News

Web server threats and application attacks

• February 13, 2019 13 Feb'19

  Dunkin' security alert warns of new credential-stuffing attacks

  Dunkin' sent a security alert to customers warning of potentially malicious access of accounts due to the second credential stuffing attack in less than three months.

• January 29, 2019 29 Jan'19

  Dailymotion credential stuffing attacks lasted more than 6 days

  Video-sharing website Dailymotion reset passwords for an unknown number of users following 'large-scale' credential stuffing attacks that lasted for more than six days before being stopped.

• January 25, 2019 25 Jan'19

  DNS hijack attacks lead to government directive from DHS

  Following a string of DNS hijack attacks around the globe, the Department of Homeland Security has directed federal agencies to harden defenses against DNS tampering.

• January 11, 2019 11 Jan'19

  Iran implicated in DNS hijacking campaign around the world

  FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions.

• January 10, 2019 10 Jan'19

  UnCAPTCHA attack updated to bypass spoken phrases

  Researchers updated their unCAPTCHA proof of concept to be more efficient in bypassing audio CAPTCHAs and be able to handle spoken phrases and not just strings of numbers.

• December 20, 2018 20 Dec'18

  Twitter bugs expose user data and direct messages

  Two Twitter bugs led to questions about the platform's user privacy and security, while the company said one of the bugs opened the door to possible state-sponsored attacks.

• December 11, 2018 11 Dec'18

  Second Google+ data exposure leads to earlier service shutdown

  Another Google Plus data exposure -- this time potentially affecting more than 52 million users -- will cause the service to be shut down four months earlier than scheduled.

• November 27, 2018 27 Nov'18

  USPS website flaw exposed data for one year

  The U.S. Postal Service inadvertently exposed the data of 60 million users and has only just fixed the underlying website flaw, despite being notified of the issue one year ago.

• November 16, 2018 16 Nov'18

  Google BGP route leak was accidental, not hijacking

  Despite early speculation, experts concluded the BGP route leak that sent Google traffic through China and Russia was due to an accidental misconfiguration and not malicious activity.

• November 05, 2018 05 Nov'18

  As PHP v5 nears its end, enterprises face serious threats

  The majority of websites still use the outdated PHP v5, according to recent data, causing concern over the fact that it will stop receiving security support at the end of the year.

• October 23, 2018 23 Oct'18

  Healthcare.gov breach exposes data on 75,000 people

  Malicious actors attacked a back-end insurance system and the resulting Healthcare.gov breach exposed an unknown amount of data on 75,000 people.

• October 10, 2018 10 Oct'18

  Google security audit begets product changes, German probe

  A Google security audit uncovered a glitch in Google Plus that exposed data from nearly 500,000 accounts, causing the company to shutter the social network and spur a German data protection probe.

• September 27, 2018 27 Sep'18

  Congressional websites need to work on TLS

  Congressional websites may not always have the best security, according to Joshua Franklin. Although, senators may be better at website security than House representatives.

• September 27, 2018 27 Sep'18

  Election website security a mess for states and candidates alike

  Joshua Franklin has been researching election website security for congressional candidates, and he found a lot of misconfigurations on official pages and other sites meant to confuse voters.

• September 07, 2018 07 Sep'18

  Misconfigured Tor sites leave public IP addresses exposed

  The anonymity of Tor is once again under scrutiny, as a researcher finds misconfigured Tor sites can expose the public IP address connected to a dark web site.