News
-
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as 'Magellan' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications. SQLite is a -
New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps
Facebook's latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its photo-sharing system that let 876 developers access users' private photos which they never shared on their timeline, including images uploaded -
New Shamoon Malware Variant Targets Italian Oil and Gas Company
Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia's largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East. Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East, -
Friday Five: 12/14 Edition
A 111K HIPAA settlement, a new data privacy bill, and how to recover from a massive ransomware attack - catch up on the week's infosec news with this roundup!
-
Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada
"Pay $20,000 worth of bitcoin, or a bomb will detonate in your building" A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and police response. The bomb threat emails were apparently sent by spammers, threatening people that -
Lack of Knowledge, Visibility Contributed to Equifax Breach
A government report released this week says a culture of cybersecurity complacency at Equifax, compounded by a lack of visibility into its complex legacy IT environments, led to last year's breach.
-
Facing the Future of Biometric Regulation
Microsoft's president warned about the implications of facial recognition systems this week, advocating the government to regulate the technology sooner than later.
-
Adobe's Year-End Update Patches 87 Flaws in Acrobat Software
Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of -
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being -
Nine Steps to Effective and Sustainable Payment Card Security
These nine steps can help can help organizations looking to achieve PCI Security compliance detect weak spots in their security systems and evolve in the face of challenges.
-
phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!
Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The phpMyAdmin project last Sunday gave an early heads-up about the latest security update through its -
Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private
- Page 1 of 6
- Next page