Tag: Security

Password bypass flaw in Western Digital My Cloud drives puts data at risk

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year. Remco Vermeulen found a privilege escalation bug in Western Digital’s My Cloud devices, which he said allows an attacker to bypass the admin

Hackers have planted credit card stealing malware on local government payment sites

Security firm FireEye has confirmed that a widely used web payment portal used to pay for local government services, like utilities and permits, has been targeted by hackers. Hackers have broken into self-hosted Click2Gov servers operated by local governments across the US, likely using a vulnerability in the portal’s web server

Hackers stole customer credit cards in Newegg data breach

Newegg is clearing up its website after a month-long data breach. Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off

Cloudflare wants internet route leaks to be a thing of the past

Internet outages happen all the time. If it’s not someone cutting through a cable in the street, it’s a massive denial-of-service attack pummeling a pillar of the internet with junk data. There is another, more common cause: routing issues. Internet routing isn’t sexy. But it’s a fundamental part of how

State Department confirms data breach, exposing employee data

The State Department has confirmed a data breach affecting an unknown number of employees. A spokesperson told TechCrunch that the breach affected “less than 1 percent” of unclassified employee inboxes. “We have not detected activity of concern in the Department’s classified email system.” “We determined that certain employee personally identifiable

Symantec offers free anti-spoofing services to US political campaigns and election groups

Symantec is the latest private security company to offer its expertise to vulnerable political targets on the house. Today the company announced that it would extend its “Project Dolphin” service (dolphins eat phish, get it) to political campaigns, candidates and election officials, all “prime target[s] for malicious actors seeking to

Cloudflare’s new ‘one-click’ DNSSEC setup will make it far more difficult to spoof websites

Bad news first: the internet is broken for a while. The good news is that Cloudflare thinks it can make it slightly less broken. With “the click of one button,” the networking giant said Tuesday, its users can now switch on DNSSEC in their dashboard. In doing so, Cloudflare hopes

This is what Americans think about the state of election security right now

A wide-ranging new poll yields some useful insight into how worried the average American feels about election threats as the country barrels toward midterms. The survey, conducted by NPR and researchers with Marist College, polled 949 adult US residents in early September across regions of the country, contacting participants through both

Facebook pilots new political campaign security tools — just 50 days before Election Day

Facebook has rolled out a “pilot” program of new security tools for political campaigns — just weeks before millions of Americans go to the polls for the midterm elections. The social networking giant said it’s targeting campaigns who “may be particularly vulnerable to targeting by hackers and foreign adversaries.” Once

Surveillance camera vulnerability could allow hackers to spy on and alter recordings

In newly published research, security firm Tenable reveals how popular video surveillance camera software could be manipulated, allowing would-be attackers the ability to view, disable or otherwise manipulate video footage. The vulnerability, which researchers fittingly dubbed “Peekaboo,” affects software created by NUUO, a surveillance system software maker with clients including