Security News Headlines for WordPress, data breaches, malware attacks, vulnerabilities and web application security from around the globe.
- Microsoft Says Google Bypassing Users' IE Privacy Settings21 February 2012, 4:22 pm
The relations among Microsoft, Apple and Google, which are testy in the best of circumstances, are being pressured even more of late as the controversy surrounding Google's actions with cookies and user tracking grows. In the latest installment, Microsoft has said that it has found that Google "is employing similar methods to get around the default privacy protections in IE and track IE users with cookies."read more... - Researchers Warn Of 'Ghost Domain' Flaw in DNS17 February 2012, 9:12 pm
Researchers are warning about a flaw in the Domain Name System (DNS) that could allow attackers to keep a malicious domain alive and accessible, despite efforts to remove it.read more... - Mozilla to Fix Libpng Bug in Firefox and Thunderbird17 February 2012, 6:43 pm
Mozilla is preparing to release a fix for a serious vulnerability in both Firefox and Thunderbird that could result in remote code execution. The update comes just a few days after the company released version 10.0.1 of Firefox, fixing a separate security bug. read more... - Google, Advertising Companies, Found Bypassing Safari Privacy Settings17 February 2012, 5:25 pm
Google and several other advertising companies have allegedly been evading the privacy controls of Apple’s Safari browser by placing a special kind of tracking code on a handful of sites, according to new research done by Stanford grad student Jonathan Mayer.read more... - UPDATED: Anonymous Hacks FTC Consumer Protection Website To Protest ACTA17 February 2012, 2:39 pm
The anarchic hacking collective Anonymous took credit for a successful attack on Web sites belonging to the FTC. The attack, on Friday, was in protest for the U.S. Government's support of ACTA, the Anti Counterfeiting Trade Agreement.[Story updated to include comment from the FTC.]read more... - Google Fixes 13 Flaws in Chrome16 February 2012, 7:47 pm
Just a few days after releasing a fairly large set of patches for its Chrome browser, Google has pushed out another update, fixing 13 vulnerabilities, more than half of them being high-severity bugs.read more... - Facebook Allowing VIPs To Verify Accounts, Use Nicknames16 February 2012, 5:29 pm
Lady Gaga and Carrothead rejoice: with a tweak of its 'real name' policy, Facebook will allow high profile members to verify their account and begin using nicknames or pseduonym to identify themselves. The company says the new feature will allow celebrities and other Facebook VIPs to get higher billing on Facebook and attract more followers.read more... - Adobe Fixes Flash Player XSS Flaw, Warns Of Ongoing Attacks16 February 2012, 3:30 pm
One day after the company released its monthly patch update, Adobe was out again with an emergency update to its Flash Player software, fixing seven holes, six that could lead to remote code execution and one that’s already being exploited in the wild.read more... - Anonymous-Linked Attacks Hit US Stock Exchanges15 February 2012, 7:14 pm
The Websites of the NASDAQ and BATS stock exchanges as well as the Chicago Board Options Exchange (CBOE) were knocked offline for parts of Monday and Tuesday after coming under a sustained online attack by a group with links to Anonymous.read more... - Microsoft Fixes Critical IE, Windows Bugs with February Patch Tuesday14 February 2012, 8:17 pm
Microsoft released nine security updates Tuesday, four critical; five important, fixing 21 different holes in various applications with its February patch release. The four critical fixes deal with vulnerabilities in the company’s Windows, Internet Explorer, .NET Framework and Silverlight programs that could allow remote code execution if left unpatched.read more...
