WordPress users are facing another security worry following the discovery of a massive botnet. Attackers have infected 20,000 WordPress sites by brute-forcing administrator usernames and passwords. They are then using those sites to infect even more WordPress installations.
CS Digest Section: Data Security
Mismanagement, outdated tech and basic security steps were to blame.
Australia's parliament passed controversial legislation on Thursday that will allow the country's intelligence and law enforcement agencies to demand access to end-to-end encrypted digital communications.
In October, Google dramatically announced that it would shut down Google+ in August 2019, because the company had discovered through an internal audit (and a simultaneous Wall Street Journal expose) that a bug in Google+ had exposed 500,000 users' data for about three years. Maybe it should have pulled the plug sooner.
Marriott's massive data breach exposed more than just 500 million customer records, it is also shining a light on the role cybersecurity needs to play when a firm is in acquisition mode, along with the damage that even one slip up by an employee can have on the entire company.
Apple's WebKit team have added 'experimental support' for Web Authentication, the standard for enabling website logins by plugging a USB security key into a computer.
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
You and 800 million other people now can use hardware authentication keys -- and no password at all -- to log on to Microsoft accounts used for Outlook, Office 365, OneDrive, Skype and Xbox Live.
Memory modules with error-correcting code (ECC) protection are vulnerable to Rowhammer, an attack that can help corrupt data the computer stores in its volatile memory chips.
Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account.