Website/Web Server Security news, articles & updates| SC Media

Website/Web Server Security

Media companies need to lock down content systems as fake news invades

Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information to the public may also want to train themselves be on the lookout for disinformation secretly…

Adobe mends critical code execution flaws in Magento

Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms. The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of which can result in arbitrary code execution. The first issue is credited was reported by…

OKCupid online dating

Dating app OKCupid fixed serious security vulnerability after alert

The popular online OKCupid dating service left the private details of its more than 50 million users in 110 countries vulnerable to hacking, reports Check Point this morning in a report. After discovering the potential for malicious actions, Check Point presented its findings to OKCupid, which fixed the security flaws in its servers within 48…

Avon attackers may have exploited unprotected web server

An openly accessible web server has emerged as a possible attack vector used by cybercriminals in a reported ransomware incident that affected personal care and beauty marketer Avon Products last June. Researchers from Safety Detectives today announced its discovery of a U.S.-based Avon.com server that was not defended by a password, leaving it accessible to…

DNA companies vulnerable to phishing, privacy violations after attacks

A malicious server compromise recently confirmed by DNA investigation services provider GEDmatch serves as a reminder of the incident response challenges and privacy ramifications that companies face when they trade in sensitive data – in this case, DNA, the most personal of data – especially when such incidents create unique opportunities for targeted phishing campaigns. Owned by…

Akamai NOCC

Rise in DDoS attacks lost in pandemic

Though they might get lost in all the other security threats exacerbated by the Covid-19 pandemic, DDoS attacks, unsurprisingly, ticked up during the first part of 2020, most handily absorbed by the internet backbone – and the defensive efforts of targeted companies. Disruptions at AT&T, Sprint, T-Mobile and Verizon and streaming companies in mid-June stoked…

‘Anonymous’ claims credit for taking down Atlanta PD website

An apparent tweet from the Anonymous hacking group is claiming credit for perpetrating a cyberattack on the Atlanta police department web site, stating that the act was retaliation for the June 12 fatal police shooting of Rayshard Brooks. “Atlanta police officers involved in fatal shooting of Rayshard Brooks. @Atlanta_Police has been taken #Offline” states a…

Magecart skimmed from Claires.com for nearly two months

International retailer Claire’s, whose fashion accessories are popular with tweens and teenagers, was hit with a Magecart scheme that skimmed PPI, including credit card data, for nearly two months. Discovered by researchers at security firm Sansec, the malware injection began on April 20 and stopped on June 13. The skimming began on March 20, the…

Kentucky is 6th state to disclose leak of unemployment claims amid Covid-19

Kentucky has become the sixth state to disclose a data leak related to unemployment-related forms that has taken place during the Covid-19 pandemic. The Kentucky Education & Workforce Development Cabinet (EWDC) on Thursday acknowledged that a vulnerability in its Unemployment Insurance Portal caused a data leak that allowed insurance claimants to view the identity verification…

Next post in Security News