Online Safety

Online safety

Forgotten subdomains boost risk of account hijacking, other attacks

Some sites have subdomains pointed at old domains that have long expired and can be registered by attackers

Vodafone blocks Chaos Computer Club site, fueling 'Net censorship concerns in UK

Over-blocking is a common issue with Internet filters run by ISPs in the U.K., digital rights group says


Syrian Electronic Army posts hacking message on several news sites

The group reportedly hijacked the DNS settings for Gigya, a customer management platform

Over 23,000 Web servers infected with CryptoPHP backdoor

The backdoor script is distributed through pirated plug-ins and themes for WorPress, Joomla and Drupal

holiday scams

Watch Out for These 3 Holiday Shopping Scams

The holiday shopping season is also the holiday scamming season. Whether you shop online or at the mall, be mindful of these three types of scams.

Bitdefender security appliance for home networks seeks to replace end-point antivirus

Bitdefender BOX can replace or run alongside a home router to scan all network traffic for security threats

Critical XSS flaws patched in WordPress and popular plug-in

The vulnerabilities could allow attackers to create administrator accounts and take control of websites

Citadel malware now targets password management applications

A new Citadel configuration steals the master keys for two password managers and a secure authentication program

EFF, Mozilla back new certificate authority that will offer free SSL certificates

The new CA is called Let's Encrypt and its goal is to encourage the widespread adoption of SSL/TLS on the Internet

Malware served through rogue Tor exit node tied to cyberespionage group

There is strong evidence that it was used to target European government agencies, researchers from F-Secure said

insecam 1

Insecam Web Site Should Terrify Those Who Use a Default Webcam Password

Anything that's connected to the Web can be hacked, especially if you leave the default password in place. Insecam claims to exploit this, allowing access to thousands of webcams.

Google releases tool to test apps, devices for SSL/TLS weaknesses

The tool simulates man-in-the-middle attacks to detect SSL/TLS vulnerabilities and implementation issues

Popular messaging apps fail EFF's security review

The organization ranked 39 digital communication tools based on security features and best practices

Vulnerabilities found in more command-line tools, wget and tnftp get patches

Flaws identified in wget and tnftp allow malicious servers to execute rogue commands on users' systems

Drupal: If you weren't quick to patch, assume your site was hacked

Drupal site owners who failed to rapidly deploy a recent critical patch were advised to restore their sites from backups

Facebook and Yahoo prevent use of recycled email addresses to hijack accounts

A new mechanism helps email servers determine if a message was intended for a recycled account's previous owner

Abandoned subdomains pose security risk for businesses

Attackers could hijack subdomains pointed by companies at external services they no longer use, researchers say

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware

The malicious ads exploited vulnerabilities to install the CryptoWall ransomware on computers, researchers from Proofpoint said

One week after patch, Flash vulnerability already exploited in large-scale attacks

The Fiesta exploit kit bundles an exploit for the CVE-2014-0569 vulnerability in Flash Player, researchers found

Dropbox dismisses claims of hack affecting 7 million accounts

The credentials leaked by an alleged hacker online were likely stolen from other services, the company said

Load More