Web Security News, Articles and Updates

Imgur acts fast to disclose years-old breach that compromised 1.7 million users

The image sharing and hosting service Imgur was breached in 2014, resulting in the theft of roughly 1.7 million user email addresses and passwords, the company confirmed last Friday in an online notification.

Facebook fixes polling feature bug that could have deleted users' photos

When Facebook debuted a new polling feature earlier this month, it also introduced a vulnerability that could have allowed a malicious actor to delete any photo saved to the social media site.

Discount deception: AliExpress patches fake coupon vulnerability

Online retailer AliExpress fixed a vulnerability in its online shopping portal last October after researchers discovered a way to inject a fake coupon designed to phish sensitive information from those who receive it.

Hundreds of school websites redirected pro-ISIS web page

Pro-ISIS hackers illegally accessed a web hosting provider and defaced the websites of roughly 800 U.S. schools on Monday, according to various news reports.

Anime enemy: Asian content distributor Crunchyroll blames DNS hijack for malicious redirection

Asian entertainment website Crunchyroll.com is blaming a DNS hijack attack, after site visitors in the early morning of Nov. 4 were redirected to a malicious website designed to infect them with malware.

Bug in anti-malware defenses mistakenly blocks users' Google Docs files

Google issued a public apology on Thursday after a bug mistakenly caused its defenses against malware, phishing, and spam to block some users' access to Google Docs files.

Hack-It Ralph? Circle with Disney parental filter filled with exploitable flaws

A Disney-branded internet filter underwent automatic patching after researchers discovered multiple vulnerabilities that could have exposed users to cyberattacks, researchers from Talos have reported.

Tarte Cosmetics breach exposes nearly 2 million customers

Make-up company Tarte Cosmetics exposed the personal information of nearly two million online customers after two of its online MongoDB databases were reportedly misconfigured for public access.

Report: Dell domain takeover could have spread malware

Dell computer users could have possibly been exposed to malware last summer after visiting a third-party customer support website whose domain was suddenly taken over by an unaffiliated company

Microsoft adds ransomware defense with new Windows update

Microsoft is claiming that the latest version of Windows 10, the Fall Creator's Update, is the most secure version of the operating system yet released.

Russian underground shop selling RDP servers for $15 or less

Russian dark web marketplace Ultimate Anonymity Services was recently observed selling more than 35,000 compromised RDP servers, which cybercriminals can leverage to anonymize themselves or to directly access victims' networks.

The 'Phantom' Menace? Extortionists threaten websites with DDoS attack

A cybercriminal group identifying itself as Phantom Squad has launched an email-based extortion campaign against thousands of businesses, threatening to debilitate their websites with a DDoS attack on Sept. 30 if they do not pay a ransom of .2 bitcoins.

SEC systems breach may aided have insider trading

Hackers breached the U.S. Securities and Exchange Commission's EDGAR document filing system and may have used nonpublic information stored on the database to profit from insider trading, the regulatory body disclosed on Wednesday.

Newest Joomla! release eliminates information disclosure flaws

The Joomla! Project this week released version 3.8 of its content management system, which fixes two information disclosure vulnerabilities.

Skating on thin ice: Avril Lavigne is most dangerous celebrity to search online

According to McAfee's 11th annual Most Dangerous Celebrities study, online searchers for the Canadian singer result in more malicious websites than searchers for any other famous personality.

Report: Without safeguards, Internet and IoT may create surveillance states in near future

A catastrophic worldwide cyberattack and the emergence of an IoT-enabled surveillance state were among the chief security and privacy fears expressed by experts polled for a new report about the internet and its future impact.

Hackers breach AXA Insurance Singapore's Health Portal, stealing data on 5,400 customers

The Singapore division of life insurance firm AXA Insurance has reportedly suffered a data breach, after hackers stole roughly 5,400 customers' personal information from its Health Portal.

Nearly 29M records stolen in breach of Latin American social network Taringa!

Almost 29 million user accounts registered with Taringa!, a Reddit-like social network for Latin American users, was stolen last month in a major data breach.

Royal pain: Websites compromised to deliver Princess ransomware via RIG exploit kit

A newly discovered drive-by download campaign is infecting victims with Princess Locker ransomware, by way of the RIG exploit kit..

ElTest campaign switches payload from ransomware to RAT

A social engineering scam orchestrated by the ElTest hacking group just had its final payload switched from ransomware to a remote access trojan, indicating a possible change in motive, researchers at Palo Alto Networks have reported.

Latest leak of hacked celebrity photos includes images of Tiger Woods and Lindsay Vonn

A website known for publishing images stolen from celebrity's hacked accounts has struck again, this time reportedly posting intimate photos of Tiger Woods and Lindsey Vonn, Miley Cyrus, Kristen Stewart, Katharine McPhee and Stella Maxwell.

Online role-playing games on unofficial websites caught dispensing 'Joao' downloader

Attackers have been compromising popular online role-playing games from Aeria Games on unofficial websites, in order to infect players with a malware downloader called Joao, researchers from ESET have reported.

Fuze fixes security lapses in portal site that could have exposed sensitive user data, credentials

Cloud-based unified communications services provider Fuze earlier this year repaired three vulnerabilities in its TPN Handset Portal that, if exploited, could have exposed sensitive user data and credentials.

Hackers steal nearly $500K from Enigma virtual currency platform's ICO investors

Hackers on Sunday stole close to $500,000 in Ethereum from Enigma, a cryptocurrency trading platform provider, after compromising the company's digital assets in order to advertise a fraudulent crypto wallet where users could buy tokens for an Initial Coin Offering.

Venezuelan government websites hacked in support of military base attack

Digital rebels hacked into dozens of Venezuelan government websites to oppose the dictatorial regime of opposing President Nicolás Maduro, according to multiple news reports.