First American Financial Corp., one of the world’s largest real estate title insurance companies, exposed hundreds of millions of title insurance customer financial records.
Multiple vulnerabilities have been discovered in Jenkins plugins that could lead to information disclosure. The three affected plugins are Swarm, Ansible and GitLab.
Security researchers from Trend Micro have uncovered a Magecart skimming attack that targeted 201 online campus stores in the United States and Canada.
Facebook provided an update to a previously disclosed incident involving insecurely storing “tens of thousands” of Instagram users’ passwords on internal servers in clear text. Facebook now says that “millions” of Instagram accounts are now impacted.
The Apache Software Foundation has released new Apache Tomcat versions and mitigations to address a remote code execution (RCE) vulnerability.
Multiple VPN applications are vulnerable to not properly encrypting sensitive data and insecurely storing session cookies.
A newly discovered botnet dubbed Xwo has been scanning the internet for exposed web services and default passwords. The malware was discovered by AT&T’s Alien Labs back in March and is related to malware families MongoLock and Xbash.
Cyber attackers have compromised hundreds of CMS sites running WordPress or Joomla to serve up Shade ransomware and phishing pages in the wild.
Security researchers from Imperva have found thousands of Docker hosts exposed to a new vulnerability and exposed remote Docker API. The new research describes the threat along with sample scripts and what can be done about it.
Security researchers from FireEye have identified a wave of DNS hijacking attacks on domains owned by government, telecom and internet infrastructure organizations around the globe. The analysis suggests the bad actors behind the cyber attacks are of Iranian origin or sponsorship.