About
"Distrust and caution are the parents of security" - Benjamin Franklin
A 17 year old German schoolboy posted information over the weekend regarding an apparent cross site scripting (XSS) vulnerability in the popular money transfer site PayPal. The problem lies in the site’s search function and at least in the German version of the website can be triggered by using a string of Javascript alert code.
Apple released QuickTime 7.7.4 for Windows, which patched a handful of vulnerabilities, some which could have led to arbitrary code execution and caused the program to unexpectedly terminate.
Two video game researchers have discovered a slew of zero day vulnerabilities in the engines that run popular first person shooter games like “Quake 4,” “Monday Night Combat,” “Crysis 2” and “Homefront,” among others that could put their servers and the gamers who use them in danger.
A new variant of Citadel malware is making the rounds that are targeting Payza, a money transfer service popular all over the world, especially in developing nations that are under-serviced when it comes to online banking access.
Multiple vulnerabilities have been discovered in both File Lite and File Pro, two file management applications created by Perception Systems for iOS, currently available on Apple’s App Store.
A new malware campaign has been hitting Pakistan hard over the last few months and after a little e-sleuthing, it appears the not-so-stealthy attacks have been originating from nearby India and exploiting a certificate to run its binaries.
Mozilla fixed eight vulnerabilities, three critical, in the 21st build of its flagship Firefox browser yesterday.
Security researcher Adam Gowdiak and his team at Security Explorations have discovered another slew of issues that stem from the way Java is implemented in certain versions of software, in this case, IBM’s SDK.
Google has released a new Transparency Report, this time pointing out sharp increases in the number of government requests from Brazil and Russia it received to remove content from Google-branded websites.
As Twitter continues to secure its footing in the social network spectrum, it continues to be complemented by an ongoing deluge of spam and malware, intent on tapping into – and duping – the social network’s 200 million plus users.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
