Skip to main content

Security

Bugzilla Zero-Day Exposes Zero-Day Bugs

posted onOctober 7, 2014
by l33tdawg

A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.

Is the Chinese government spying on Hong Kong protesters’ phones?

posted onOctober 3, 2014
by l33tdawg

Malware-based espionage targeting political activists and other opposition is nothing new, especially when it comes to opponents of the Chinese government. But there have been few attempts at hacking activists more widespread and sophisticated than the current wave of spyware targeting the mobile devices of members of Hong Kong’s “Umbrella Revolution.”

Bug in Bash shell creates big security hole on anything with *nix in it

posted onSeptember 25, 2014
by l33tdawg

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.

Tripadvisor site coughs to card data breach for a potential 800k users

posted onSeptember 23, 2014
by l33tdawg

TripAdvisor has suffered a data breach at its Viator tour-booking and review website.

An estimated 1.4 million Viator customers are potentially affected by the compromise, which the firm admits may have exposed payment card data.

The compromise also potentially aired the email address, password and Viator "nickname" associated with accounts. Viator only became aware of the breach after investigators looking into incidents of credit card fraud made the link that victims were also users of its site.

Home Depot: 56 million payment cards affected by cyberattack

posted onSeptember 19, 2014
by l33tdawg

Home Depot said Thursday that 56 million payment cards were affected by a malware attack that started in April.

In a statement, Home Depot said that it completed its investigation and added enhanced encryption at point of sale terminals in its U.S. stores. Enhanced encryption will be complete in early 2015. Home Depot's encryption technology was provided by Voltage Security and tested by independent firms.

Cloud security: We're asking the wrong questions

posted onSeptember 11, 2014
by l33tdawg

In the wake of the celebrity photo breach, the media is humming with stories disparaging the safety of the cloud. Many longtime cloud critics are crowing, "I told you so!" and waiting for the world to go back to on-premises solutions only.

News flash: 1) the cloud was never touted as being perfectly secure and 2) the cloud will continue to grow and grow. The number of servers in your physical environment will shrink over time. Security doesn't sell solutions -- features and pricing do. Features are cheaper in the cloud.

List of five million 'Gmail passwords' leaked

posted onSeptember 11, 2014
by l33tdawg

It might be time to change some of your passwords - again. But if you've used a Gmail password that's unique from other accounts, you might not have to worry.

A list of almost 5 million combinations of Gmail addresses and passwords was posted online on Tuesday. But the passwords seem to be old, and they don't appear to actually belong to Gmail accounts. Instead, it seems that many of the passwords were taken from websites where users used their Gmail addresses to register, according to some of the leak's victims as well as security experts.