News

Web server threats and application attacks

• October 10, 2018 10 Oct'18

  Google security audit begets product changes, German probe

  A Google security audit uncovered a glitch in Google Plus that exposed data from nearly 500,000 accounts, causing the company to shutter the social network and spur a German data protection probe.

• September 27, 2018 27 Sep'18

  Congressional websites need to work on TLS

  Congressional websites may not always have the best security, according to Joshua Franklin. Although, senators may be better at website security than House representatives.

• September 27, 2018 27 Sep'18

  Election website security a mess for states and candidates alike

  Joshua Franklin has been researching election website security for congressional candidates, and he found a lot of misconfigurations on official pages and other sites meant to confuse voters.

• September 07, 2018 07 Sep'18

  Misconfigured Tor sites leave public IP addresses exposed

  The anonymity of Tor is once again under scrutiny, as a researcher finds misconfigured Tor sites can expose the public IP address connected to a dark web site.

• August 10, 2018 10 Aug'18

  Web cache poisoning attacks demonstrated on major websites, platforms

  PortSwigger's James Kettle doesn't believe web cache poisoning is theoretical and to prove it, he demonstrated several attacks on major websites and platforms at Black Hat 2018.

• August 06, 2018 06 Aug'18

  BGP hijacking attacks target payment systems

  Researchers discovered a wave of BGP hijacking attacks aimed at DNS servers related to payment-processing systems in an apparent effort to steal money from unsuspecting users.

• July 13, 2018 13 Jul'18

  Ticketmaster breach part of worldwide card-skimming campaign

  News roundup: The Ticketmaster breach was part of a massive digital credit card-skimming campaign. Plus, the U.K. fined Facebook over the Cambridge Analytica scandal, and more.

• April 30, 2018 30 Apr'18

  Attackers seek Oracle WebLogic vulnerability after faulty patch

  The combination of a broken Oracle WebLogic vulnerability and available proof-of-concept exploit code has led threat actors to search for any servers that are at risk.

• December 13, 2017 13 Dec'17

  Return of Bleichenbacher: ROBOT attack means trouble for TLS

  A team of security researchers discovered many vendors' TLS implementations are vulnerable to the Bleichenbacher oracle attack, which was first discovered 19 years ago.

• October 31, 2017 31 Oct'17

  Google Buganizer flaw reveals unpatched vulnerability details

  A security researcher earned more than $15,000 by finding three flaws in the Google Issue Tracker, aka Buganizer, which revealed details on unpatched vulnerabilities.

• October 05, 2017 05 Oct'17

  Yahoo data breach found to affect all 3 billion users

  Newly uncovered information indicated that all 3 billion users were affected by the 2013 Yahoo data breach, but Oath claimed passwords and credit card info was safe.

• September 15, 2017 15 Sep'17

  Apache Struts vulnerability blamed for Equifax data breach

  Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.

• May 04, 2017 04 May'17

  Google Docs phishing attack grants attacker full Gmail access

  A Google Docs phishing attack abused OAuth to give malicious actors full access to a victim's Gmail account and contacts, but Google claims to have blocked the attacks.

• March 03, 2017 03 Mar'17

  Cloudflare security team calms fears over Cloudbleed bug

  Cloudflare security researchers continue investigations as CEO calms fears over potential exposure of sensitive personal data by the Cloudbleed bug, though doubts remain.

• February 24, 2017 24 Feb'17

  Project Zero discovers Cloudflare bug leaking sensitive customer data

  The Cloudflare bug in CDN is fixed after causing sensitive customer data to leak. Google Project Zero discovered the flaw, and users were warned to change passwords.