Web Security


Adobe to Patch Reader Information Leak Bug

Adobe is planning to patch a fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can’t be used for code execution, but researchers say it could be used as part of a larger attack.

Reputation.com Notifies Customers of Network Attack

A company known for burying bad information to improve its customers’ online images let everyone know this week its network was hacked. Reputation.com sent e-mails to thousands of customers in more than 100 countries to let them know of the attack.

Nearly Nine in Ten Websites Contain One Serious Vulnerability

For at least the third year in a row, the number of serious vulnerabilities per website has fallen. That sounds like good news until you look at the numbers and realize that the average website carried an astonishing 56 holes in 2012, according to statistics compiled by WhiteHat Security and based upon data gathered from tens of thousands of websites.


Dennis Fisher talks with Jack Daniel of Tenable about his early days as a car guy, his accidental introduction into security and his second life as an amateur blacksmith. Download: 06_jack_daniel.mp3 Image via AJolly‘s Flickr photostream, Creative Commons.

There is a newly identified ongoing attack campaign in which attackers are using compromised Apache HTTP binaries to redirect users to malicious sites serving various flavors of malware, including the Blackhole exploit kit. Rather than going the traditional route of simply injecting malicious code onto target Web sites, this attack crew is replacing the existing […]

Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year, is working to make two-factor authentication the […]

Adobe has named Brad Arkin to the newly created position of CSO, a major expansion of responsibilities for Arkin, who has been leading the company’s product security and privacy initiatives. Adobe has been in the security spotlight for several years now, as attackers have focused their attention on the company’s portfolio of products that enjoy […]

A pair of popular WordPress plugins used to help sites cache content have fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super Cache and W3 Total Cache contained a vulnerability that allowed for PHP code injection through a simple attack vector, but both plugins have […]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.