After two fixes, OAuth standard deemed secure
OAuth 2.0 is one of the most used single sign-on systems on the web: it is used by Facebook, Google, Microsoft, GitHub and other big Internet companies. A group of researchers …
FBI warns Time Warner Cable of potential data breach
Time Warner Cable will soon be contacting approximately 320,000 of its customers whose accounts have likely been compromised, the company’s public relations director …
Cyber crooks abuse legitimate EU Cookie Law notices in clever clickjacking campaign
Cyber crooks have set up a clever new clickjacking campaign that takes advantage of pop-up alerts that European users are (by now) accustomed to see: the “EU Cookie …
EZCast TV streaming stick leaves home networks vulnerable to attack
Check Point researchers have discovered a vulnerability in the EZCast TV streaming stick that enables hackers to take full control of home networks. EZCast, which has five …
Takedown of criminal gang behind ATM malware attacks
The Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism (DIICOT), assisted by Europol and Eurojust as well as a number of European …
PostgreSQL 9.5: Row level security, Big Data and UPSERT
PostgreSQL 9.5 adds UPSERT capability, Row Level Security, and multiple Big Data features, which will broaden the user base for the world’s most advanced database. …
Fitbit, warranty fraud, and hijacked accounts
Online account hijackings usually end up with the account owners being the main victims, but there are fraudsters out there who are more interested in ripping off companies …
Well-informed tech support scammers target Dell users
Has Dell been breached and its databases containing customer’s personal, computer and tech support data been pilfered? Dell still won’t say yes or no, but many …
Bugs in Drupal’s update process could lead to backdoored updates, site compromise
Drupal’s update process is deeply flawed, says IOActive researcher Fernando Arnaboldi. He recently discovered three separate flaws in it, the worst of which could be …
You can’t stop what you can’t see: Mitigating third-party vendor risk
Third-party vendors are a liability for host organizations, often unwittingly creating backdoors and exposing sensitive data. In fact, according to the Ponemon Institute …
HTTPS Bicycle attack reveals password length, allows easier brute-forcing
Dutch security researcher Guido Vranken has come up with a new attack that could allow attackers to discover the length of a user’s password – and therefore make …
Kingston releases encrypted USB with keypad access
Kingston released the DataTraveler 2000 encrypted USB 3.0 Flash drive, which offers hardware encryption and PIN protection with access through an onboard alphanumeric keypad. …
Featured news
Resources
Don't miss
- Cybercriminals exploit RMM tools to steal real-world cargo
- Former ransomware negotiators allegedly targeted US firms with ALPHV/BlackCat ransomware
- How nations build and defend their cyberspace capabilities
- Uncovering the risks of unmanaged identities
- Deepfakes, fraud, and the fight for trust online