Browsing Category: Vulnerabilities

[img_assist|nid=2757|title=|desc=|link=none|align=right|width=100|height=100]The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while
OAuth 2.0, the next generation of the specification, is devised by a
working group that is collaborating through the Internet Engineering
Task Force (IETF). Read the full article. [Ars Technica]

Read more...

[img_assist|nid=2730|title=|desc=|link=none|align=right|width=100|height=100]Booby-trapped PDF files, posing as messages from the US Department
of Defense, were emailed to US defence contractors last week. The
document refers to a real conference due to be held in Las Vegas in
March. Read the full article. [The Register]

Read more...

[img_assist|nid=2727|title=|desc=|link=none|align=left|width=100|height=100]It’s tax season, and that means IRS-related phishing scams are ramping up. One such fake e-mail hitting in-boxes this past week asks
“U.S.-based employers” to complete an “updated” version of the
government’s W-2 form because of “important changes” within the forms. Read the full article.  [Pittsburgh Post-Gazette]

Read more...

[img_assist|nid=2622|title=|desc=|link=none|align=right|width=100|height=100]Security reporter Brian Krebs goes visual with ATM skimmers, asking readers to look at images and see if they would be able to tell the difference between a real ATM card reader and actual skimming devices. Read the full article. [KrebsonSecurity.com]

Read more...

[img_assist|nid=2725|title=|desc=|link=none|align=right|width=100|height=100]Security measures such as the use of one-time passwords and phone-based user authentication — considered among the most robust forms of IT defenses — are no longer enough to protect online banking systems against fraud, a Gartner report warns. Read the full article. [Computerworld]

Read more...

[img_assist|nid=2677|title=|desc=|link=none|align=right|width=100|height=100]Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement.

Read more...