- UPDATED: Anonymous Hacks FTC Consumer Protection Website To Protest ACTA17 February 2012, 2:39 pm
The anarchic hacking collective Anonymous took credit for a successful attack on Web sites belonging to the FTC. The attack, on Friday, was in protest for the U.S. Government's support of ACTA, the Anti Counterfeiting Trade Agreement.[Story updated to include comment from the FTC.]read more... - Did A Decade-Long Hack Trigger Nortel's Demise?15 February 2012, 8:38 pm
A day after it was announced that Canadian telecommunications firm Nortel had been hacked for nearly 10 years, a prominent expert on sophisticated cyber attacks says the lengthy breach may have contributed to the company’s eventual collapse.read more... - Cybersecurity Act of 2012 Introduced Without Emergency Presidential Powers Provisions15 February 2012, 7:15 pm
A bipartisan group of Senators introduced the Cybersecurity Act of 2012 yesterday. The bill aims to secure federal and private sector networks that provide essential services or that are deemed "critical" to the nation in some other way.read more... - Bloody Valentine For Critical Infrastructure: EtherNet/IP Exploit Could Crash Devices14 February 2012, 7:49 pm
Security researchers made good on a promise to release new exploits for programmable logic controllers (PLCs). The exploits include one targeting a flaw in the implementation of the EtherNet/IP (Industrial Protocol) used in many IP-enabled PLCs. The security hole, if left unaddressed, could enable a remote attacker to crash or unexpectedly reboot the devices, which are critical components of almost every industrial - and critical infrastructure installation. read more... - Leak Site Cryptome.org Hacked, Running Blackhole Exploit Kit13 February 2012, 6:34 pm
The Web site of information leak site Cryptome was compromised earlier this month and infected with the Blackhole exploit kit, according to documents posted on the site.read more... - Researchers Discover Android Mobile Botnet 100k Strong10 February 2012, 6:07 pm
A newly discovered malicious application circulating on third party Android markets in China has created a botnet that contains more than 100,000 compromised devices, researchers report. read more... - After Damaging Reports, Electronics Manufacturing Giant Foxconn Is Hacked9 February 2012, 4:47 pm
Members of an online hacking group that calls itself SwaggSec say they hacked systems belonging to Chinese electronics manufacturing giant Foxconn and made off with login credentials belonging to some of the company's biggest clients. Foxconn has declined to comment.read more... - Sites Hosted by Hacking Victim Dreamhost Redirected To Scam Page6 February 2012, 7:50 pm
A report from Web security firm zScaler finds that Web pages hosted by the firm Dreamhost are being redirected to a scam Web site in Russia following a hack of the company's servers last month. read more... - Privacy Fail: Is Uncle Sam Encouraging Bad Security?3 February 2012, 11:56 pm
CANCUN, MEXICO - A prominent privacy activist says that leading software vendors, and the U.S. government are failing the public when it comes to Internet privacy, and that big changes are needed to prevent consumers from criminals, advertisers and government spies.read more... - Update: Verisign Admits To Security Breaches in 20102 February 2012, 2:50 pm
Collaborators: Brian Donohue Paul RobertsVerisign, the Internet security company responsible for management of the .COM domain, told federal regulators that it was the victim of several successful attacks in 2010, but that those incidents were not reported to the company's management until September, 2011. The news was first reported by Reuters.read more...
- What You Need to Know About the RSA Key Research16 February 2012, 5:30 pm
It's always slightly disorienting and confusing when a story about something as esoteric as weak encryption keys produced by poor random number generators makes its way into the real world and begins scaring the citizens. This can lead to confusion and worry about whether everyone's online banking sessions and purchases of Canadian pharmaceuticals are safe. To help allay those concerns, here are some things you need to know about the new research on weak RSA keys and its implications.read more... - Weak RSA Keys Plague Embedded Devices, But Experts Caution Against Panic15 February 2012, 9:20 pm
If all of the noise about weak RSA keys and compromised cryptosystems in the last few days has done anything, it's to confirm what many in the cryptography community have known for quite a long time: When it comes to implementing cryptosystems, there are a whole lot of people doing it wrong. However, experts say the new research showing large numbers of repeated and weak crypto keys is a good reminder of not only how hard it is to get this stuff right, but also how many different ways it can go ... - Mozilla to Warn CAs About Issuing MITM Certificates14 February 2012, 4:37 pm
Mozilla officials are preparing to send a letter to the certificate authorities that are part of its root CA program, warning them about issuing so-called man-in-the-middle certificates for systems that the CA does not actually own. The message comes on the heels of an incident in which Trustwave, a CA, issued a certificate that enabled a corporate customer to eavesdrop on the SSL-protected sessions of its employees.read more... - Finding Location Data In Google Maps SSL Sessions13 February 2012, 4:15 pm
In the last couple of years, Google and some other Web giants have moved to make many of their services accessible over SSL, and in many cases, made HTTPS connections the default. That's designed to make eavesdropping on those connections more difficult, but as researchers have shown, it certainly doesn't make traffic analysis of those connections impossible.read more... - Researchers Crack Satellite Phone Ciphers8 February 2012, 4:42 pm
Researchers at a German university have broken the encryption of the two main standards used to protect calls from satellite phones, giving them the ability to intercept conversations that are meant to be private. The attacks on the GMR-1 and GMR-2 standards are thought to be the first such work against the satellite phone ciphers.read more... - Google to Stop Using Online CRL Checks for Chrome7 February 2012, 6:34 pm
In the face of mounting evidence that the CA system is inherently flawed, Google officials are in the process of making changes to the way Chrome handles certificate revocations, and no longer will be using online revocation checks. Instead, Chrome will use the existing update system in the browser to accomplish this task.read more... - Apple Ships Huge Set of Patches for OS X2 February 2012, 3:28 pm
Apple has released a massive set of patches for a wide range of security vulnerabilities in a number of its products and components, including OSX Lion and QuickTime. The patches, which are rolled up in OS X 10.7.3, fix a slew of serious bugs, many of which can be used to execute remote code on vulnerable machines.read more... - Video: New Banking Trojan Caught Breaking CAPTCHA30 January 2012, 4:47 pm
A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog.read more... - Court: Forced Hard Drive Decryption Doesn't Violate Fifth Amendment24 January 2012, 8:40 pm
In what may become a precedent setting digital rights ruling, Judge Robert Blackburn of the United States District Court of Colorado ruled that compelling an individual to provide access to the encrypted contents of a device does not violate the US Constitution's prohibition of self incrimination.read more... - Does DNSSEC Really Interfere With SOPA/PIPA?24 January 2012, 12:24 pm
By Eric RescorlaYou've of course heard by now that much of the Internet community thinks that SOPA and PIPA are bad, which is why on January 16, Wikipedia shut itself down, Google had a black bar over their logo, etc. This opinion is shared by much of the Internet technical community, and in particular much has been made of the argument made by Crocker et al. that DNSSEC and PIPA are incompatible. A number of the authors of the statement linked above are friends of mine, and I agree with much of...
