Web Security

Twitter has made a couple of changes to the service’s login process to help prevent account takeovers and enable users to reset their passwords in a simpler way. A Twitter account is among the more valuable assets for an attacker who is targeting a specific person. Accounts typically are tied to a user’s main email […]

Cisco has patched a handful of buffer overflows in several of its WebEx products that could allow an attacker to execute arbitrary code or crash a vulnerable application. The bugs affect the WebEx WRF and ARF players and some of Cisco’s Business Suite builds, WebEx 11 and WebEx Meetings Server also are affected by at […]

A bug in the developer and early adopter version of Google Chrome called Canary fails to display URLs of a certain character length, potentially facilitating phishing attacks.

UPDATE–Ransomware has been wreaking havoc on desktops for many years now, with attackers demanding that victims pay a fee to unlock the infected system. This kind of malware hasn’t been a huge issue yet on mobile devices, but that’s beginning to change, albeit slowly. A new piece of mobile malware targeting Android is being sold by the same group responsible […]

A new alliance composed of privacy and digital rights advocates are encouraging internet users to block mass surveillance and fight back against the National Security Agency on June 5.

A serious vulnerability in both the OAuth and OpenID protocols could lead to complications for those who use the services to login to websites like Facebook, Google, LinkedIn, Yahoo, Microsoft, PayPal among many others.

The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL.