A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.
Browsing Category: Web Security
Researchers from ERPScan said SAP’s HANA in-memory database contains a default static encryption key.
Major telecoms like AT&T and Verizon continue to lag behind in the Electronic Frontier Foundation’s annual “Who Has Your Back” report.
In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more of their resources and services. The latest large property to make this move is Reddit, which by the end of the[…]
Drupal has patched several vulnerabilities in versions 6 and 7 of the content-management system, including a critical bug that enables an attacker to hijack administrators’ accounts and take arbitrary actions on target sites. That vulnerability lies in the OpenID module in Drupal that enables users to authenticate themselves using the OpenID protocol. The protocol is based[…]
LinkedIn today announced that since October it has been running a private bug bounty, and to date has patched 65 bugs and paid out $65,000 in rewards.
The attack on the Office of Personnel Management that was disclosed earlier this month began as early as December 2014 and likely was the end result of a social engineering attack that enabled the hackers to gain valid user credentials and move around OPM’s network. During a hearing on Capitol Hill Tuesday to address the[…]
A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor.[…]
In one of the more bizarre alleged hacking stories to emerge recently, federal authorities are investigating whether employees of the St. Louis Cardinals hacked into systems belonging to the Houston Astros and got access to internal team conversations about players, trades, scouting reports, and other sensitive information. The alleged attack against the Astros’ network is the focus[…]
Dell SecureWorks said a new version of the Stegoloader malware uses steganography to hide itself from detection.