A security firm has discovered a vulnerability in Apple’s Safari Browser that allows attackers to spoof legitimate websites and phish for user credentials. Security firm Deusen reveals that the flaw works by using a short script to force Safari into loading one page while still displaying the URL of another page . This script is provided below: <script> function f() { location="dailymail.co.uk...

On Friday May 15 th , a Canadian news outlet published a copy of the application for a search warrant filed by the FBI after Chris Roberts was removed from a United flight for tweeting about hacking a plane. If you’ve never read a search warrant for electronic devices , it’s an educational read. The purpose of the warrant was to allow the FBI to search the electronic devices they had confiscated...

Last week, we explored the story of Valérie Gignac , a Canadian woman who is believed to have hacked users’ webcams and subsequently harassed them. We now report on the story of Randall Charles Tucker, a serial distributed denial of service (DDoS) attacker who targeted the websites of government authorities whom he felt were guilty of unjust behavior. Tucker, who is known online as the “Bitcoin...

Some mods of the popular computer game Grand Theft Auto V have been found to contain malware. In the game’s online forums , users have identified malicious code in the ‘Angry Planes’ and ‘Noclip’ mods. The former spawns planes that attack players, and the latter allows players to walk through walls and other objects. One GTAForums user aboutseven noticed that a C# compiler was running in the...

Last week, Tripwire compiled a list of the top 10 information security conferences . We made a special effort to ensure that our article included the biggest, most industrialized conferences in the industry, and we feel that we succeeded in capturing the major brands across the infosec conference landscape. Even so, we recognize that information security is host to a wide array of conferences that...

One year after the European Union’s ruling to enact the controversial “right to be forgotten” policy, Google released some details on the petitions it received to remove specific URLs from its search engine. In its latest transparency report , the Internet giant states it evaluated nearly one million (925,586) URLs for removal, dating back to the launch of its official request process on May 29...

Updated at 9:00 AM PST. According to reports , hackers have gained access to a number of Starbucks mobile app accounts. The source of the compromise is reportedly due to account passwords being guessed or reused, giving attackers access to customer accounts through the application program interface (API). If an attacker gained access to a username and password, he or she is able to refill the...

Federal law enforcement have arrested five men for filing close to 1,000 fraudulent tax returns using the stolen information they obtained from a breach that compromised the data of 125,000 people, 88,000 of whom were listed in an Oregon employment company’s database. Lateef A. Animawun, 34, of Smyrna, Georgia; Oluwatobi R. Dehinbo, 30, of Marietta, Georgia; Oluwaseunara T. Osanyinbi 34, of...

It seems more and more companies are beginning to understand the benefits of running a bug bounty program, encouraging vulnerability researchers to report security flaws responsibly (for a reward) rather than publishing details on the web or selling a flaw to potentially malicious parties. The latest high profile firm found running a bug bounty is United Airlines. And rather than offering the...

One of the most fundamental aspects of any information security program requires IT security leaders to effectively communicate how cyber security risks can affect the operation of any business. It’s crucial to gain the support of executives and board members not only for investment purposes but also to successfully execute an enterprise-wide security strategy. By delivering a clear and consistent...

Updated at 8:30 AM PST. A security researcher has discovered a new vulnerability that he claims could allow a hacker to infiltrate potentially every machine on a datacenter’s network, leaving millions of virtual machines vulnerable to attack. According to CrowdStrike Senior Security Researcher Jason Geffner, ‘VENOM’ ( CVE-2015-3456 ), which is an acronym for “Virtual Environment Neglected...

Today’s VERT Threat Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-614 on Wednesday, May 13th. MS15-043 VBScript ASLR Bypass CVE-2015-1684 VBScript and JScript ASLR Bypass CVE-2015-1686 Internet Explorer ASLR Bypass CVE-2015-1685 Multiple Elevation of Privilege Vulnerabilities...

Many IT administrators struggle to protect their company’s server from malware, and one of the most common malicious software that can damage your IT setup is ransomware. Ransomware is hacking software that cybercriminals use to hold the IT system hostage. If the user of the IT system refrains from paying the ransom that is demanded by the cyber criminals, then your system controls will remain in...

Many of us have embraced the “shopping online is not safe” mentality, or at least held that mindset for a time but today, shopping locally has become (arguably) more dangerous than shopping online. When comparing current security issues, one might have a hard time choosing between risking shopping over a potentially unsafe server connection to that of a local retail store shopping experience. A...

The best things in life may be free but in software , that statement isn't so true. A free database based on the code of one of the most popular enterprise databases around sounds like a great deal, but it can quickly turn into a nightmare. With data breaches becoming ever more common, storing data in an unpatched database is like playing Russian Roulette. Surprisingly, that's exactly what anyone...

A security firm has observed that a new type of crypto ransomware whose theme is styled around the popular television series Breaking Bad is targeting Australian computers. In a post published on its Security Response blog, Symantec discusses how the ransomware incorporates several elements from Breaking Bad , which premiered in 2008 and aired its series finale in 2013. “The malware authors cooked...

Last week, we explored the story of Konstantin Simeonov Kavrakov , a Bulgarian who hacked Bill Gates’ bank account and stole thousands of dollars. We now report on the story of Valérie Gignac, a Canadian woman who is believed to have hacked users’ webcams and subsequently harassed them. According to a statement published by the Royal Canadian Mounted Police (RCMP), 27-year-old Gignac, who went by...

According to reports, Google Inc. is planning to release its next Android version with a feature users have been asking for years now – more granular controls to protect their privacy. In a Bloomberg article, sources stated the new feature would now give users the ability to select specific permissions over what data an app can access upon installation, including photos, contacts and location data...

Now more than ever, it’s evident cybersecurity risk oversight at the board level is essential to keep any business or organization afloat – and off the headlines. However, despite the abundance of data breaches and high-profile cyber attacks, C-level executives still lack understanding of these cyber risks, as well as confidence in their organization’s preparedness in the event of a breach...

What's happened? A widespread vulnerability has been found in WordPress, that impacts millions of websites running the popular blogging software and content management system. What's the vulnerability? It's a cross-site scripting (XSS) vulnerability inside the popular JetPack plugin. and the default Twenty Fifteen theme installed on all WordPress sites. The problem lies in the genericons package...