Tag Archive for: Website

Can $1M in damages be accurate in a website defacement?

/in

Corporate security pros should note that journalist Matthew Keys was convicted this week of changing a headline on the LA Times Web site, a case that may help define what can be included when a toting up damages caused by hackers.

The bill cited in court came to $ 929,977 for the cost of changing back the altered headline, which stayed live for less than an hour, but also the cost of assessing what other damage was done and fixing it, which took months. You can read details about the case here and here.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Plenty of fish, and exploits too, on dating website

/in

Recent visitors to Plenty of Fish (pof.com), an online dating website with over 3 million daily active users, had their browsers redirected to exploits that installed malware.

The attack was launched through a malicious advertisement that was distributed through a third-party ad network, researchers from security firm Malwarebytes said in a blog post Thursday.

The malicious ad pointed to the Nuclear exploit kit, a Web-based attack tool that exploits known vulnerabilities in browsers and popular browser plug-ins like Flash Player, Java, Adobe Reader and Silverlight.

To read this article in full or to leave a comment, please click here

Network World Security

WordPress 4.2.3 is out, update your website now

/in

If you manage a website that utilizes WordPress – update now! The latest version has been released and includes a fix for a cross-site scripting (XSS) vulnerability that your website could do without.
Naked Security – Sophos

Google error leaks website owners’ personal information

/in

A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private.

The privacy breach involves whois, a database that contains contact information for people who’ve bought domain names. For privacy reasons, people can elect to make information private, often by paying an extra fee.

Craig Williams, senior technical leader for Cisco’s Talos research group who discovered the issue, said the data will make it easier for cybercriminals to draft phishing emails that try to trick victims into divulging information or clicking on malicious links.

To read this article in full or to leave a comment, please click here

Network World Security