News – August 2017


  • IBM Patches Reflected XSS in Worklight, MobileFirst

    August 2, 2017

    BM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability (CVE-2017-1500) lingered in the products, Worklight and MobileFirst, for almost a year. Gabriele Gristina, a security consultant for the Italian information security ...

  • This is How CIA Disables Security Cameras During Hollywood-Style Operations

    August 2, 2017

    In last 20 years, we have seen hundreds of caper/heist movies where spies or bank robbers hijack surveillance cameras of secure premises to either stop recording or set up an endless loop for covert operations without leaving any evidence. Whenever I see such scenes in a movie, I wonder and ask myself: Does this happen in ...

  • Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users

    August 2, 2017

    From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business model—instead of investing, spammers have started a new wave of phishing ...

  • $39 million cyber heist crooks caught by Omani agency

    August 2, 2017

    Omani forensic specialists helped track down online crooks who stole $39 million from a government bank, the director of the Internet Technology Agency has revealed. A cyber attack on an Oman bank in 2013 sparked a global manhunt across 24 nations that led to the arrests of seven people in the USA, according to Dr Badr ...

  • EU agency asks Commission to ‘avoid fragmentation’ in new cybersecurity plans

    August 1, 2017

    The EU needs to step up its cooperation between civil and military cybersecurity authorities when member states are attacked by hackers, according to the EU cybersecurity agency ENISA. The Athens-based agency asked the European Commission for a bigger role in responding to cybersecurity breaches. Part of that role would mean working more with the military when ...

  • Legislation Proposed to Secure Connected IoT Devices

    August 1, 2017

    A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecurity Improvement Act provides stringent guidance for the security of connected devices starting with mandates that ...