Under Armour MyFitnessPal user data breach

Under Armour has notified users of its MyFitnessPal, a food and nutrition application and website, about a data breach of customer personal data. Affected information includes usernames, email addresses, and hashed passwords. The company said the majority of hashed passwords were protected using the bcrypt hashing algorithm.

Continue Reading Under Armour MyFitnessPal user data breach

GoScanSSH malware targets default and weak passwords

Talos security researchers have spotted a new family of malware dubbed "GoScanSSH" that compromises internet-facing SSH servers. The malware targets default and weak passwords via a brute force attack on SSH systems that allow password-based SSH authentication.

Continue Reading GoScanSSH malware targets default and weak passwords

Microsoft CredSSP vulnerability updates

Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.

Continue Reading Microsoft CredSSP vulnerability updates

R2D2 thwarts disk-wiping malware

Researchers at Purdue University have developed a new tool dubbed R2D2 (short for “Reactive Redundancy for Data Destruction Protection”) that can protect systems from disk-wiping malware such as Shamoon and Stonedrill.

Continue Reading R2D2 thwarts disk-wiping malware

GitHub scans and finds 4M vulnerabilities

GitHub ran a security scan to find old vulnerabilities in JavaScript and Ruby libraries in over a half million public repositories. The scan results turned up over four million vulnerabilities and sent alerts to developers to patch the bugs. GitHub is leading software development platform used to host, review and manage software source code, used by millions of developers.

Continue Reading GitHub scans and finds 4M vulnerabilities