Convenience trumped security bypassing passwords on Facebook
An authentication bypass vulnerability was found in Facebook leading to Google searches that could allow attackers to impersonate people on Facebook without a password. more…Will Anonymous attack Facebook on November 5th? Here’s what you should do about it
If you believe the internet, Anonymous hackers are planning to “take down” Facebook on Monday, November 5th. What should you do about it? more…Malware Steals Image Files from Systems
It appears that information theft has taken a new form: we’ve found a malware that steals image files from all drives of an affected system and then sends them to a remote FTP server. Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .JPG, .JPEG, and .DMP files. Both .JPG […] more…Popular websites leaking system status information, private data and even passwords
Security researchers have discovered that thousands of popular websites are putting their users’ data at risk by leaking internal status information. The sites in question include a host of well known names and should-know-betters including Ford, Tweetdeck, Webex, Php.net and Staples. more…Anonymous ransomware – but who is hiding behind this malware’s mask?
£100 is demanded as payment in order to gain access back to your files. You only have 24 hours to pay up. And the people who are holding your data hostage claim to be part of Anonymous.. more…Apple bumps iOS to 6.0.1, fixes an interesting set of bugs
L33tdawg:If you care about jailbreaks and unlocking, then obviously – DON’T UPGRADE If you have an Apple device that is capable of running iOS 6, you might have resisted upgrading it after hearing people complain about Apple’s new mapping application. But you ought to have grabbed it with both hands for security reasons: iOS 6 […] more…PayPal security holes expose customer card data, personal details
Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories. The holes — which still exist — were recently discovered by a security researcher. One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal’s […] more…Illegal file-sharer gets slapped with $1.5 million in damages
The damages award against illegal file-sharer Kywan Fisher will most likely send him to the poor house. Illinois federal court Judge John Lee ordered Fisher to fork out $1.5 million to adult entertainment company Flava Works this week, according to TorrentFreak. Flava Works sued Fisher for sharing 10 movies he’d previously paid for via BitTorrent. […] more…Calif. begins enforcing law requiring mobile privacy policies
California Attorney General Kamala Harris has begun warning mobile application developers, and companies that have apps available for download, that failing to “conspicuously” post privacy policies within 30 days could mean fines. Tags: Privacy Law and Order more…Firefox dips below 20 percent, Chrome falls, Internet Explorer gains
Mozilla Firefox has—barely—dipped below 20 percent market share for the second time in six months, after an October that saw Microsoft Internet Explorer grow, Google Chrome fall, and mobile browsing account for 10 percent of all Web traffic for the first time ever. Tags: Mozilla Google Microsoft Industry News more…Fancy yourself as James Bond? Take on the #sophospuzzle and win a NERF gun…
There’s a new #sophospuzzle on the go! This time, the theme is Skyfall and Bond, James Bond. You’ll handle a field message from another agent, decode a data file stolen from M’s computer, and unravel a secret location – all in a day’s work for the world’s best-dressed secret agent. more…SSCC 99 – Hurricane Sandy, DMCA, do not track, Barnes and Noble and Facebook
Michael Argast rejoined Chet this halloween to catch up on the week’s news including new DMCA exceptions, Hurricane Sandy scams, Yahoo! ignoring do not track, Barnes and Noble credit cards skimming and Facebook’s donation to spam research. more…Vupen claims to have found zero day Windows 8 exploit
VUPEN says in a Twitter post that they have found a way around the security features for both Windows 8 and Internet Explorer 10. It is now selling that information to any companies or governments willing to pay lots of money to protect their Windows 8 systems. Tags: Microsoft Windows 8 Security Vupen more…AT&T announces cloud-based storage, 5 GB free for iOS users
AT&T’s apparently jumping into the cloud storage fray with a new program called AT&T Locker. AT&T’s cloud-based Locker is hardly new, having been made available to Android users since this past September. But, as of today, iOS users on the network now have the option to enjoy that freemium service as well, with 5GB offered […] more…Security tip: A password manager alone isn’t enough
Everyone knows that for proper security, each and every account needs a complex and unique password. The problem is that it’s just too difficult for most people to remember dozens of fifteen-character passwords. That’s why password managers are so useful: They take care of the memorisation problem, and allow easy and secure access to the […] more…Misconfigured Apache sites expose user passwords, other private data
More than 2,000 websites—some operated by Fortune 500 companies, game sites, and retail outlets—are exposing system status information that can be used by attackers to compromise Web servers or customer accounts, a recent research project found. Sites such as staples.com, cisco.com, and axtel.mx run the popular Apache webserver application with a feature known as server-status […] more…More information
- ANGEL to be unavailable from 5 a.m. – 6 a.m. ET on Wednesday, 9/21
- September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days
- Tim Cook has now led Apple for nine years
- Snapping Links in the Kill Chain: Lessons Learned from a Stealth Pilot
- SIEM Provider Exabeam Acquires SkyFormation
- Pipeline attacker DarkSide suddenly goes dark—here’s what we know
- Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats
- Microsoft warns of ‘man-in-the-middle’ VPN password hack
- Prominent security mailing list Full Disclosure shuts down indefinitely
- Cisco plans to buy security-as-a-service provider OpenDNS