If your website runs on a self-hosted WordPress installation or on Drupal, update your software now.
Nir Goldshlager, a security researcher from Salesforce.com's product security team, has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.
Don’t worry, you’re not the only one with more questions than answers about the 1.2 billion user credentials amassed by Russian hackers.
Some security researchers on Wednesday said it’s still unclear just how serious the discovery is, and they faulted the company that uncovered the database, Hold Security, for not providing more details about what it discovered.
The company that makes and sells the world's most elusive cyber weapon, FinFisher spyware, has been hacked and a 40G file has been dumped on the internet.
The slick and highly secret surveillance software can remotely control any computer it infects, copy files, intercept Skype calls, log keystrokes -- and now we know it can do much, much more.
A teenage Australian ‘white hat' hacker who found a flaw in PayPal's authentication system in June has now gone public on the problem because PayPal has still not fixed it.
Criminals in Russia have amassed a huge database of 1.2 billion stolen user names and passwords and half a billion email addresses, a U.S.-based Internet security company said Wednesday.
The data, believed to be the single biggest horde of stolen Internet identity information ever collected, was garnered from attacks that reached into every corner of the Web and hit around 420,000 sites, said Hold Security.
Gazing up at the dais at virtually any security conference – save Hack in the Box – a newcomer just might assume there are no women in the security industry. That's very nearly true – women make up only 11 percent of the personnel in this exploding field. But their numbers dwindle even lower at the podium.
National Security Agency whistleblower Thomas Drake says Australia's looming national security reforms makes him 'shudder', labelling them ambiguous and a plot to stamp out legitimate public-interest whistleblowing.
Drake, who Edward Snowden said was his inspiration for leaking the NSA spy documents, blew the lid in 2006 on the NSA's massively inefficient Trailblazer Project while at the agency that wasted billions of US dollars in spy operations post 9/11.
In a rapidly shifting attack landscape against the backdrop of a hackers' black market worth billions, if you wait to pentest -- you lose.
Still, unless required by law, too many companies and organizations only do a penetration test when they have to.
Microsoft has emitted a new version of EMET – its Enhanced Mitigation Experience Toolkit.
Redmond often recommends deployment of EMET as a frontline defence against attacks, so the release of a new version is noteworthy.
The big two enhancements that Microsoft is talking up the loudest are an improved Attack Surface Reduction (ASR) tool “... configured to block some modules and plug-ins from being loaded by Internet Explorer while navigating to websites belonging to the Internet Zone”.
Cyber security researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems - a claim that, if confirmed, could prompt a review of aircraft security.
Santamarta, a consultant with cyber security firm IOActive, is scheduled to lay out the technical details of his research at this week's Black Hat hacking conference in Las Vegas, an annual convention where thousands of hackers and security experts meet to discuss emerging cyber threats and improve security measures.
