Web Security News, Articles and Updates

The 'Phantom' Menace? Extortionists threaten websites with DDoS attack

A cybercriminal group identifying itself as Phantom Squad has launched an email-based extortion campaign against thousands of businesses, threatening to debilitate their websites with a DDoS attack on Sept. 30 if they do not pay a ransom of .2 bitcoins.

SEC systems breach may aided have insider trading

Hackers breached the U.S. Securities and Exchange Commission's EDGAR document filing system and may have used nonpublic information stored on the database to profit from insider trading, the regulatory body disclosed on Wednesday.

Newest Joomla! release eliminates information disclosure flaws

The Joomla! Project this week released version 3.8 of its content management system, which fixes two information disclosure vulnerabilities.

Skating on thin ice: Avril Lavigne is most dangerous celebrity to search online

According to McAfee's 11th annual Most Dangerous Celebrities study, online searchers for the Canadian singer result in more malicious websites than searchers for any other famous personality.

Report: Without safeguards, Internet and IoT may create surveillance states in near future

A catastrophic worldwide cyberattack and the emergence of an IoT-enabled surveillance state were among the chief security and privacy fears expressed by experts polled for a new report about the internet and its future impact.

Hackers breach AXA Insurance Singapore's Health Portal, stealing data on 5,400 customers

The Singapore division of life insurance firm AXA Insurance has reportedly suffered a data breach, after hackers stole roughly 5,400 customers' personal information from its Health Portal.

Nearly 29M records stolen in breach of Latin American social network Taringa!

Almost 29 million user accounts registered with Taringa!, a Reddit-like social network for Latin American users, was stolen last month in a major data breach.

Royal pain: Websites compromised to deliver Princess ransomware via RIG exploit kit

A newly discovered drive-by download campaign is infecting victims with Princess Locker ransomware, by way of the RIG exploit kit..

ElTest campaign switches payload from ransomware to RAT

A social engineering scam orchestrated by the ElTest hacking group just had its final payload switched from ransomware to a remote access trojan, indicating a possible change in motive, researchers at Palo Alto Networks have reported.

Latest leak of hacked celebrity photos includes images of Tiger Woods and Lindsay Vonn

A website known for publishing images stolen from celebrity's hacked accounts has struck again, this time reportedly posting intimate photos of Tiger Woods and Lindsey Vonn, Miley Cyrus, Kristen Stewart, Katharine McPhee and Stella Maxwell.

Online role-playing games on unofficial websites caught dispensing 'Joao' downloader

Attackers have been compromising popular online role-playing games from Aeria Games on unofficial websites, in order to infect players with a malware downloader called Joao, researchers from ESET have reported.

Fuze fixes security lapses in portal site that could have exposed sensitive user data, credentials

Cloud-based unified communications services provider Fuze earlier this year repaired three vulnerabilities in its TPN Handset Portal that, if exploited, could have exposed sensitive user data and credentials.

Hackers steal nearly $500K from Enigma virtual currency platform's ICO investors

Hackers on Sunday stole close to $500,000 in Ethereum from Enigma, a cryptocurrency trading platform provider, after compromising the company's digital assets in order to advertise a fraudulent crypto wallet where users could buy tokens for an Initial Coin Offering.

Venezuelan government websites hacked in support of military base attack

Digital rebels hacked into dozens of Venezuelan government websites to oppose the dictatorial regime of opposing President Nicolás Maduro, according to multiple news reports.

npm removes malicious JavaScript packages that were caught stealing data

JavaScript programming language package manager "npm" has disclosed that it recently removed roughly 40 fraudulent, malware-spiked packages that were designed to steal environment variables upon installation.

Symantec selling SSL certification business to DigiCert in $950M deal

SSL certification provider DigiCert will acquire Symantec's Website Security service and its related PKI solutions for $950 million and a roughly 30 percent stake in DigiCert common stock equity.

Pro-ISIS hacker group defaces state, local government websites

Government websites in Ohio, Maryland and New York have been defaced with a pro-ISIS message from a hacktivist group called Team System Dz, according to various news reports.

Bank websites struggle, consumer services sites shine in online trust assessment

An annual audit of more than 1,000 top websites found that 52 percent have highly trustworthy cybersecurity and privacy practices, yet 46 percent failed the assessment altogether, with bank sites surprisingly faring worst of all.

Facebook defends encryption, says it is countering terrorism using AI

Aware that terrorists take advantage of social media and messaging platforms to spread propaganda and securely communicate, Facebook on Thursday divulged its recent efforts to use AI to identify objectionable content.

Security updates announced for Mozilla Thunderbird, Google Chrome, ISC's BIND

The US-CERT on Thursday announced security updates to Mozilla Thunderbird, Google Chrome and the Internet Systems Consortium's BIND Domain Name System software.

Up to 'old' tricks: Hackers compromise Stanford University 'Biology of Aging" website for months

A Stanford University website was reportedly compromised for four months without detection, allowing hackers to abuse it to host malicious web shells, phishing kits and defacement images.

Dark web services getting attacked too, as Tor sites become less hidden

Despite their anonymity, sites and services hidden on the dark web are not immune to cyberattacks, as recently demonstrated by a group of researchers who coaxed cybercriminals into attacking fake Tor sites in order to study their behavior.

Terror Exploit Kit ditches carpet bombing techniques; attacks now more surgical

The Terror Exploit Kit is rapidly evolving, no longer bombarding victims with multiple exploits in scattershot fashion, but rather applying only the hacking tools that work best against a specific compromised machine.

Cookie monster: Researchers detect malware that steals cookies, hijacks WordPress sessions

Sucuri researchers recently observed a malware attack that injected obfuscated code into a JavaScript file in order to steal web users' cookies and hijack their WordPress sessions.