Articles about website security

Games for Windows Marketplace

Boomerang rebound: Site shut amid credit card securo-fears

Video game rental company Boomerang Rentals has pulled down the shutters on its websites amidst unconfirmed concerns that it have may have suffered a security breach that spilled customers' credit card details. Boomerang's homepage has been "down for maintenance" since Sunday. The move followed multiple customers reporting …
John Leyden, 12 Jan 2015
BUS SPOTTERS SPOT BLUESTAR

Islamic script kiddies aim killer blow - at Bristol bus timetable website

Bristol residents looking for bus and train timetables were confronted by a message from Islamic militants following a defacement of the TravelWest website. A self-styled "Arab Security Team" called Darkshadow sprayed digital graffiti on Bristol-based travel information website www.travelwest.info. Local reports speculate …
John Leyden, 2 Jan 2015
Uber - living the dream

Taxi app Uber plugs 'privacy-threatening' web security flaw

Updated A potentially nasty XSS vulnerability discovered on the website of controversial ride-sharing service Uber has been fixed, according to the security researcher who reported the bug. The cross-site scripting vulnerability put visitors at risk of being compromised via theft of cookies, personal details, authentication …
John Leyden, 10 Dec 2014
Barbed wire against a clear blue sky

Google kills CAPTCHAs: Are we human or are we spammer?

Google has developed a new CAPTCHA-like system to allow people, and not automated software, into websites with only a single click. The "No CAPTCHA reCAPTCHA" offers a tick box for humans to check rather than distorted text to decipher. It's designed so that automated spam software is still fooled by it and gets stuck on the …
John Leyden, 3 Dec 2014
Fawlty Towers

Watchdog bites hotel booking site: Over 3k card details slurped

Hotel booking website Worldview Limited has been fined £7,500 over a security breach involving its website that allowed hackers to swipe the full payment card details of some 3,814 customers. Sensitive data was accessed after the unidentified attacker exploited a SQL injection flaw in Worldview website to access the firm's …
John Leyden, 5 Nov 2014

Tripadvisor site coughs to card data breach for a potential 800k users

TripAdvisor has suffered a data breach at its Viator tour-booking and review website. An estimated 1.4 million Viator customers are potentially affected by the compromise, which the firm admits may have exposed payment card data. The compromise also potentially aired the email address, password and Viator "nickname" …
John Leyden, 23 Sep 2014
Lock security

Hacker claims breach of Wall Street Journal and Vice websites, punts 'user data' for sale

A hacker known for attacking news websites has claimed successful hacks against both the Wall Street Journal and Vice. An individual going under the handle "w0rm" posted screenshots in a bid to substantiate his claims of hacks against the WSJ (here) and Vice (here) before offering to sell stolen databases from both …
John Leyden, 22 Jul 2014
Syrian Electronic Army threat tweet

SEA hacks Reuters website widget DESPITE 2FA security

Hacktivists with the Syrian Electronic Army have hit news agency Reuters again. Surfers intending to catch up with the latest news were briefly redirected to a page run by the Syrian Electronic Army. The page (screenshot via HotforSecurity here) berated Western media reports about the conflict in Syria. The SEA has previous …
John Leyden, 24 Jun 2014
Zombie cloud

Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln

Visitors to a video distribution website were unwittingly turned into participants in a hacker's DDoS battle against a third-party site earlier this month. DDoS mitigation firm Incapsula identified the video website as Sohu.TV, after the Chinese streaming site plugged a vuln that enabled the browser-based botnet attack to …
John Leyden, 25 Apr 2014
Hacker mug 06.12.02

Ethical hacker backer hacked, warns of email ransack

The IT security certification body that runs the Certified Ethical Hacker programme has itself been hacked. The EC-Council said the same hackers who ran the DNS poisoning attack that resulted in the defacement of its website in late February had also managed to access the control panel for its website after breaking into the …
John Leyden, 13 Mar 2014
Angry Birds Rio

Angry anti-NSA hackers pwn Angry Birds site after GCHQ data slurp

Anti-NSA hackers defaced ‪Rovio's official Angry Birds website ‬on Tuesday night as a reprisal against revelations that GCHQ and the NSA were feasting on data leaked from the popular smartphone game. Spying Birds: Angry Birds defaced by irritated hackers. Angrybirds.com became "Spying Birds" as a result of the defacement ( …
John Leyden, 29 Jan 2014
hot_dog

MailOnline pulls recipe site after innocent young cookbook DEFILED

The Mail Online has pulled its recipes website after it was vandalised by Libyan cyber-hijackers. The UK mid-market tabloid's content partner MyDish was defaced by "The Great Team" hacking crew on Monday in a hack recorded by defacement archive Zone-h here (warning: link auto plays mildly annoying music). The defacement is …
Team Register, 20 Dec 2013

Obamacare website 'either hacked or will be soon', warns infosec expert

Hackers have thrown multiple attacks at US President Obama's medical insurance bazaar HealthCare.gov since it went live in October, according to a senior US government official. Acting assistant Homeland Security secretary Roberta Stempfley told a hearing of the House Homeland Security (HHS) Committee that the website was …
John Leyden, 19 Nov 2013
anonymousMEET

Anon hacktivists tear through Philippines govt in web graffiti rampage

Government websites were defaced in the Philippines by hackers who claim affiliation with Anonymous amid a protest against alleged corruption. The vandals hijacked sites on Sunday with a message that attempted to rally support for a demonstration against lawmakers' alleged misuse of public money, and demanded the abolition of …
John Leyden, 6 Nov 2013

PHP.net resets passwords after malware-flinging HACK FLAP

The team behind popular web programing site PHP.net is in the process of restoring services and tightening security in the aftermath of a hack that exposed visitors to JavaScript-based exploits. Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were …
John Leyden, 25 Oct 2013

Adobe hackers strike again: PR Newswire grovels to clients after latest hack'n'grab

PR Newswire has been forced to reset its clients' passwords following a security breach linked to the same hackers who smashed into Adobe earlier this month. The hackers made off with the usernames and encrypted passwords of the marketing and press release distribution service's customers, reports investigative journalist …
John Leyden, 21 Oct 2013
Photo of Kermit the Frog at NASA

Angry Brazilian whacks NASA to put a stop to ... er, the NSA

Multiple NASA websites were defaced last week by a Brazilian hacktivist who may have misread the sites' URLs, because he wasn't protesting about the US space agency giving joyrides to inhuman stowaways – he was protesting against NSA spying. “BMPoC” hit kepler.arc.nasa.gov and 13 other sites with messages protesting against US …
John Leyden, 17 Sep 2013
The Register breaking news

Badger bloodbath brouhaha brings 'bodge' bumpkin bank burgle bluster

Activists enraged by Blighty's badger cull claim they have hacked a financial biz used by UK farmers and swiped sensitive personal data. The animal-rights protesters bragged they infiltrated the computer systems of the National Farmers Union Mutual Insurance Society - an investment and insurance company closely linked to said …
John Leyden, 14 Jun 2013

Create a news alert about website security, or find more stories about website security.

Biting the hand that feeds IT © 1998–2018