2577 matches found
Ransomware is the Future of Internet of Things Malware
WASHINGTON D.C. — It’s 2020, bitter cold outside, you’re running late for work, and the Linux box that controls your car isn’t going to start unless you wire $20 worth of Bitcoin to an increasingly business-like criminal enterprise operating out of Eastern Europe. Of course it’s not 2020. And to...
76M Households, 7M Businesses Impacted in JPMorgan Chase Breach
A securities filing on Thursday revealed that up to 76 million households and seven million small businesses, far more than initially thought, were implicated in the cyber attack that hit JPMorgan Chase over the summer, making it one of the largest data breaches in U.S. history. The New York-base...
Apple Pay: A New Way to Pay
Every September, Apple announces exciting new products that promise to change how we interact with not only our devices, but with the world around us. 2014 has been no exception; in San Francisco this morning, Apple announced the iPhone 6, Apple Watch and Apple Pay. Even though Im excited about t...
CVE-2014-2685
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...
Authentication flaw
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...
CVE-2014-2685
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...
One in Five Massachusetts Residents Breached in 2013
Roughly one in five Massachusetts residents were affected by a data breach last year, according to numbers released today by the Commonwealth’s Office of Consumer Affairs & Business Regulation OCABR. The number, about 1.2 million residents, is nearly a 60 percent increase from 2012. “Last year wa...
Hurray! Unlocking Your Cell Phone is Officially Legal Again
President Barack Obama signed a bill into law Friday that aims to make it legal for consumers to “unlock” their cell phones in order to change their cell phone service providers without paying for a new phone. The bill is known as the Unlocking Consumer Choice and Wireless Competition Act, which...
Consumer Groups Urge FTC to Halt Facebook Data Collection Program
A collection of privacy and consumer groups from the United States and Europe has asked the Federal Trade Commission to force Facebook to suspend a recently installed program that mines information on sites that users’ visit around the Web in order to serve them interest-based ads. The groups say...
Cybersecurity and the Financial Services Industry
2014 is the year that the US Securities and Exchange Commissions Office of Compliance Inspections and Examinations OCIE is turning its focus to cybersecurity, a looming threat to any and all companies that utilize the internet. In case you missed my last post, back in March the OCIE hosted a...
British Telecommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/24219/info The British Telecommunications Consumer Webhelper ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficientl...
Google, Microsoft to Implement Mobile 'Kill Switch'
Google and Microsoft will incorporate remote kill switch features into the default builds of their respective mobile operating systems for the first time. Oddly enough, the announcement comes in a joint press release issued by New York Attorney General, Eric Schneiderman, and San Francisco Distri...
FTC Asks Data Brokers, Congress for Transparency, Regulation
The Federal Trade Commission called on data brokers to be more transparent and give users more control over their personal information in a comprehensive report issued yesterday. The 100-plus page document, “Data Brokers: A Call for Transparency and Acccountability,” .PDF criticizes the industry...
Health and Fitness Apps Poor at Protecting Privacy FTC Says
A recent study conducted by the Federal Trade Commission examined 12 mobile health and fitness apps and found them sending users’ personal information to 76 different third parties. Jah-Juin Ho, an attorney in the FTC’s Mobile Technology Unit shared the research yesterday during a seminar regardi...
FTC Discusses Regulating User-Generated Health Information
The proliferation of wearable devices coupled with smartphone apps that monitor heart rates and other health metrics raises an important question: How exactly should the information generated by these devices be regulated? If there’s a fist fight in a bar can a person’s Fitbit accelerator be...
Dropbox Patches Shared Links Privacy Vulnerability
Dropbox has acknowledged and disabled a vulnerable shared links feature that exposed documents stored by the service to third parties. Shared links are a collaboration feature that allows user, especially in a business environment, to share and edit documents. Dropbox rival Intralinks reported th...
White House Calls for Transparency from Data Brokers
The White House redirected attention away from the data collection efforts of the intelligence community yesterday with the release of a report that urged data brokers to be more transparent about their own data harvesting. Companies such as Facebook, Google and others make a living collecting th...
Heartbleed – When Will the Next Shoe Drop?
Last week, while I was in the offices of one of our customers, a long-present but little-known vulnerability in OpenSSL became public knowledge. Our client detected it early and made the necessary patches and updates. The systems deployed by their customers are now secure. Consumers will change...
Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2014:072)
Updated php-ZendFramework packages fix security vulnerabilities : XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform...
Zend Framework XML外部实体和安全绕过漏洞
Bugtraq ID:66358 Zend Framework是一款开放源代码的PHP5开发框架实现。 Zend Framework存在多个安全漏洞: 1,处理XML实体时存在错误,允许攻击者通过特制的包含外部实体引用的XML文档来获取本地文件内容或消耗服务器资源。 2,ZendOpenId和ZendOpenId consumer的登录机制存在错误,允许攻击者利用漏洞无需任意验证凭据伪造其他用户/身份。 0 Zend Framework 1.x Zend Framework 1.12.4已经修复该漏洞,建议用户下载更新: http://framework.zend.com...