Blog

Western Digital NAS machines vulnerable to hijacking via HTTP cookies Source: ‘I am admin’ bug turns WD’s My Cloud boxes into Everyone’s Cloud

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year. Remco Vermeulen found a privilege escalation bug in Western Digital’s My Cloud devices, which he said allows an attacker to bypass the admin password on the drive, gaining […] Source: Password bypass flaw in Western Digital My Cloud drives puts data at risk

Source: Mirai Botnet Authors Avoid Jail Time — Krebs on Security

Newegg is clearing up its website after a month-long data breach. Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from […] Source: Hackers stole customer credit cards in Newegg data breach

Security firm FireEye has confirmed that a widely used web payment portal used to pay for local government services, like utilities and permits, has been targeted by hackers. Hackers have broken into self-hosted Click2Gov servers operated by local governments across the US, likely using a vulnerability in the portal’s web server that allowed the attacker to […] Source: Hackers have planted credit card stealing malware on local government payment sites