Eskenzi PR ad banner Eskenzi PR ad banner

Top 10 Stories

TalkTalk customers remain at serious risk of cyber-attacks due to gaping security holes in the company’s online services, weeks after the high-profile hack that saw the personal details of 157,000 customers stolen. Security researchers say they have uncovered a series of vulnerabilities on TalkTalk’s website and email services that could allow hackers to steal email address, password and financial data due to basic oversights.  In the wake of the October attack that saw bank account...

Read moreDetails

The US Senate Committee on Homeland Security and Governmental Affairs wants to know how secured government PCs are against ransomware, and whether any agencies have paid off hackers to unlock their files. In a pair of open letters to the Department of Homeland Security (DHS) and Attorney General Loretta Lynch, Senators Tom Carper (D-DE) and Ron Johnson (R-WI) asked the two offices to deliver full reports on how they deal with ransomware. In addition to...

Read moreDetails

McAfee's Enterprise Security Manager (ESM) needs patching, as smartly as you can manage, due to an administrator-level authentication bypass. The advisory here says “a specially crafted username” can get past the Security Information & Event Management logins without authentication, and without a password, “if the ESM is configured to use Active Directory or LDAP”. That gives the attacker access to NGCP – the default username created at first installation – without checking the password assigned...

Read moreDetails

Toys that talk back are some of the hottest holiday gifts this year. And they may soon be hot items for hackers. Cybersecurity researchers have uncovered a number of major security flaws in systems behind Hello Barbie, an internet-connected doll that listens to children and uses artificial intelligence to respond. Vulnerabilities in the mobile app and cloud storage used by the doll could have allowed hackers to eavesdrop on even the most intimate of those...

Read moreDetails

France's state of emergency could lead to blocks on encrypted Internet connections and a ban on public Wi-Fi networks, if proposals put to the government go ahead. According to Le Monde, the (in French) extension of the state of emergency could also stretch to requiring all rental cars to carry GPS, expansion of public video surveillance, two-year telecommunications data retention, and approval for police to use IMSI-catchers (like the Stingray devices used in America). French...

Read moreDetails

Computer criminals have stolen sensitive personal data from Wetherspoons customers after hacking the pub chain's website. The site's customers database – which includes names, dates of birth, email, addresses and phone numbers of 656,000 Britons – was breached in June. But Wetherspoons officials were only told about the hack by security experts earlier this week. The cyber criminals also stole credit card and debit card data from pub-goers who bought vouchers from the JD Wetherspoon site. John...

Read moreDetails

Virus slingers who find themselves unsatisfied by merely ruining computers with ransomware are now first stealing a victim's admin passwords to enslave their websites into attack campaigns. The battery starts with the installation of the Pony malware, which in 2013 stole some two million passwords through its global botnet. Pony can also plunder passwords from more than 100 applications, social media sites, and Google accounts. It is not clear how that initial Pony infection takes place, however. Heimdal Security...

Read moreDetails

Four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode failed at least one of the OWASP Top 10. Given the volume of PHP applications developed for the top three content management systems - WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise concern over potential security vulnerabilities in millions of websites. Analytics show that 86 percent...

Read moreDetails

Microsoft's released a new flavour of Windows 10. Windows 10 IoT Core Pro is a version of the OS destined for original equipment manufacturers cooking up connected things. Redmond says the Pro cut's big differentiator is “the ability to defer updates and control distribution of updates through Windows Server Update Services.” “With these servicing options,” Microsoft's Billy Anders writes “we are bringing flexibility for our partners and customers to help meet their servicing needs while helping ensuring...

Read moreDetails

The Node.js Foundation has pushed out a patch for its eponymous open source, cross-platform runtime environment for developing server-side web applications. The fix plugs two security vulnerabilities, one of which is a high-impact DoS issue (CVE-2015-8027). "This critical denial of service vulnerability impacts all versions of v0.12.x through to v5.x, inclusive," the Foundation explained. "The vulnerability was discovered by Node.js core team member Fedor Indutny and relates to HTTP pipelining. Under certain conditions an HTTP socket may...

Read moreDetails
Page 340 of 630 1 339 340 341 630