If you think you’re being clever by basing your password on the site you’re visiting or adding a zero to the end of 123456789, you’re not. A new list of the 25 worst passwords, culled from public dumps of passwords stolen in data breaches, shows that these are some of the least useful passwords you[...]
A spambot that behaves similarly to the Cutwail botnet has been discovered. It not only sends out spam messages, but also contains a data-stealing component. Researchers said the malware sends out a good deal of traffic and hides its malicious activity in its own traffic.
Starbucks has patched a vulnerability in its iOS app that was found spilling user data last week but the researcher that found the vulnerability is still encouraging the company to look at an outstanding geolocation issue present in the app.
For the people expecting President Barack Obama to announce sweeping changes to the NSA’s surveillance programs, his speech on Friday likely was a major disappointment. Obama laid out some new controls and limits for some of the more controversial programs, specifically the phone metadata collection system, but much of the speech focused on why the[...]
A hole in Android’s VPN feature could expose what should be securely communicated data as clear, unencrypted text.
A cross-site scripting vulnerability in Microsoft Office 365 casts attention on the need to shore up the security of cloud-based enterprise applications.
While most malware campaigns are aimed at the masses, attackers often save their best stuff for high-value targets, as a recent campaign targeting American journalists and activists from the EFF shows.
President Obama announced reforms to the National Security Agency’s bulk metadata collection program, but maintains it is vital and must continue.
The attackers who infiltrated Target’s network several weeks ago and made off with 40 million credit and debit card numbers used a multi-stage attack, funneling their stolen data through an FTP server and then a VPS server in Russia. It took more than two weeks, but the attackers eventually exfiltrated about 11 GB of data, researchers say.
SCADA software company Ecava announced it has released a patch for a zero day in its HMI product that was disclosed this week at the S4 Conference.