Firefox Mozilla removes inline scripts and eval()-like functions to prevent injection attacks

Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in “about: pages” that have been the gateway to sensitive preferences, settings, and statics of the browser. This is all driven to mitigate a large class of potential cross-site scripting issues in Firefox browser has 45 such internal locally-hosted about …

Microsoft, Hewlett Foundation, MasterCard, and other launch CyberPeace Institute

Microsoft, Hewlett Foundation, MasterCard, and several other unnamed major corporations and philanthropic institutions have formed an independent non-profit organisation called the CyberPeace Institute aimed at protecting victims against cyberattacks and helping them recover from one. “For years, non-governmental organisations around the world have provided on-the-ground help and vocal advocacy for victims of wars and natural …

South Africa’s surveillance act RICA unconstitutional, inconsistent finds Court

The South Gauteng High Court has found that parts of the Regulation of Interception of Communications and Provision of Communication-Related Information (RICA) Act are unconstitutional. In April 2017, media group amaBhungane filed an application in the High Court challenging the constitutionality of the act. This, after it emerged that journalist Sam Sole’s communications were intercepted …

State of the Web Report Finds 98 Percent of U.S. Alexa 1000 Websites Are Inadequately Secured Against Magecart and Other Advanced Attacks

Tala Security, the provider of security solutions protecting enterprise websites and web applications against advanced client-side attacks like Magecart, today announced the Tala 2019 State of the Web Report. The report, which tested U.S. websites within the Alexa 1000 ranking, educates enterprises about the critical and under-recognized security threats related to their web assets and …

De-prioritised compliance: 50% of UK businesses not fully GDPR-compliant

As the European Union General Data Protection Regulation (GDPR) legislation nears its 18 month anniversary, research by security software supplier Egress has suggested that 52% of UK businesses are not fully compliant with the rules, opening the door to severe penalties if they fall victim to a data breach. Egress – which polled 250 decision …

Facebook privacy lapse leaks 400m phone numbers in USA, Britain and Vietnam

Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, US media reported Wednesday. An exposed server stored 419 million records on users across several databases — including 133 million US accounts, more than 50 million in Vietnam, and 18 million in …

Mobile apps are awash with unremediated security vulnerabilities

Organizations that are all-in leveraging microservices to speed-up application development, on the DevOps side of the house, have begun acknowledging the importance of incorporating SecOps along the way. The most forward-thinking among them are increasingly checking for vulnerabilities in new apps – and finding them, big time. That’s one of the key revelations in the …

Expert warns cyber threats to worsen with tech advances

Technological advances like Artificial Intelligence, Internet of Things, Automatic Cards and others will throw up new challenges for cyber security and all countries must unite to foresee and combat them, a leading Israeli cyber security expert said. “The Internet was not designed for security, hence it is inherently insecure since everything is hackable. It is …

‘Norman’ cryptojacking malware hides and exploits the processing power of infected PCs

A newly-discovered form of cryptocurrency-mining malware is capable of remaining so well-hidden that researchers investigating it found that it had spread to almost every computer at a company that had become infected. Dubbed ‘Norman’ due to references in the backend of the malware, the cryptojacker has been detailed by cybersecurity researchers at Varonis. The Monero-cryptomining …