You Are Here: Home » Industry News

WordPress Fixes Critical Cross-Site Scripting Flaw; WordPress 4.0.1 Released

WordPress has fixed in its newest version (4.0.1) a critical cross-site scripting vulnerability that could allow anonymous attackers to compromise WordPress web sites, according to its security release. The cross-site scripting flaw, which occurs on versions from 3.0 to 3.9.2, was discovered by Jouko Pynnonen from Klikki Oy IT company. "The JavaScript injected into a comment is executed when the target user...

FBI Offers $1 Million Reward for Romanian Cybercriminals

The FBI is offering a bounty of up to $1 million for information about two Romanian fugitives involved in a massive cyber fraud scheme, the bureau announced in a press release. Nicolae Popescu and Dumitru Daniel Bosogioiu made it to the FBI’s Most Wanted Cyber Fugitive List after participating in a long-term cyber-fraud conspiracy that inflicted losses of over $3 million on US businesses. “As alleged, while...

WhatsApp Rolls Out End-to-End Encryption for Millions of Users

WhatsApp has started to fully encrypt communications by default in what may be “the largest deployment of end-to-end encryption in history,” according to news reports. The company will integrate Textsecure, an open-source software created by Open Whisper Systems. The encryption protocol will cypher messages using a key that only the user can access and is found exclusively inside the user’s device. “For the...

Alleged Backdoor Leaking Hashes in BitTorrent Sync; BitTorrent Says There’s no Backdoor

Popular sharing app BitTorrent Sync has been allegedly found to contain a backdoor that was leaking hashes, according to an analysis by Hackito Ergo Sum hackers. BitTorrent Sync, which has been downloaded some 10 million times, is said to be 16 times faster than its competitors. The researchers at Hackito alleged that the apps' backdoor was put in after the first release at NSA's request. Photo Credit: Hack...

New Snapcash Feature Triggers Concern; Users Call it ‘Future of Cam Girls’

New security concerns were raised after Snapchat launched a feature that allows users to send cash within the app, according to media reports. On Reddit, users named Snapcash “the future of cam girls,” saying the service will also be used to pay for online prostitution. To ease security concerns, Snapcash is powered by credit card processing and business solutions company Square. The service handles the bac...

Tor Admins Call for Calm after Research Attack Reveals 81 Percent of Users

The Tor project has called for calm despite research that shows 81 percent of users could be identified using Cisco's NetFlow technology, according to The Register. The study revealed that powerful attackers such as nation-state hackers could reveal Tor users' identity with a false-positive rate of 6.4 percent, while an autonomous system could reveal about 39 percent of users. The paper On the Effectiveness...

Google’s DoubleClick Advertising Platform Vulnerable to Open Redirect Attacks

Google's DoubleClick advertising platform has been found vulnerable to Open Redirect attacks, according to the report by security researcher Wang Jing on the Tetraph blog. Open Redirect vulnerabilities are not included in Google's Bug Bounty program today due to its thorough measures against attacks leveraging this kind of flaw. "Since the wide usage of Google DoubleClick.net advertising system, it is very...

Windows Secure Channel Fixed on Patch Tuesday

A critical flaw (CVE-2014-6321) from Secure Channel (Schannel) Windows component that allowed attackers to execute code remotely has been patched on this November's Patch Tuesday, according to Microsoft. Schannel component implements the TLS and SSL authentication protocols for encrypted communications between server and client. "A remote code execution vulnerability exists in the Secure Channel (Schannel)...

Adobe Fixes 18 Critical Flaws in Flash Player

Adobe has released its latest Flash Player revision to fix 18 critical vulnerabilities, according to Security Bulletin APSB14-24. "These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system," the summary stated. Adobe Flash Player for Desktop Runtime, Extended Support Release, Flash Player for Chrome and Internet Explorer on Windows, Macintosh and L...

German BND Demands Money to Buy Zero-Day Flaws for Surveillance

Germany's federal intelligence service, the Bundesnachrichtendienst (BND), has been requesting government funds through its Strategic Technical Initiative for bug hunting in protocols such as SSL and HTTPS, according to The Local media outlet. The bugs are to be used for surveillance. "There is a lively grey market online among hackers and security researchers for `zero day’ exploits," the article said. "Bu...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top