Category Archive for "Web Security"

Business email scams steal $2.3 billion via rogue wire transfers

admin

Over the past two and a half years, cybercriminals have managed to steal over $2.3 billion from thousands of companies worldwide by using little more than carefully crafted scam emails. Known as business email compromise (BEC), CEO fraud or whaling,…

Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited one

admin

Adobe Systems released a security update for Flash Player to fix 24 critical vulnerabilities, including one that hackers have been exploiting to infect computers with ransomware over the past week. The company advised users Thursday to upgrade to the newly…

White House won't support encryption unlocking legislation

admin

President Barack Obama’s administration won’t support legislation to force device makers to help law enforcement agencies defeat encryption, according to a news report. Two senior members of the Senate Intelligence Committee have been floating draft legislation to require device makers…

Sloppy patching, insecure plugins made Panama Papers leak possible

admin

Time and time again, data-breach headlines illustrate the cost of ignoring basic security. Regularly updating software is Security 101, especially if the application in question is public-facing or accessible over the Internet. For content management systems such as WordPress, Drupal,…

RubyGems.org warns developers to verify gems for file tampering

admin

Another day, another reminder to be careful about installing software downloaded from the Internet: This time, the warning is for the Ruby community. The team behind RubyGems.org closed two security flaws on its website that could be exploited by an…

FBI says hack tool only works on iPhone 5c

admin

Only the iPhone 5c running iOS 9 can be unlocked by the tool the FBI bought to crack the iPhone used by one of the San Bernardino killers. The tool does not work on the iPhone 5s or 6, so…

Massive application-layer attacks could defeat hybrid DDoS protection

admin

Security researchers have recently observed a large application-layer distributed denial-of-service attack using a new technique that could foil DDoS defenses and be a sign of things to come for Web application operators. The attack, which targeted a Chinese lottery website…

New Azure tool helps IT tame SaaS apps

admin

More organizations are moving their data out of their data centers and into the cloud, which complicates IT’s efforts to keep track of applications in use. With the new Microsoft Cloud App Security within Microsoft Azure, IT and security teams can…

IDG Contributor Network: You shall not PaaS!

admin

Each year, data and security breaches make big splashes in the headlines. In 2013, an attack against retail giant Target affected more than 40 million customers. A 2010 attack against the Sony PlayStation Network compromised 77 million accounts. The Identity…

Apple fixes iOS lock screen bypass that gives attacker access to photos, contacts

admin

Apple has reportedly fixed a vulnerability that could have allowed hackers to bypass the passcode on iPhone 6s and 6s Plus running iOS 9.3.1 in order to access the address book and photos. The bypass technique was discovered by researchers…