A persistent cross-site scripting (XSS) vulnerability exists in some versions of a popular WordPress caching engine plugin.
Tag Archives: Web Security
FBI Warns of Phony Sites Offering Government Services
The FBI has warned consumers about a rash of phony websites posing as government services.
Vulnerability Forces Mozilla to Disable Opportunistic Encryption in Firefox
Less than a week after introducing the new opportunistic encryption feature in Firefox, Mozilla has had to disable it because of a security vulnerability in the browser’s implementation of the HTTP Alternative Services specification. The bug puts a kink in the new feature, which was designed to allow clients to connect securely to a server […]
Post-Cryptanalysis, TrueCrypt Alternatives Step Forward
CipherShed and VeraCrypt developers stand ready to step in for TrueCrypt now that the cryptanalysis phase of the audit is complete and no backdoors were discovered.
Snapchat Publishes First Transparency Report
Snapchat has released its first transparency report, covering a four-month period from November through February, and the data shows that the company didn’t receive any National Security Letters and got fewer than 400 total requests for data from the United States government. Snapchat, a California company that runs a popular chat and media-sharing service, said in the report […]
SWF Files Injecting Malicious iFrames on WordPress, Joomla Sites
Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites.
Dyre Banking Malware A Million-Dollar Threat
IBM warns banks and corporate officers of a change to the dangerous Dyre banking Trojan that involves the phone scam used to bypass fraud detection, and a DDoS attack that distracts security teams away from big-money transfers.
Threatpost News Wrap, April 2, 2015
Dennis Fisher and Mike Mimoso talk about Google’s decision to drop Chinese CA CNNIC from Chrome’s trust store, the scope of the malvertising threat and Verizon’s super cookie use.
Google Report Lauds Android Security Enhancements
Google’s first Android Security Report puts some hard data behind the effectiveness of the security enhancements it has put into the OS.
Google Awards $5k Bounty for YouTube Video Delete Bug
A Russian security researcher discovered that he could delete any video on YouTube by sending a simple POST request in YouTube’s Creator Studio.