- Year of the Meetup27 January 2012, 8:17 pm
We hereby declare 2012 as the Year of the WordPress Meetup. You'll want to get in on this action. So what is a WordPress Meetup? Basically, it's people in a community getting together — meeting up — who share an interest in WordPress, whether they be bloggers, business users, developers, consultants, or any other category of person able to say, "I use WordPress in some way and I like it, and I want to meet other people who can say the same.... - Internet Blackout Day on January 1817 January 2012, 11:18 pm
WordPress.org is officially joining the protest against Senate Bill 968: the Protect IP Act that is coming before the U.S. Senate next week. As I wrote in my post a week ago, if this bill is passed it will jeopardize internet freedom and shift the power of the independent web into the hands of corporations. [...]... - Help Stop SOPA/PIPA10 January 2012, 7:18 pm
You are an agent of change. Has anyone ever told you that? Well, I just did, and I meant it. Normally we stay away from from politics here at the official WordPress project — having users from all over the globe that span the political spectrum is evidence that we are doing our job and [...]... - WordPress 3.3.1 Security and Maintenance Release3 January 2012, 9:24 pm
WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team. Download 3.3.1 or visit [...]... - WordPress 3.3 “Sonny”12 December 2011, 10:58 pm
The latest and greatest version of the WordPress software — 3.3, named “Sonny” in honor of the great jazz saxophonist Sonny Stitt — is immediately available for download or update inside your WordPress dashboard. WordPress has had over 65 million downloads since version 3.0 was released, and in this third major iteration we’ve added significant [...]... - WordPress 3.3 Release Candidate 311 December 2011, 12:27 am
The third (and hopefully final!) release candidate for WordPress 3.3 is now available. Since RC2, we’ve done a handful of last-minute tweaks and bugfixes that we felt were necessary. Our goal is to release version 3.3 early next week, so plugin and theme authors, this is your last pre-release chance to test your plugins and themes to find any [...]... - Core Team Meetup Time11 December 2011, 12:06 am
It’s almost that time again, when the WordPress core development team gets together in person to review the year’s progress and talk about priorities for the coming year. Next week Matt Mullenweg, Mark Jaquith, Peter Westwood, Andrew Ozz, Andrew Nacin, Dion Hulse, Daryl Koopersmith, Jon Cave, and I will meet at Tybee Island, GA, the [...]... - WordPress 3.3 Release Candidate 27 December 2011, 6:26 am
The second release candidate for WordPress 3.3 is now available! As the first release candidate was well-received, we think we’re really close to a final release. Primarily, we’ve ensured that new toolbar (the admin bar in 3.2) has a consistent appearance across all browsers, and the API for developers is now final. You can check [...]... - WordPress 3.3 Release Candidate 11 December 2011, 5:55 am
Release Candidate stage means we think we’re done and are about ready to launch this version, but are doing one last check before we officially call it. So take a look, and as always, please check your themes and plugins for compatibility if you’re a developer. Stayed up late tonight, Hammering toward RC1. Now with [...]... - WordPress 3.3 Beta 4 Available Now24 November 2011, 1:44 am
The march toward 3.3 continues! With all our major tickets closed, we are very close to a release candidate. In Beta 4 we’ve fixed a bunch of bugs, cleaned up the UI, added real text in some of the screens that still had placeholder text in Beta 3 (post-update screen, the Dashboard welcome area, new [...]...
Get your FREE Report,
Recent Comments