Zeljka Zorz
25% of tested Google Chrome extensions allow data theft
27 of a 100 tested Google Chrome extensions have been found vulnerable to data (passwords, history, etc.) extraction attacks though specially crafted malicious websites or by …
Clever phisher almost tricks PhishTank
PhishTank is an anti-phishing site run by the OpenDNS team and offers the possibility of submitting suspected phishing sites for community-based review. In short, other users …
Thousands of sites compromised following hosting provider hack
California-based hosting provider InMotion has suffered a compromise that resulted in the defacement of thousands of home pages of websites hosted on their infrastructure, …
Firefox 7 search yields unwanted results
Firefox is the second most widely used browser in the world, so we can be sure that malicious individuals are already working on ways to take advantage of yesterday’s …
“ACH Payment Canceled” spam leads to malware
After a short pause, the failed/cancelled ACH transaction spam is hitting inboxes again. Since yesterday, Websense has intercepted over 200,000 of the following emails: The …
Facebook allegedly promises to fix logout cookies issue
The Facebook tracking cookies issue revealed yesterday has, expectedly, created quite a stir in the security community. The company went into damage control mode and repeated …
Alureon extracts backup C&C locations embedded in images
An Alureon Trojan variant designed to extract the location of backup C&C centers from images disseminated across the Web has been discovered by a Microsoft researcher. …
Browser companies react to BEAST attack
As Juliano Rizzo and Thai Duong have demonstrated on Friday, the SSL/TLS encryption used by the great majority of websites has been cracked. Their BEAST (Browser Exploit …
US DHS asks public to share ideas on botnet mitigation
The U.S. Department of Homeland Security and the U.S. Department of Commerce have issued a public call for comments from “all Internet stakeholders” in order to …
Mysql.com hacked, serving malware
Mysql.com has been hacked and is currently serving malware, Armorize warns. The company has detected the compromise through its website malware monitoring platform HackAlert, …
5 data-stealing apps offered on Android Market
Nearly a month ago, researchers have discovered a Chinese mobile phone monitoring service that allows users to compromise a target’s mobile phone running Symbian or …
Does Facebook keep tracking users after they have logged out?
Australian hacker and blogger Nik Cubrilovic claims that Facebook keeps tracking its users after they have logged out from the site. To do that, the social network allegedly …