Indian researchers Aditya Modha and Samir Shah have uncovered a cross-site scripting (XSS) vulnerability in WordPress 3.3.
Stuxnet and Duqu were produced by the same malware team
Kaspersky’s lengthy investigation into the Duqu worm concludes that it comes from the same developers as Stuxnet. This, potentially, has serious implications.
Leveson Inquiry shows government should concentrate RIPA reforms on the media
A UK lawyer has called on the government to redirect its reforms of the Regulation of Investigatory Powers Act (RIPA) away from local authorities and toward journalism.
Care2 fails to take care of members’ personal information
Online community Care2 has notified its close to 18 million members that the site’s servers were attacked, resulting in a security breach.
Hackers celebrate New Year’s by breaching Philippine government websites
The PrivateX hacker group breached two Philippine government websites, the Office of the Vice President (OVP) and the Philippine Nuclear Research Institute (PNRI), on New Year’s Day.
Service wipes data from government PCs with degaussing
PC Recycler provides electronics recycling services to a number of US government agencies, using degaussing to wipe data from the devices before destruction.
Saudi hackers publish personal data Israeli sports site subscribers
Saudi hackers who claim they are members of Anonymous have breached the Israeli ONE sports website and leaked personal information on 400,000 subscribers.
Raytheon goes on cybersecurity buying spree
Last month, US defense contractor Raytheon acquired two companies that supply cybersecurity products and services to the US military: Henggeler Computer Consultants and Pikewerks Corp.
Critical infrastructure firms should update cybersecurity infrastructure, McAfee advises
Based on its assessment that cyberattacks against critical infrastructure will increase next year, McAfee advises critical infrastructure companies to upgrade their cybersecurity infrastructure.
No rogue certificates were issued by Comodohacker, says GlobalSign
After an extensive review, Belgian certificate authority (CA) GlobalSign said that no rogue certificates were issued and no customer data were exposed as the result of a breach disclosed in September.