The latest technologies and best practices to secure local, virtual, cloud, and hybrid networks.
SQL injection has become the scourge of the Internet era. Year after year, it is cited as one of the top security vulnerabilities on the Internet, responsible for countless data breaches. Jeff Forristal, also known by the alias Rain Forrest Puppy, was one of the first people to ever document SQL injection. Forristal, now the…
Crown Castle recently began notifying an undisclosed number of its U.S. employees that their payroll information may have been accessed by hackers. On October 31, 2013, the company determined that an unknown person or persons bypassed Crown Castle’s security system and accessed an e-mail containing an attached payroll file that listed U.S. employee names, Social…
Shipping and logistics company Yusen Logistics (Americas) Inc. (YLA) recently began notifying an undisclosed number of current and former employees that their personal information may have been exposed when a password-protected, unencrypted laptop was stolen from a YLA employee’s vehicle on September 23, 2013. The laptop held a spreadsheet containing payroll deduction information for current…
Developers are being urged to create applications at an ever-faster pace, with many of them designed to operate on the Web or run on mobile devices. All of these factors open the door to security vulnerabilities. “When secure code practices are not part of development, you end up with data breaches, a large percentage of…
Customers of VPN provider PureVPN recently began receiving e-mails stating that the company was shutting down due to legal issues — but PureVPN quickly announced that the e-mails were fake, and had been sent by hackers who had accessed customers’ names and e-mail addresses (h/t Softpedia). In a blog post on October 6th, PureVPN co-founder…
There is a reason phishing scams remain popular. Despite the fact most knowledge workers know the risks of clicking on unknown attachments or links, a significant number of them continue to do it. A recent Harris Interactive survey found that 19 percent of U.S. employees working in an office said they had opened an email…
Digital certificates play a vital security role on the Internet. They allow you to prove that your websites are genuine, sign applications and software updates to prove that they originated from you, and communicate with customers easily using encryption. The drawback to certificates is that if anything goes wrong, the potential fallout can be disastrous.…
American Banker reports that Citigroup recently admitted having failed to safeguard the personal data (including birthdates and Social Security numbers) of approximately 146,000 customers who filed for bankruptcy between 2007 and 2011 (h/t Softpedia). Citi apparently failed to fully redact court records placed on the Public Access to Court Electronic Records (PACER) system. “The redaction…
Avira recently acknowledged that Avira Browser Security doesn’t allow Web sites to be displayed in the Chrome browser once it’s updated to verison 28 (h/t The H Security). Affected products include Avira Professional Security 2013, Avira Free Antivirus, Avira Antivirus Premium 2013, and Avira Internet Security 2013. “This is caused by an incompatibility between the…