Online Safety

Online safety

Islamist hackers take French broadcaster TV5Monde off air

The attack disrupted the network's broadcasting for hours and also affected its websites and social media accounts

Large-scale Google malvertising campaign hits users with exploits

A Google ad reseller in Bulgaria was potentially compromised


Like Google, Mozilla set to punish Chinese agency for certificate debacle

The organization's current proposal is to reject future CNNIC-issued certificates, but to trust existing ones

Over 100,000 devices can be used to amplify DDoS attacks via multicast DNS

Some implementations of the multicast DNS protocol are configured to accept queries from the Internet, which is a risky behavior

chrome logo

Google cracks down on ad-injecting Chrome extensions

But the rogue advertising problem extends way beyond browser add-ons.

British Airways notifies frequent flyers of possible breach of their accounts

Many users had their reward points removed from their accounts as a precaution

Microsoft blacklists latest rogue SSL certificates, Mozilla mulls sanctions for issuer

Microsoft revoked trust in an intermediate CA certificate that was used to issue unauthorized certificates for Google websites

Flash-based vulnerability lingers on many websites three years later

A large number of developers have failed to patch their Flash applications against a vulnerability that can be exploited to target Web users

All major browsers hacked at Pwn2Own contest

Adobe Reader and Flash Player fell as well

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

The devices have serious flaws that enable unauthorized remote access and DNS hijacking, a researcher found

IT manager gets certificate for Microsoft domain, tries to report it but gets in trouble

He tried to alert the company in January, but the company never got his emails, and later suspended his Microsoft account

EMET security tool updated to prevent VBScript God Mode attacks

Microsoft was forced to release EMET 5.2 again because customers experienced issues with the first variant

Microsoft blacklists fraudulently issued SSL certificate

An unauthorized party managed to obtain a SSL certificate for Microsoft's live.fi domain name

Yahoo's new on-demand password system is no replacement for two-factor authentication

The new authentication option offers better security than static passwords, but it's not as strong as two-step verification

Hackers

The Internet of Dangerous Things

The Internet of Dangerous Things is made up of Things that Annoy, Things that Spy and Things that Destroy. Dealing with these dangerous things will require a unique security architecture referred to as 'Fault Lines and Fuses'...

Tool allows account hijacking on sites that use Facebook Login

Attackers can force users to associate their accounts on other sites with malicious Facebook accounts

lenovo superfish how to remove

Web Browsers Also to Blame for Lenovo's Superfish Fiasco

That no Web browser prominently displays the name of the Certificate Authority vouching for a supposedly secure website makes man-in-the-middle attacks, such as the one by Superfish, possible. Techies can find this information, but it...

Adobe invites help hunting vulnerabilities in its online services

The company offers no bounties, just public kudos

Some Bitdefender products break HTTPS certificate revocation

This allows man-in-the-middle attackers with access to revoked, but otherwise valid, certificates to manipulate encrypted traffic

Europol and security vendors disrupt massive Ramnit botnet

The operation seized command-and-control servers and Internet domains used by the Ramnit gang

Load More