Written By Shane Schick

WordPress Plugin Vulnerability Puts an Estimated 1 Million Sites at Risk of XSS Attacks

A WordPress plugin vulnerability related to WP Super Cache could let cybercriminals create back doors, add new administrators or worse, experts say.

CrypVault Ransomware Locks Out PCs, Demands Payment While Stealing Passwords

Researchers say a new strain of ransomware called CrypVault is locking out computer users in a way that resembles antivirus software and demands payment.

BitTorrent Vulnerability Discovered as Sync Service Exits Beta

A research advisory suggests cybercriminals could have exploited a BitTorrent vulnerability to include executable code via URLs in its Sync service.

DDoS Made Deadlier: Multicast DNS Vulnerability Could Affect More Than 100,000 Devices

According to CERT, a miconfiguration in many devices could mean cybercriminals can exploit a multicast DNS vulnerability, making DDoS attacks worse.

Security Researcher: eBay Vulnerabilities Could Have Led to Drive-By Attacks

A pair of eBay vulnerabilities could have let cybercriminals hide malware in image files and direct URLs to harmful sites, according to a researcher.

Threat Intelligence Report: CIOs and Others Need to Think Smarter About Security

A threat intelligence report prepared for the U.K. government suggests IT professionals need better information to protect against cybercriminals.

British Airways Freezes Frequent Flier Miles Accounts Following Data Breach

British Airways has admitted potentially tens of thousands of frequent flier miles accounts may be locked until it can recover from a data breach.

Vawtrak Variant Uses Favicons to Hide Dangerous Malware Files

Security researchers say a new form of the Vawtrak malware could be worse than ever before, accessing bank accounts and stealing passwords.

Trouble at the BIOS Level: LightEater Malware Proof of Concept Shows Major Security Risk

Two researchers at the CanSecWest conference showed how the LightEater malware could infect the BIOS in most hardware to take over systems and steal data.

PoSeidon Malware Dives Deep Into Retail Systems to Steal Customer Data

The so-called PoSeidon malware, discovered by Cisco, is being used to steal credit card data and other information from retail organizations.