Shopware has patched a 'critical' remote code execution bug that affects the functions of both the shop and the overall system. According to a thread posted on Bugtraq, David Vieira-Kurz, a security engineer at Immobilien Scout GmbH, found that the script located at "/backend/Login/load" in Shopware's eCommerce platform is susceptible to remote code...

Technology infrastructure (TI) at banks involves a dizzying array of things – from employee laptops and desktops, software applications, and hosting networks to networking and cabling linking offices around the world, Internet of Things (IoT) devices, sophisticated enterprise tools, data centers... and so on. Just as a country needs its critical...

As I discussed in last week's post, smartphones, tablets, desktops, industrial equipment, servers and other technologies that connect to a corporate network are considered endpoints. Unfortunately, bad actors can abuse those devices and their network access to attack an organization. That is why IT staff need to protect as many of their company's...

Researchers have determined that those who stole approximately $81 million from the Bangladesh Bank most likely did so by hacking into SWIFT's client software. SWIFT, or the Society for Worldwide Interbank Financial Telecommunications, provides banks and other organizations with secure messaging services. According to its 2015 traffic, more than 11...

In the fall of 2015, Heimdal Security detected a post-office email scam targeting unsuspecting Danish users. The campaign sent out fake emails purporting to originate from PostNord and Post Denmark. When clicked on, the infected emails downloaded Cryptolocker2 ransomware onto users' machines. Several months later, Heimdal has now spotted another...

According to reports, Sony will soon be introducing two-factor authentication to its popular gaming platform, the PlayStation Network. Although the company has yet to make an official announcement, Sony confirmed to the gaming news website Polygon that the security feature was in the works. "In order to further safeguard our users and their...

A security researcher successfully compromised a Facebook server only to discover that someone had already been there. Bug bounty hunter Orange Tsai explains in a blog post that after poking around some Class C IP addresses of "vpn.tfbnw.com," an internal domain for Facebook, he came across a special server with the name "files.fb.com." The...

By now, almost everyone knows what happened during the Target breach. In the late fall of 2013, a group of attackers uploaded card-stealing malware to a small number of point-of-sale (POS) terminals in the retailer's stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks. In the...

The desktop edition of the Opera web browser is getting a free, built-in VPN offering users a more secure and private browsing experience. The feature, announced on Opera's blog, making it the first major browser to integrate a VPN service. Opera's built-in VPN, which is currently incorporated into the Windows and Mac developer editions of the...

The Massachusetts Institute of Technology (MIT), famed as one of the top tech schools in the country, introduced an “experimental” bug bounty program this week. The private, Cambridge-based research university is among the first academic institutions to announce a program designed to encourage finding...

2016 is shaping up to be the year of ransomware. Cyber-attacks are on the rise, with companies losing control of their critical assets. And the problem isn’t going away. Could your company fall victim to these malicious attacks? Everyone is vulnerable, but the good news is that there are simple steps you can take today using security tools you already...

Many of my friends having been dropping off the social media spectrum lately. Some have gone so far as to deactivate their social media accounts. They all have good reasons, and in some cases, I see them spending their time much more productively without worrying about the constant distraction of online socializing. None of them have received a...

Over the last year, Google detected nearly 800,000 compromised websites – roughly 16,500 new sites every week – exposing unsuspecting visitors to malware and scams. The search engine giant detailed the findings of a study it conducted alongside the University of California, Berkley, which analyzed 760,935 hijacking incidents from July 2014 to June...

I was on a security panel recently where we were asked to define the Internet of Things (IoT). This term is as vague as it is broad. It can be argued that it includes almost any “thing” that can be part of a network. I was not happy with any of our answers, including my own, so I spent some time thinking about it. When I was asked this question at a...

Disclaimer: The investigation made by the Swedish Civil Aviation Administration, LFV, after the radar disruptions that affected parts of Sweden's air traffic on 4 November 2015, shows that the disruptions were due to radio emissions linked to a solar flare. This is the conclusion from the investigation conducted by LFV after the event. Read the full...

Databases containing 3.8 million adult dating and Naughty America users' web accounts are up for sale on a dark web marketplace. As reported by Infosecurity Magazine, a hacker is advertising several leaked databases on the underground web forum The Real Deal. Those databases are believed to contain 3.8 million users' information, which includes...

WhatsApp is an instant messaging service with well over one billion global users. To put it into perspective, one in seven people on the planet actively use this popular messaging app to send some 30 billion texts, voice messages and videos every single day. In 2014, WhatsApp was acquired by Facebook for $19.3 billion. It is now the most powerful...

Malware as a business model rests on two core tenets—the first is innovation. Malware authors are constantly innovating tools and techniques that allow their software to slip past network defenses, to brute force their way past weak authentication credentials, and to escalate local privileges—all in an attempt to counter the work of security personnel...

Last year, attackers used an email scam to defraud an unidentified American corporation out of $100 million, report U.S. authorities. According to Reuters, the American corporation was targeted by a business email compromise between August and September of 2015. A business email compromise (BEC) is a type of payment fraud where an attacker...

A former Reuters journalist has been sentenced to two years in prison for helping to hack a multimedia corporation. Last October, a California jury found Matthew Keys, 28, guilty of one count of conspiracy to make changes to a corporate website, one count of transmitting malicious code, and one count of attempting to transmit malicious code for an...