Archives: July 2016
You are here: Home \ 2016 \ July \ Page 2
Yahoo has been given until August 31 to comply with a court order asking how the company was able to recover emails that were presumed deleted. Yahoo’s policy guide claims it cannot recover emails from a user’s account that have been deleted but defense lawyers for a convicted U.K. drug trafficker are speculating whether the company...
Kimpton Hotels & Restaurants, a nationwide chain of 62 boutique hotels, is investigating a string of unauthorized charges on payment cards used at a number of its locations. It’s unknown how many cards are involved, nor at which locations. A Kimpton representative told Threatpost that an investigation is ongoing and no further information was available....
Knowing where to turn for help when victimized by ransomware isn’t always clear. Should you pay the ransom? Are there alternatives to getting your precious data back? Who can you turn to for help? In an effort to answer those questions and help victims retrieve data encrypted by ransomware a unique public and private sector...
Wireless keyboards made by eight different companies suffer from a vulnerability that can allow attackers to eavesdrop on keystrokes from up to 250 feet away, researchers warned Tuesday. If exploited, the vulnerability, dubbed KeySniffer, could let an attacker glean passwords, credit card numbers, security questions and answers – essentially anything typed on a keyboard, in clear...
A host of web-based vulnerabilities in Orsam Lightify smart lighting products remain unpatched, despite private notification to the vendor in late May and CVEs assigned to the issues in June by CERT/CC. Researchers at Rapid7 today publicly disclosed some of the details on each of the nine vulnerabilities with temporary mitigation advice users can deploy...
Researchers have crafted a stealthy new way of bypassing Windows User Account Controls (UAC) that opens the door to attacks on targeted systems. According researchers, the bypass technique can fly under the radar of security solutions that monitor for this type of circumvention. The UAC bypass technique works on Windows 10 systems, and as opposed a number...
More than 100 malicious Tor Hidden Services Directories (HSDirs) were found to be snooping on the services they host, and in some cases, operators were actively using the data collected to attack the services. While at first blush, the discovery would seem to put another dent in the privacy and anonymity aspects so heavily associated...
A PHP vulnerability that exposed adult website PornHub’s user data to hackers and allowed for code execution on servers hosting the site, earned a trio of German researchers $22,000 as part of a bug bounty program. PHP patched the vulnerability in June. The flaw is tied to a use-after-free memory corruption bug that takes place when...
A new variant of the PowerWare ransomware is stealing street creds from the Locky strain of ransomware in an attempt to spoof the malware family. A new sample of PowerWare found by Palo Alto Networks’ Unit 42 reveals the ransomware’s quickly evolving tactics. According to researchers, a new version of the ransomware is using Locky’s “.locky” file extension to...
PayPal recently fixed a vulnerability on its PayPal.me site that could have let an attacker change a user’s profile without permission. The issue stemmed from a cross-site request forgery (CSRF) vulnerability that existed in PayPal.me, a site the company launched last year to let its users request money; similar to what Venmo, another property it...