Chris Brook

An apparent misconfiguration exists in W3 Total Cache (W3TC), a popular plugin for the WordPress blogging platform, that could allow an attacker to browse and download password hashes and other database information. W3 Total Cache (W3TC) is a framework for Wordpress that helps speed up blogs by caching content.

Spammers are attempting to deceive unsuspecting users into clicking on fake YouTube links that lead to a counterfeit drug website, according to a report yesterday from security firm Webroot.

Google announced late last week it would begin halting the silent installation of extensions on its flagship Chrome browser.

UPDATE – A new Apache module, Linux/Chapro.A, is making the rounds, injecting malicious content including a popular Zeus variant into web pages.

A pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks if the right script is run, according to web application security firm Acunetix.

Apple has made updates to its malware definitions to address yesterday’s news of a new OS X Trojan, SMSSend.3666, that was disguising itself as legitimate software and confounding Russian users.

Medi-Cal, California’s Medicaid welfare program, came clean to customers this week admitting it mistakenly posted almost 14,000 of its users’ Social Security numbers online last month.