A security researcher discovered a simple vulnerability in Verizon Wireless’s Web-based customer portal that enabled anyone who knows a subscriber’s phone number to download that user’s SMS message history, including the numbers of the people he communicated with.
Browsing Category: Social Engineering
Late last year the world’s largest social network announced that it would begin removing a popular privacy feature that let users regulate whether other users could search for and locate their profiles with the Facebook search function.
Cybercriminals’ use of Bitcoins and Web-based currency exchanges has made a tried-and-true law enforcement strategy of following the money to arrest criminals close to impossible.
A new phishing campaign is disseminating malicious links with emails purporting to come from CNN saying that the United States has initiated military strikes against the embattled regime of Syrian President Bashar al Assad.
Italian security researchers report that as many as 800,000 Chrome users had browser sessions hijacked after falling victim to phony Facebook messages that eventually led users to malware posing as a video plug-in.
Late Tuesday morning, one of the engineers in CloudFlare’s San Francisco office saw a message on Twitter saying that the New York Times Web site was down. Minutes later, more messages appeared, as security researchers and others began looking into the situation and realized that someone may have compromised the site’s DNS records. Understanding the ramifications of that sort of attack, if that’s in fact what it was, Matthew Prince, CloudFlare’s CEO sent an email to Rajiv Pant, the CTO of the Times, saying that the company’s engineers would be available if Pant needed some help figuring out the situation. He did.
Like most major Web and software companies, Facebook receives a lot of bug reports. As one researcher learned recently, not all bugs are created equal, and Facebook doesn’t like people messing with its users–or its executives.
A member of Facebook’s security team acknowledged over the weekend that the group could’ve taken further steps to verify a vulnerability initially brought to their attention by an independent security researcher last week but that the company largely adhered to its bug disclosure policy.
Researchers have spotted a new version of the Jigsaw pen-testing tool which builds email lists used in spam and phishing campaigns from the Jigsaw business directory.
Every summer, the hacker intelligentsia descends on Las Vegas like a swarm of thirsty locusts that spends seven days chasing free drinks and avoiding sunlight at all costs. Black Hat and DEF CON week can be an overwhelming and confusing experience, especially for the uninitiated or agoraphobic. But fear not, Threatpost has your back.