The C99Shell PHP backdoor, originally spotted in 2007, is still around, and is still a danger to both web server operators and end-users.
After getting a tip from a designer about a hacked Joomla page, Panda Security malware researcher Bart Blaze discovered that a newer version (2.1) of this scripted web application Trojan has been used to compromise a web server.
The same server has been infected with other PHP backdoors, one of which seems designed to specifically target mobile users.
Adobe has launched a bug bounty program that hands out high-fives, not cash.
The web application vulnerability disclosure program announced today and launched last month operates through HackerOne used by the likes of Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security messes.
Windows systems are vulnerable to FREAK, a decade-old bug that was discovered only this week affecting Android and Apple devices.
FREAK — short for Factoring attack on RSA-EXPORT Keys — allows hackers to decrypt HTTPS-protected Web traffic between browsers and millions of websites. Microsoft confirmed that Windows could be compromised the same way as Android, BlackBerry, iOS and OS X devices in an advisory published today.
Insurance provider Anthem has reportedly refused to let the US Office of Personnel Management’s Office of Inspector General (OIG) perform a full security audit of its systems, in the wake of a massive data breach that potentially affected 70 million Americans.
According to an anonymous spokesperson, the company first refused to allow the agency to perform "standard vulnerability scans and configuration compliance tests" both last summer and in 2013—so the refusals aren’t directly linked to the breach.
From April 1, Telstra customers will be able to access metadata that the telco is keeping on them for a fee that is expected to begin at AU$25.
"We believe that if the police can ask for information relating to you, you should be able to as well," Telstra said in its announcement.