Web Security News, Articles and Updates

Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers

Security researchers report discovering several vulnerabilities and security lapses in Kaspersky Lab's my.kaspersky.com web portal, saying the flaws exposed users to potential session hijackings and account takeovers.

Researchers: Malicious Chrome extensions infected 500K workstations

More than a half-million workstations at major global organisations were recently found infected with malicious Chrome web browser extensions that were likely used to commit click fraud and SEO manipulation.

Malicious websites steal from vulnerable Electrum cryptocurrency wallets

The popular Bitcoin client Electrum has developed a patch for a critical vulnerability that allows malicious websites to steal from digital wallets that are not password-protected.

Scammers create fake emulators for new Nintendo gaming platform

A YouTube page that supposedly allows visitors to download a Nintendo Switch emulator program actually installs a downloader that introduces a potentially unwanted application called OneSystemCare.

eBay asking users to switch from keyfob to SMS 2fa

The move has proven as a controversial one, after NIST ruled SMS two-factor authentication as no longer secure enough.

Skyscanner's approach to ensuring their business is secure

Stuart Hirst, IT Security Manager of Skyscanner shared his approach to IT security this morning at Cloud Security Expo.

Zscaler fixes XSS vulnerability in admin portal affecting co-workers

Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.

Guessing passwords of targeted users easier than you think, warn researchers

A new report that demonstrates how hackers can easily crack a targeted user's passwords with a minimal amount of information underscores the dangers of data leaks and poor password management.

Hackers steal 43 million credentials from Weebly

Web design platform notifying customers after being hit eight months ago

Your business website NOW has at least one severe vulnerability - giving hackers open access - what can you do?

Statistically your company website already has at least one severe flaw - and there could be many more, says Ian Muscat. Why are website vulnerabilities so frequent and on the rise? What should organisations be focusing on and how can they protect themselves in the future?

Spotify serving malicious ads to freemium users

Several Spotify users are reporting that the streaming music service is serving malware to its users through its advertiser network.

49% of UK online users don't delete their old web accounts

Nearly half (49 percent) of the UK public don't delete accounts on the web that they no longer use.

Popular Russian boxing website compromised

A cyber-criminal could be risking a serious beating by compromising the popular Russian boxing site allboxing[.]ru with a redirect to a third-party site containing a Russian banking Trojan.

86% of over-55s worldwide think they're safe from cyber-criminals

Nearly all (86 percent) over-55s don't believe that they're targets for cyber-criminals.

Black Hat Las Vegas: SSL/TLS HEIST attack can grab personal info

A new technique unveiled at Black Hat can attack SSL/TLS and other secure channels purely in the browser.

Brexit leads to pageviews — pageviews lead to malware

Media and news websites represent some of the world's most trusted brands. Jason Steer explains why they can be security vulnerabilities for their readers — and what you can do to protect yourself.

Russian web hub Deer.io offering stolen goods and exploit services, report

A robust underground marketplace for the sale of stolen products from compromised accounts as well as shady online services has been detected in Russia.

Not OK - data on 70k OkCupid users exposed

A semi-private database consisting of the identities of 70,000 users of the dating website OkCupid was published on the internet as part of a university research paper.

Malware popups delivered with Pirate Bay downloads, report

Torrent site's users received malware warnings.

Sixth teen arrested in breach of UK ISP TalkTalk

A teenager turned himself in to police in Staffordshire, UK, where he was arrested on charges stemming from a breach of internet services provider TalkTalk.

Educational network Janet hit with DDoS attacks

A wave of DDoS attacks were launched against the government-funded education network Janet yesterday morning.

76 percent of IT pros hesitant to weaken or defeat security measures

76 percent of IT professionals disagree that companies should weaken or defeat their own security measures to give authorities access to encrypted content.

Several bugs detected in IBM Java Runtime

Multiple vulnerabilities that could enable a remote attacker to launch a denial-of-service attack have been detected in the IBM Runtime Environment Java Technology Edition v6.

Symantec detects 3500 servers infected with a malicious script

Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects its victims to other compromised websites and said it believes could be part of a recon effort for future attacks.

Fitbit warranty fraud bombards and fools customer service

Recent warranty fraud attempts on Fitbit have occurred in the last few months, with customer service being barraged with emails from customers claiming that their device is not working as expected and demanding replacements.

John McAfee launching funding drive for password replacement technology

John McAfee takes time out of his presidential bid to push to make passwords obsolete.

Gyft resets some customer passwords following breach

Passwords have been reset for a number of Gyft users as a precaution after account data was reported for sale.

Whale hunting policy leads to hacktivists' DDoS attack on Japan PM's site

The website of Japan's prime minister Shinzo Abe was rendered inaccessible on Thursday owing to a DDoS attack.

New ransomware stealing digital wallets

A new barrage of ransomware, capable of siphoning off digital wallets from Windows users, has been detected.

Smart TVs not all that bright when it comes to fighting cyber-threats

Smart TVs are not being targeted by hackers right now, but a researcher at Symantec has noted that cyber-criminals have a wide range of options if they wish to breach the average Smart TV.