The attack on the Office of Personnel Management that was disclosed earlier this month began as early as December 2014 and likely was the end result of a social engineering attack that enabled the hackers to gain valid user credentials and move around OPM’s network. During a hearing on Capitol Hill Tuesday to address the […]
Tag Archives: Web Security
Plaintext Credentials Threaten RLE Wind Turbine HMI
A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor. […]
FBI Investigating Alleged Attack on Houston Astros
In one of the more bizarre alleged hacking stories to emerge recently, federal authorities are investigating whether employees of the St. Louis Cardinals hacked into systems belonging to the Houston Astros and got access to internal team conversations about players, trades, scouting reports, and other sensitive information. The alleged attack against the Astros’ network is the focus […]
Information-Stealing Stegoloader Malware Hides in Images
Dell SecureWorks said a new version of the Stegoloader malware uses steganography to hide itself from detection.
Amazon Transparency Report Shows Few Requests For User Data
Amazon has released its first transparency report, and for a company as large as Amazon, there is surprisingly little in the way of detail or explanation in the report. The company reported that it received 813 subpoenas, 25 search warrants, and 0-249 national security requests. Of the 813 subpoenas Amazon received in the first five […]
Duqu 2.0 Attackers Used Stolen Foxconn Certificate, Signed Driver
The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and many other companies. Researchers at Kaspersky Lab, who discovered […]
Popular WordPress SEO Plugin Fixes XSS Bug
The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to execute arbitrary HTML code. The bug may have been reported to the plugin’s developer as long as two years ago, but it was still […]
US Navy Soliciting Zero Days
A RFP, which has since been taken down, surfaced last week from the Naval Supply Systems Command seeking operational exploits and vulnerability intelligence for commercial software from leading IT vendors.
Cisco Patches IPv6 Vulnerability in Carrier-Grade Router System
Cisco patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.
Snapchat Offers Users Optional Two-Factor Authentication
Snapchat has given its users the choice of enabling two-factor authentication in the latest version of the photo- and video-sharing app.