Critical PayPal XSS vulnerability left accounts open to attack
PayPal has patched a security vulnerability which could have been used by hackers to steal users' login details, as well as to access unencrypted credit card information. A cross site scripting bug was discovered by Egyptian 'vulnerabilities hunter' Ebrahim Hegazy -- ironically on PayPal's Secure Payments subdomain.
Hegazy found the Stored XSS Vulnerability on https://Securepayments.Paypal.com back in the middle of June, and was able to demonstrate how it could be exploited. More than two months later, PayPal has addressed the issue and plugged the security hole.
Easiest malware removal trick -- ever
Removing malware is often a complex and time-consuming task, even for security experts. But as Bitdefender has reported, sometimes, just occasionally, the most effective technique can be extremely simple.
Like, turn your PC off, and on again.
84 percent of people support eliminating passwords
Spare a moment to consider the plight of the humble password. It has become an essential component of modern life, but it would be wrong to say we've grown to know and love it.
In fact a survey by mobile authentication specialist LaunchKey shows that 84 percent of respondents would like to do away with passwords altogether and 76 percent believe their information would be more secure with an alternative form of authentication.
Security education saves companies millions of dollars a year
Successful phishing attacks can lead to costs from loss of employee productivity and credential compromise, among other factors, which together may cost an average sized company $3.77 million per year.
New research released by Wombat Security Technologies and the Ponemon Institute finds that the phishing email click rate improved an average of 64 percent following security training.
One percent of employees account for 75 percent of cloud risk
Cloud security specialist CloudLock has released a new report looking at the risks of user behavior to businesses using cloud systems.
It reaches the startling conclusion that just one percent of users account for 75 percent of the security risk. The top one percent of users are responsible for 57 percent of file ownership, 81 percent of files shared, 73 percent of excessively exposed files and 62 percent of app installations.
AT&T accused of injecting ads through its free Wi-Fi hotspots
What price is free? In the case of Windows 10, many argue that it means giving up a little of your privacy, and it seems that AT&T's free Wi-Fi hotspots also come with a hidden payload. Whilst visiting Dulles Airport, computer scientist Jonathan Mayer noticed that "the web had sprouted ads. Lots of them, in places they didn’t belong".
With time to kill waiting for a flight, Mayer set about investigating where these extra ads were coming from. It didn’t take long for him to discover that the AT&T hotspot he was connected to was the problem. He found that the hotspot was injecting a stylesheet which in turn pulled in advertising. But it didn’t end there...
Millennials lose trust in the digital economy
Although millennials are the first fully connected generation, having lived their whole lives in the Internet era, new research suggests that they're beginning to recognize that their identity and personal data may not be properly protected.
Digital identity specialist Intercede surveyed around 2,000 16-35 year-olds in the US and UK to get their views on current security measures. The results suggest what the company calls a 'millennial malaise' towards existing safeguards, in particular the use of easily-hackable but widely used password-based authentication methods.
Samsung smart fridge might leak your Gmail credentials
Your smart fridge might be good for storing cold beer, but it definitely isn’t good for storing your Gmail credentials, as those can be easily stolen. During the recent DEF CON hacking conference, the vulnerability was unveiled at the IoT hacking challenge run by Samsung.
The fridge that got owned was the RF28HMELBSR smart fridge. It downloads Gmail Calendar information and displays it on an on-screen display. The device does implement SSL, but it fails to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections.
NSA wants to future-proof encryption standards against quantum computers
The NSA is concerned that current methods of cryptography, used to encrypt data and ensure that if it does fall into the wrong hands it’s not readable or usable, are going to be woefully inadequate and easily broken when quantum computers come into play.
Of course, this isn’t going to be something that happens in the near future, as quantum computers -- which instead of bits, use qubits that can hold three states instead of the usual binary 0 or 1 -- are still merely conceptual in nature, and won’t be fully realized for many decades yet.
Most Android lock patterns are easy to guess
Travel tips for mobile employees
Long days, warm weather, the lure of travel, if only to a nearby park or beach -- many employees, naturally, are thinking of escaping the office for time away.
For the past year, since the passage of home working legislation in the UK, employees who have been on the job at least 26 weeks have had the right to request flexible working hours.
Virtual infrastructure means higher recovery costs
Businesses may be paying a lot more to recover from security breaches if they're using virtual rather than conventional in-house infrastructures.
According to a study by Kaspersky Lab enterprises pay more than $800,000 on average to recover from a security breach involving virtual systems, which is twice as much compared to incidents involving only physical infrastructure.
The best enterprise firewalls based on user reviews [Infographic]
A good firewall will keep your company’s and customers’ private information secure in order to prevent issues such as identity theft, hackers and viruses by shutting off access to your network where necessary.
With recent data breaches like that of the U.S. Office of Personnel Management and at Harvard, firewalls are gaining increasing importance in business.
Paranoid torrent sites ban Windows 10 over privacy concerns
Since the launch of Windows 10, there have been all manner of privacy concerns -- some grounded in fact, others less so. Whatever your view of the latest version of Windows, it's impossible to deny that this has proved one of the more controversial releases to come from the Microsoft stable.
Getting in on the paranoia now are torrent sites, with some coming out and saying they have implemented a ban on the use of Windows 10 to connect to their trackers. Seemingly in response to the news that Windows 10 could disable counterfeit games, torrent sites including iTS have already put measures in place to block Windows 10 users from accessing them, while the likes of FSC and BB are considering taking similar action. Over-reaction?
Microsoft will only provide information about Windows 10 updates when it wants to
It's less than a month since the launch of Windows 10, and there have already been three cumulative updates released. There has been far greater interest in these updates than for previous versions of Windows, but there has been frustration about the lack of detail provided about the changes the third brought.
Users were told that the update includes "improvements to enhance the functionality of Windows 10", but no specific details were given. Microsoft has now made it clear that extra detail will only be provided for some updates depending on their significance. Considering Windows 10's forced installation of updates, this is something that is unlikely to go down well with users.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.
