Polycom has published a security advisory listing several products that are vulnerable to the recently disclosed GNU Bash vulnerability dubbed "ShellShock." Polycom provides telepresence, video, voice and infrastructure solutions to 400,000 organizations worldwide.
The company says some of its products are still under investigation, but so far it has identified a dozen solutions plagued by the Shellshock bug. The ShellShock vulnerability can be exploited via four attack vectors. Depending on the vector, organizations can take steps to protect themselves before a patch is released by the vendor.
Read moreDropbox is at the centre of a leak scandal, following the releasing of 400 usernames and passwords by an anonymous user on Pastebin. The hacker claims the initial dump is just a portion of the 6,937,081 Dropbox accounts he claims to have compromised.
He then requested Bitcoins in payment before he would allow access to more accounts. Dropbox said the service had not been hacked and these passwords were expired. At the time of writing, when entering the leaked usernames and passwords into Dropbox, the service prompts the user to reset your password by sending an email to the registered address.
Read moreA giant database of intercepted Snapchat photos and videos has been released by hackers who have been collecting the files for years. Shocked users of the notorious chat forum 4chan are referring to the hack as "The Snappening," noting that this is far bigger than the iCloud hacks that recently targeted celebrities.
Underground photo-trading chat rooms have been filled in recent weeks with hints that something big was coming. Thursday night it finally arrived: A third-party Snapchat client app has been collecting every single photo and video file sent through it for years, giving hackers access to a 13GB library of Snapchats that users thought had been deleted.
Read moreTo infiltrate foreign networks and gain access to sensitive systems, the NSA has been using the tactics of “physical subversion” – deploying undercover agents in Chinese, German, South Korean and possibly even American companies.
Past reports on the National Security Agency have typically depicted a government organ that hacks other systems or works with private corporations to bypass their own encryption protections, but the latest report based on files leaked by Edward Snowden suggests the agency could be embedding operatives into foreign, as well as domestic, “commercial entities.”
Read moreAccording to Edward Snowden, people who care about their privacy should stay away from popular consumer Internet services like Dropbox, Facebook, and Google. Snowden conducted a remote interview today as part of the New Yorker Festival, where he was asked a couple of variants on the question of what we can do to protect our privacy.
His first answer called for a reform of government policies. Some people take the position that they “don’t have anything to hide,” but he argued that when you say that, “You’re inverting the model of responsibility for how rights work”.
Read moreDoes the US lack cybersecurity manpower? Even if it adds thousands of security pros, can Washington stay ahead of the hackers? And how can the federal government compete for top talent with the likes of Facebook, Google, and Twitter?
Michael Daniel has been on a recruitment drive since becoming White House Cybersecurity Coordinator more than two years ago. He’s been on the hunt for more skilled security pros to join the government’s fight against criminal hackers, as well as championing the cause for an all-around more digitally vigilant workforce.
Read moreGoogle CEO Eric Schmidt warned Wednesday that the National Security Agency's online spying could "end up breaking the Internet". A large number of major tech firms, including Apple, Microsoft and Google, made headlines last year after they were revealed to have cooperated with the NSA in its extensive surveillance program called PRISM.
Longtime reporters who cover the NSA know that any time we ask the obstinate spy agency for information, we’re probably going to hit a brick wall. But who would have thought that trying to obtain information about information the agency has already given us would lead to the same wall?
Read moreThe popular Mailpoet WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we are seeing another string of mass exploitation attempts against WordPress websites.
Those that are not or have not updated are getting infected repeatedly via this vector, the issue is further compounded because the attackers are using it as a spring board into the reset of their account further compromising their entire account. Please, we cannot stress the importance of updating, not just your active website, but any other websites you have in your stack, under the same account.
Read moreAdobe is the latest company to admit they’re spying “collecting information from the user” via one of their products: Adobe Digital Editions 4, the company’s latest version of the widely popular ebook platform.
Adobe is said to be gathering extensive data about its users’ ebook reading habits including how long the book has been read for, what percentage of the book has been read and more. All the data including the book’s title, publisher and metadata is being sent through to Adobe’s servers in non-encrypted format. What’s even creepier is that Adobe also seems to be tracking individual users’ computers by gathering metadata from all ebooks stored on a hard drive and uploading the data onto Adobe’s servers.
Read moreKrebsOnSecurity notified MBIA Inc. — the nation’s largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data.
Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to access data that wasn’t already accessible via a simple Web search. MBIA Inc. is a public holding company that offers municipal bond insurance and investment management products. According to the firm’s Wiki page, MBIA, formerly known as the Municipal Bond Insurance Association,.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland