Google removed 132 apps infected with malicious iFrames from its Google Play store.
Tag Archives: Web Security
Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum
Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times.
Yahoo Tells SEC Executives Failed to Act on Breach
Yahoo said in its latest SEC filing that executives and legal reps failed to act sufficiently on the information they had about breaches that exposed more than 1 billion account records.
Google reCaptcha Bypass Technique Uses Google’s Own Tools
A proof of concept bypass of Google’s CAPTCHA verification system uses Google’s own web-based tools to pull off the skirting of the system.
Slack Fixes Cross-Origin Token Theft Bug
The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user’s private Slack token.
Million-Plus WordPress Sites Exposed by Vulnerable Plugin
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
Dridex Trojan Gets A Major ‘AtomBombing’ Update
Dridex has undergone a massive update and now sports a new injection method for evading detection based on the technique known as AtomBombing.
Children’s Voice Messages Leaked in CloudPets Database Breach
Voice messages from children sent through an internet-connected toy called CloudPets were stolen from an exposed MongoDB database, which has been wiped clean and the data held for ransom.
Torvalds Downplays SHA-1 Threat to Git
The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm.
Google Discloses Another ‘High Severity’ Microsoft Bug
Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers.