SecurityWeek

Not all the Twitter accounts have created by humans, and researchers recently caught wind of no less than 3 million such accounts that were all created on the same day two years ago, but which are still active today.

Researchers from Portugal-based security consulting and audit firm Integrity have discovered more than a dozen vulnerabilities in Uber websites and services, including issues that could have been exploited to access driver and passenger information.

Singapore-based mobile ad network InMobi will pay $950,000 after it was charged by the U.S. Federal Trade Commission (FTC) for tracking the location of millions of users without their consent.

Taiwan-based industrial automation company Advantech has updated its WebAccess product to address a couple of vulnerabilities that could allow attackers to execute arbitrary code on affected systems.

The GozNym banking Trojan has been observed targeting the customers of some of the largest financial institutions in the United States, IBM Security warned on Wednesday.

The US military is wary of cutting Internet connections to Islamic State strongholds such as Raqa in Syria, even though the Pentagon is waging cyber-war against the jihadists, officials said Wednesday.

A recently observed piece of mobile malware that leverages multiple rooting exploits targets nearly 90 percent of Android devices, Trend Micro researchers say.

It was reported last week that a hacker had accessed the video conferencing system of the Parti Libéral du Québec (PLQ) and eavesdropped on confidential meetings. The hacker concerned reported, with video proof, to Le Journal de Montréal (JDM) and the PLQ has confirmed the veracity of that proof.

A WordPress security and maintenance update released this week addresses a total of eight vulnerabilities identified by external researchers and members of the WordPress security team.

Despite a growing number of attacks on industrial control systems (ICS), organizations are falling behind on security improvements and in many cases they refuse to share threat information with others, according to a survey conducted by the SANS Institute.

A total of 16 information leakage, denial-of-service (DoS), directory traversal and buffer overflow vulnerabilities have been patched in the popular chat client Pidgin.

Boston-based backup services provider Carbonite is the latest company whose users have been targeted by hackers leveraging credentials leaked recently from major websites.

Hackers are constantly looking for vulnerabilities they can exploit to gain access to corporate networks, industrial control systems, financial data, and more. One of the best kept secrets in the hacker’s toolkit has become Google Dorking. It can be used to identify vulnerable systems and trace them to a specific place on the Internet.

Google is rolling out new 2-Step Verification (2SV) functionality, to make easier for users with the additional security feature enabled to log into their accounts.

Flash is one of the most abused pieces of software in use. Flexera Software's Vulnerability Review 2016 counts 457 vulnerabilities in 2014 and 2015 (second only to Chrome with 516 vulnerabilities). But Flash is the attacker's tool of choice.

The developers of Libarchive have released a new version of the open-source library to address several potentially serious vulnerabilities.

As one of the oldest active threats, Conficker continues to lead the malware landscape by number of registered attacks, accounting for 14 percent of recognized incidents, Check Point researchers say.

The Cerber ransomware is an international threat and has infected users all around the world, but researchers at Check Point observed campaigns over the past two months that focused mainly on three geographies, namely the United States, Turkey, and the United Kingdom.

Several security firms have found evidence that the recent attacks against the Democratic National Committee (DNC), the formal governing body for the U.S. Democratic Party, were launched by Russia-linked threat groups.