Face.com Fixes Flaw to Prevent Facebook and Twitter Hijacks

A significant flaw in the Face.com mobile application KLIK has been fixed to prevent Facebook and Twitter users from having their accounts hijacked.KLIK is a camera app that uses face recognition to tag friends in Facebook photos in real time. It also apparently granted access to KLIK users’ private authentication tokens for Facebook and Twitter accounts, allowing them to be taken over by another user.

Claims Of Attack On Visa, Mastercard Fizzle

One day after a hacker using the handle “Reckz0r” claims to have infiltrated 79 different banks and leaked information allegedly belonging to Visa and MasterCard customers, there are questions about whether a hack actually occurred.

The number of compromised sites detected each month by Google’s antimalware and anti-phishing systems has been dropping rather steadily from a peak of more than 300,000 in early 2009 and is now down around 150,000. However, the company’s statistics also show that the number of outright malicious attack sites is back on the rise.

Many people would consider themselves lucky to be a part of one successful start-up company, but for a select group of entrepreneurs, engineers and executives, that’s just the beginning. Such is the case for the team behind new mobile security firm Bluebox, a stealth-mode company that counts SPI Dynamics founder Caleb Sima and Adam Ely, a former top security official at Salesforce.com and Disney among its key executives and has just raised $9.5 million in funding.

New evidence suggests that a Web site hosting software updates for life saving medical equipment was the victim of a massive SQL injection attack and may have been redirecting visitors to a site serving up attacks and malicious software for months before the company became aware of the compromise.

In case you thought that the mass exodus of researchers from TippingPoint’s Zero Day Initiative in recent months meant that the demand for third-party vulnerability markets was waning, fear not. Several former members of the ZDI team have come back together to form a new firm called Exodus Intelligence that will have its own vulnerability purchasing program, among other offerings.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.