Cloudflare Says No Evidence Cloudbleed Bug Was Exploited
After further analysis of the memory leak bug disclosed last week, Cloudflare officials say they haven’t found any instances of customer passwords, credit card data, or health records leaking while the vulnerability was exposed. The vulnerability, now known as Cloudbleed, has joined the pantheon of Internet-scale bugs to emerge in the last few years, even though […]
Critical SQL Injection Bug in Plugin Exposes WordPress Sites
Researchers have found a critical SQL injection vulnerability in a popular WordPress plugin used to create photo galleries. The bug in NextGEN Gallery exposes more than a million sites. The vulnerability can be exploited in a couple of different ways, and researchers at Sucuri, who discovered the weakness, say that an attacker could use it […]
Email Scam Losses Pass $3 Billion, FBI Says
The amount of money that enterprises in the United States are losing to business email compromise scams is growing at an alarming rate, and is now well into the billions of dollars, according to the FBI. BEC scams, also known as CEO or executive impersonation schemes, are the evolution of phishing attacks and rely on the criminals’ […]
Security Teams Are Becoming Cyber Espionage Investigators
SAN FRANCISCO–As cyber espionage has moved from the government sector into the corporate world, enterprise security professionals have found themselves needing to become investigators to deal with the threat. But without real expertise and experience with investigations, even the best security teams can miss serious compromises in their environments. “Cybersecurity professionals don’t have experience dealing with traditional […]
‘When Computers Start Killing People, There Are Going to Be Consequences’
SAN FRANCISCO–The massive, rapidly expanding network of insecure IoT devices is becoming so large and unwieldy that it will inevitably attract attention from government regulators in the near future. And that’s actually a positive development, security experts say. “As everything becomes a computer, computer security becomes everything security. The beachhead of all of this is […]
FBI Targets Extensive Cybercrime Ring
A Brooklyn man has pleaded guilty to charges as part of an FBI investigation into a banking malware and money mule scheme that has been running since 2015 and cost victims more than $1 million. The plea from Vyacheslav Khaimov was for his role in the scam, which the FBI alleges involved attackers infecting victims’ machines […]
Details Emerge of Severe WordPress Content Injection Flaw
WordPress has revealed the details of a critical privilege escalation vulnerability that the company fixed in a security release last week. The bug was part of a major upgrade for WordPress, but the details of the flaw hadn’t come out until now because the company was working with hosting providers and security firms to put […]
Mirai, Google, and the Future of DDoS
OAKLAND–When the Mirai botnet burst onto the scene last year, it did so in style, with two of the largest DDoS attacks on record. One of the initial targets of its wrath was the site run by reporter Brian Krebs, and the attack set off a chain reaction that not only took the site offline […]
Inside the Fight Against Bulletproof Hosting Providers
OAKLAND–For years, bulletproof hosting providers have been the bane of the Internet. They serve as havens for malware, cybercrime operations, and child exploitation rings, while dodging law enforcement by moving their operations early and often. But security researchers and cybercrime investigators are beginning to make some headway in the fight against these operators, through cooperation […]