Articles about web security

lottery

Bad luck, Ireland: DDoS attack disrupts isle's National Lottery

A DDoS attack disrupted the Irish National Lottery’s website and ticket machines on Wednesday (January 20). The draw took place as normal despite two hours of disruption beforehand. "Indications are that this morning's technical issues were as a result of a DDoS attack affecting our communications networks," a statement from …
John Leyden, 21 Jan 2016
Linux password file by https://www.flickr.com/photos/132889348@N07/  CC 2.o attribution sharealike generic https://creativecommons.org/licenses/by-sa/2.0/

It's 2016 and idiots still use '123456' as their password

Put your head in your hands, sysadmins: the usual weak suspects continue to make up the top most used 25 passwords. The ubiquitous ”123456" remains the most popular password among web users, followed by "password" in a list of user credentials leaked online last year. “Qwerty” appears in fourth place of the list of …
John Leyden, 20 Jan 2016
Asda Recycling Site, Belvedere On Crabtree Manorway North. Copyright David Anstiss and licensed for reuse under this CC 2.0

Shop online at Asda? Website vuln created account hijack risk

Updated Retailer Asda dragged its heels for nearly two years before finally this week tackling a set of security vulnerabilities reported to it by a UK consultant. Asda has acknowledged the flaws - which Paul Moore, who discovered them, argues offer up an account hijack risk - but played down their significance. Moore told El Reg …
John Leyden, 19 Jan 2016

Distil gets into a Scrape to boost bot defences

Distil Networks has bought managed security services provider ScrapeSentry in order to step up its fight against bots and ad fraud. Financial terms of the deal, announced on Wednesday, were undisclosed. Bots are routinely used by hackers and fraudsters alike in all manner of malfeasance including but not limited to competitive …
John Leyden, 13 Jan 2016

Password reset invoked after vBulletin.com forum software site defaced

The official website of vBulletin.com forum software has hit the big red password reset following a breach by hackers that exposed the IDs of hundreds of thousands of users. A hacker claimed the had made off with a combined 480,000 records after an attack that led to the defacement of the vBulletin.com and a reported hack …
John Leyden, 3 Nov 2015
Wordpress logo

WordPress blogger patch foot-drag nag: You're tempting hackers

Misconfigured and unpatched WordPress sites are causing a rash of problems both to themselves and the wider internet. In fact, this ever-present internet security threat has flared up again over the last week because of several new issues. The most pressing problem involves a recent brute force amplification attack on …
John Leyden, 20 Oct 2015

Experian-T-Mobile US hack: 'We trusted them, now that trust is broken'

Analysis The IT security breach that spilt the personal details of an estimated 15 million T-Mobile US phone contract applicants has thrown a new spotlight on the risks of breaches at third-party companies. T-Mobile's own systems weren't compromised. Rather, the source of the leak was Experian, the company that processed the carrier's …
John Leyden, 2 Oct 2015

These US Presidential contestants can't even secure their websites – what hope for America?

The majority of US presidential candidates' websites failed a basic privacy and security audit. In the Presidential Candidate Online Trust Audit, an audit by the Online Trust Alliance (OTA), the failures in 17 out of 23 cases came as a result of a variety of poor privacy practices, including the sharing or trading of website …
John Leyden, 22 Sep 2015

Ashley Madison: ‘Our site is full of women, and members are growing’

Embattled adultery website Ashley Madison has launched a rearguard action, claiming new sign-ups and more female members in the aftermath of July’s megahack. Self-styled “King of Infidelity” Noel Biderman quit as chief exec of Avid Life Media, the parent firm of Ashley Madison, on Friday. To recap, all hell has broken loose …
John Leyden, 1 Sep 2015
Marc Benioff of Salesforce. Pic: Techcrunch

Salesforce plugs silly website XSS hole, hopes nobody spotted it

A cross-site scripting (XSS) vulnerability on Salesforce's website might have been abused to pimp phishing attacks or hijack user accounts. Fortunately the bug has been resolved, apparently before it caused any harm. Cloud app and security firm Elastica said the issue affected a Salesforce sub-domain – admin.salesforce.com …
John Leyden, 14 Aug 2015

Major web template flaw lets miscreants break out of sandboxes

Black Hat 2015 A serious fresh category of web security vulnerability creates the potential for all sorts of mischief, security researchers warn. Template engines are widely used by web applications in order to present dynamic data via web pages and emails. The technology offers a server-side sandbox. The commonplace practice of allowing …
John Leyden, 5 Aug 2015
Blackmail

Ashley Madison hack: Site for people who can't be trusted can't be trusted

Ashley Madison, a popular website for married people wishing to cheat on their other halves, has been hacked with obviously serious implications for those whose details it held. Previously unknown hacking group The Impact Team posted online caches of personal data stolen from the website, whose motto is "Life is short. Have an …
John Leyden, 20 Jul 2015

Adult FriendFinder hack EXPOSES MEELLIONS of MEMBERS

Hackers have pilfered and published the personal details and sexual preferences of 3.9 million users of hookup website Adult FriendFinder. Lusty lonely hearts, including those who asked for their account to be deleted, have been left in an awkward position after hackers broke into systems before uploading the details to the …
John Leyden, 22 May 2015
Lego lumberjack

Average enterprise 'using 71 services vulnerable to LogJam'

As many as 575 cloud-based services have been left at risk to the newly discovered LogJam crypto vulnerability, according to cloud security specialists Skyhigh Networks. LogJam creates a means for hackers to weaken encrypted connections between a user and a web or email server. The vulnerability was discovered as part of …
John Leyden, 20 May 2015
spy_eye_648

Mobile spyware firm mSpy hacked, clients doxxed on dark web

Mobile spyware firm mSpy's database has appeared on the dark web, following an apparent hack on its systems last week. Emails, text messages, payment details, Apple IDs, passwords, photos and location data for mSpy users have all been exposed, according to investigative reporter Brian Krebs, who broke the story about the …
John Leyden, 15 May 2015
"MauthausenCrematorium" by ‏Harel‏ • שיחה. Original uploader was Harel at he.wikipedia - Transferred from he.wikipedia; transferred to Commons by User:Faigl.ladislav using CommonsHelper.(Original text : אני צילמתי). Licensed under Public Domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:MauthausenCrematorium.JPG#/media/File:MauthausenCrematorium.JPG

Cyber-scum deface Nazi concentration camp memorial website

Sicko cyber-crooks defaced the Mauthausen-Gusen concentration camp memorial website with images of child abuse late last week. The attack on the site coincided with the run up to the 70th anniversary of the liberation of the Nazi death camp by US troops in May 1945 as well as wider VE-Day commemorations. The site (en. …
John Leyden, 11 May 2015

Google Password Alert could be foiled with just 7 lines of JavaScript

Google has been obliged to revise its Password Alert anti-phishing protection just hours after releasing it when security researchers showed how the technology was easily circumvented. Security consultant Paul Moore (@Paul_Reviews) has published a proof-of-concept JavaScript exploit that skirted the defensive technology with …
John Leyden, 1 May 2015
Bounty hunters

Bounty! hunter! discovers! holes! in! Yahoo! Stores! security!

Security researcher Mark Litchfield is $24,000 the richer after discovering three vulnerabilities involving Yahoo! Stores and hosted websites. The three vulnerabilities were fixed by Yahoo! after Litchfield alerted the internet giant through its bug bounty programme. The first and most serious of the vulnerabilities opened up …
John Leyden, 16 Mar 2015

Create a news alert about web security, or find more stories about web security.

Biting the hand that feeds IT © 1998–2017