Archive for the ‘website security’ Category

Hackers Breach Stack Overflow Q&A Site, Some Users’ Data Exposed

May 17th, 2019
Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident. Stack Overflow, one of the largest question and answer site for programmers, revealed today that unknown hackers managed to exploit a bug in its development tier and then almost a week after they gained unauthorized access to its

Posted in Cyber Attack, cyber security, data breach, data security, hacking news, stack overflow, website security | Comments (0)

Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement

May 16th, 2019
A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google's Titan Security Keys that could not be patched with a software update. However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles. In a security advisory published Wednesday, Google

Posted in cybersecurity tool, FIDO U2F Security Key, Google Titan Key, Google Titan Security Keys, Online Security, password security, phishing, physical security key, titan security keys, website security | Comments (0)

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

April 26th, 2019
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called "Plugin Vulnerabilities"—that recently gone rogue in order to protest against moderators of the WordPress’s official support forum has once

Posted in cyber security, hacking news, hacking wordpress website, website hacked, website security, WooCommerce, WordPress, Wordpress hacking, Wordpress Security | Comments (0)

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

April 23rd, 2019
Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social

Posted in cyber security, hack wordpress, hacking news, php security, remote code execution, website security, WordPress, Wordpress hacking, Wordpress Security | Comments (0)

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

April 17th, 2019
Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in

Posted in Cross site scripting, cybersecurity, Drupal, Drupal hacking, hacking news, JQuery, php security, remote code execution, Vulnerability, website security | Comments (0)

Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet

April 17th, 2019
An unprotected database belonging to JustDial, India's largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy "88888 88888" customer care number, The Hacker News has learned and independently verified. Founded over two decades ago, JustDial (JD) is the

Posted in API Security, cyber security, data breach, data leaked, Database Security, hacking news, Just dial, mobile api security, server security, unprotected database, website security | Comments (0)

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

March 29th, 2019
If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities. Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of

Posted in eCommerce Software, hacking news, Magento, Magento Ecommerce Website, Magento Hacking, Magento Vulnerability, SQL injection, Vulnerability, website hacking, website security | Comments (0)

Brace yourselves: exploit published for serious Magento bug allowing card skimming (Updated)

March 28th, 2019
Brace yourselves: exploit published for serious Magento bug allowing card skimming (Updated)

Enlarge (credit: Mighty Travels / Flickr)

Attack code was published on Friday that exploits a critical vulnerability in Magento e-commerce platform, all bug guaranteeing it will be used to plant payment card skimmers on sites that have yet to install a recently released patch.

PRODSECBUG-2198 is a SQL injection vulnerability that attackers can exploit with no authentication required. Hackers could exploit the flaw to take administrative control of administrator accounts, assuming the hackers can download user names and password hashes and crack the hashes. From there, attackers could install the backdoors or skimming code of their choice. A researcher at Web security firm Sucuri said Thursday that company researchers reverse-engineered an official patch released Tuesday and successfully created a working proof of concept exploit.

Over the past six months, a raft of competing crime gangs has been racing to infect commerce sites with JavaScript that surreptitiously steals purchasers’ credit card data. The compromises are the result of exploits against either known or zeroday vulnerabilities. A vulnerability of this severity in an e-commerce platform that boasts 300,000 businesses and merchants is almost certainly going to face in-the-wild attacks by the same card-skimmer gangs.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, card skimmers, exploits, Magento, vulnerabilities, website security | Comments (0)

New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep

March 20th, 2019
Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently.

Posted in banking security, credit card hacking, credit card security, Credit Card Skimmers, Credit card skimming, digital skimmer, magecart, Online Security, website hacking, website security | Comments (0)

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

March 14th, 2019
If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website. Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once

Posted in hack wordpress, hacking news, website security, WordPress, WordPress exploit, Wordpress hacking, WordPress Vulnerability | Comments (0)