employee access

Twitter’s acknowledgement that a “coordinated social engineering campaign” involving multiple employees was behind a hack of prominent verified accounts raises significant questions as to whether business organizations are implementing effective security controls that limit potential insider threats’ access to back-end administrative tools. The hacking incident — which promoted a cryptocurrency scam and victimized the accounts…

‘Anonymous’ claims credit for taking down Atlanta PD website

An apparent tweet from the Anonymous hacking group is claiming credit for perpetrating a cyberattack on the Atlanta police department web site, stating that the act was retaliation for the June 12 fatal police shooting of Rayshard Brooks. “Atlanta police officers involved in fatal shooting of Rayshard Brooks. @Atlanta_Police has been taken #Offline” states a…

Next post in Website/Web Server Security