Web Security | SC Media

Web Security

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Gaming industry has become popular target of credential stuffing attacks: study

A company’s recent analysis of credential abuse activity over a 17-month period uncovered roughly 55 billion credential stuffing attack attempts against various online services, roughly 12 billion of which targeted the gaming industry. Researchers at Akamai Technologies revealed the data in their latest State of the Internet/Security report, which specifically focuses on web attacks and…

Apple adds security measures for app, website developers

Apple included a single sign on tool and a new email security feature in iOS 13 that software developers can implement in their apps and websites, the company announced this week at its Worldwide Developers Conference. To facilitate a customer’s ability to sign into an app or website Apple introduced Sign In with Apple. This…

Some of the biggest tech and internet corporations began releasing updated transparency reports.

Reports: Hacking accusations debunked after leak of New Zealand budget plan

Accusations from New Zealand’s Treasury department that someone had hacked the agency’s website and stole budget plans that was later leaked to the public turned out to be premature, after investigators reportedly determined that individuals were able to access the documentation due to website error. After details of a forthcoming budget plan promised by New…

Hacker has designs on Canva data, steals info belonging to 139M users

The graphic design website Canva was hacked last Friday in an data theft incident that reportedly compromised the data of approximately 139 million users. According to an online support page, Sydney-based Canva detected the attack while in progress on May 24, and immediately took action to fix the cause of the breach. Exposed data included…

Mozilla fires up another Firefox update, patching 24 vulnerabilities

The Mozilla Foundation yesterday issued version 67 of its Firefox browser and version 60.7 of Firefox Extended Support Release (ESR), in the process patching 24 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set…

Report: Hacking group wipes content from over 12,000 open MongoDB databases

In less than a month’s time, the “Unistellar” hacking group has reportedly accessed over 12,000 unsecured MongoDB databases and stolen their contents, apparently holding them for ransom. Security researcher Sanyam Jain initially discovered the wiped databases late last month using the BinaryEdge scanning service, according to a BleepingComputer report last Friday. The 12,564 sabotaged databases…

Breach of Stack Overflow’s production systems exposes data on roughly 250 users

An unauthorized party accessed Stack Overflow’s production systems earlier this month and executed privileged web requests that exposed information on roughly 250 public network users, the Q&A website for programmers announced last Friday. Stack Overflow Vice President of Engineering Mary Ferguson said in a May 17 blog post that the intruder exploited a bug in…

Microsoft’s May Patch Tuesday covers ZombieLoad, WER vulnerabilities

Microsoft put forth a long list of security updates to cover 79 vulnerabilities, 19 listed as critical, which included four connected to a Microarchitectural Data Sampling (aka ZombieLoad) vulnerability in Intel processors in its May Patch Tuesday release. While CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 grabbed the headlines yesterday, Microsoft also patched CVE-2019-0863 which has been spotted…

Tor network remains unsure how feds discovered and shut down Silk Road 2.0

Sites infected as open source Alpaca Forms and analytics service Picreel compromised

Hackers have breached two services and modified their JavaScript code to infect more than 4,600 websites with malware, according to security researchers. The attacks were initially discovered by security researcher Willem de Groot. In a series of tweets, he said that Picreel, an analytics service that enables website owners to see what users are doing and…

Next post in Security News