Threats & Malware, Vulnerabilities
March 18, 2024
Via: Security WeekThe research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the […]
October 13, 2022
Via: Panda SecurityEarlier this week, the websites of some of the busiest airports in the US were successfully attacked by cybercriminals. A pro-Russian hacking group called Killnet took responsibility for the malicious actions against major airports in Los Angeles, New York, Atlanta, […]
July 27, 2021
Via: WiredTHE WEB HAS long been a playground for hackers, offering up hundreds of millions of public-facing servers to comb through for basic vulnerabilities to exploit. Now one hacker tool is about to take that practice to its logical, extreme conclusion: […]
December 15, 2016
Via: Panda SecurityMountain View appears to be fully committed to web user security. In 2016, Google has already launched various initiatives to penalize poor website security practices (or, on the other hand, to reward users who follow their recommendations). Now they’ve proposed to clearly mark […]
December 14, 2016
Via: InfoWorldAccording to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months. The big problem is that even when a […]
October 24, 2016
Via: DataBreach TodayA massive distributed denial-of-service attack that began early Oct. 21 and continued in waves into the evening is suspected to be the cause of the temporary outages of many popular websites, including Amazon and Twitter. The attack, coming simultaneously from […]
October 17, 2016
Via: Computer WeeklyRetail websites are full of security vulnerabilities and urgent improvement is needed in the sector, according to researchers. On average, retail sites exhibit 13 “serious” security vulnerabilities that are classed as either “critical” or “high-risk” by the Open Web Application […]
October 3, 2016
Via: CSO OnlineTo protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys. Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used […]
July 19, 2016
Via: Help Net SecurityAdministrators of WP and Joomla sites would do well to check for specific fake analytics code injected into their properties, as a ransomware delivery campaign taking advantage of vulnerable sites has been going strong for over a month now. Sucuri […]
July 5, 2016
Via: MalwarebytesWe have not seen very many large scale malvertising attacks following the mysterious disappearance of the powerful Angler EK. The ones we do see tend to be related to low quality traffic and usually push the less sophisticated RIG or Magnitude […]
Access control, Email security
June 21, 2016
Via: Security WeekMore than half of Alexa top 500 domains allow email spoofing because their owners have failed to properly configure email servers, according to web security firm Detectify. Email spoofing has often been used in spam, phishing and fraud campaigns, which […]
June 14, 2016
Via: Help Net SecurityImperva researchers discovered a long-running and still active illegal attack that has been exploiting vulnerabilities in thousands of legitimate websites to increase SEO results for illicit websites. One of the largest influencers of SEO page rank is how many other […]
June 2, 2016
Via: Security WeekMore than 19 months after it was patched by Drupal developers, a critical SQL injection vulnerability in the popular content management system is still being exploited by malicious actors to hack websites. The vulnerability in question, tracked as CVE-2014-3704 and […]
May 30, 2016
Via: MalwarebytesGraham Cluley drew my attention the other day to an issue that has apparently been known to some for years, but was new to me: clipboard poisoning, an issue where a website can replace what you think is on your clipboard with […]
May 25, 2016
Via: Naked SecurityWith password managers to take care of ch00sing c0MPl1c/\tEd p455WOrdz for us, and with two-factor authentication (2FA) to reduce the value of stolen or poorly-chosen passwords, you could argue that we no longer need to supplant passwords, because they’re easier […]
Threats & Malware, Virus & Malware
February 19, 2016
Via: Hot for SecurityRecent news reports, for example, warned users that they should get rid of adware apps Mintcast 3.0.1 and Shell&Services, which not only display unwanted pop-up ads, but also switch off safe browsing in Firefox. Of course this opens up your […]
February 2, 2016
Via: SC MagazineNeiman Marcus Group (NMG), reported that someone gained unauthorized access to online customer accounts on the Neiman Marcus, Bergdorf Goodman, Last Call, and CUSP websites. How many victims? Approximately 5,200 What type of information? Usernames, passwords, names, mailing addresses, phone […]
December 11, 2015
Via: CSO OnlineMillions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm. The warning comes from Facebook and CloudFlare as browser makers are considering […]
September 3, 2015
Via: vulnerabilitiesEarlier this year the UK Information Commissioner’s Office (#ico), along with 28 other data protection regulators from around the world, announced an #investigation into how #websites and #apps – squarely aimed at #children – were collecting and sharing personal information. […]