XSS Auditor became too inefficient at blocking XSS attacks, and a chore to maintain.
10 hours ago Amadeus! Amadeus! Pwn me Amadeus! Airline check-in bug may have exposed all y'all boarding passes to spiesThe Register View Synopsis+1
Patched IDOR hole would have been child's play to exploit
A now-patched vulnerability in the Amadeus flight reservation system - used by airlines around the planet - could, or may, have been exploited by miscreants to view strangers' boarding passes.…
Shares of cybersecurity giant Symantec plunged on Monday following reports that the company's acquisition talks with Broadcom have stalled due to a disagreement over price.
Several major news outlets reported in early July that chipmaker Broadcom had been in advanced talks to acquire Symantec in a deal that could exceed $15 billion.
Following a "stocktake" of the public sector's security practices, Singapore's government agencies will roll out "technical measures" for existing as well as new systems to beef up data security standards, including automated detection of emails containing sensitive information and stronger encryption for files.
What you need to know from infosec land lately
Roundup Here is a brief look at some of the other security stories floating around right now.…
WASHINGTON (AP) - Pennsylvania's message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems.
Fraud Fighters Also See Spikes in ATM Malware, Card Enrollment as a ServiceFraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
1 day ago Top 5 cybersecurity challenges for CISOsTechRepublic View Synopsis+1
CISOs must drive business strategy amid an expanded attack surface and increasing security complexity, according to Fortinet.
A combination of technologies and collaboration from everyone involved to enable a password-free payments experience.
Soon it might just be easier for Australia's telcos to keep a copy of every TCP or UDP header for the cops to poke through.
Bug Hunter Sam Curry's Find Left Tesla Slightly Red FacedSoftware vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.
4 hours ago Extenbro DNS-Changer Used in Adware CampaignSecurityWeek View Synopsis+1
A recently observed DNS-changer Trojan is being used in an adware campaign to prevent users from accessing security-related websites, Malwarebytes reveals.
App devs delayed upgrading apps, but lost in the long run due to more negative reviews and less Play Store visibility.
Bulgaria ordered Tuesday a probe into the leak of a trove of taxpayer data in a Russia-linked cyberattack that was disclosed on the same day the former Soviet satellite nation moved to buy US-made F-16 jet fighters.
Cybersecurity firms Vertical Structure and WhiteHat Security on Tuesday reported that their researchers discovered a serious vulnerability that gave remote attackers access to millions of files stored on thousands of exposed Lenovo network-attached storage (NAS) devices.
How utilizing AI can and will be realistic for any security organization...Learn about the concept of autonomous security driven by AI, probability theory and advanced algorithms in this exclusive webinar.
The platform uses Symantec Web Isolation technology to deliver Cloud Access Security Broker (CASB) controls for unmanaged devices.
6 hours ago Patch now before you get your NAS kicked: Iomega storage boxes leave millions of files open to the internetThe Register View Synopsis+1
API blunder exposes data, fix incoming from Lenovo
Lenovo is emitting an emergency firmware patch for Iomega NAS devices after the network-attached storage boxes were discovered inadvertently offering millions of files to the internet via an insecure software interface.…
Despite being the industry standard for email authentication to prevent cyberattacks, DMARC policies aren't implemented by most companies , according to 250ok.
10 hours ago Security Flaw Exposed Valid Airline Boarding PassesInfoRiskToday View Synopsis+1
Amadeus Patches Check-In Software Used by Hundreds of AirlinesA vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.
And Windows XP is alive and not well in the public sector
The UK's National Cyber Security Centre (NCSC) has had another busy year trying to disrupt cybercrime.…