In-brief: Wind turbines made by the UK firm XZERES Wind are susceptible to common, web-based attacks including cross site scripting, according to a warning published by the Industrial Control System CERT (ICS-CERT).
In-brief: The hack of VTech, a maker of technology products for children, has exposed sensitive data on hundreds of thousands of children, the company acknowledged this week. Also exposed: the toy industry’s growing and unregulated appetite for information on the children who play with their toys.
In-brief: Open redirects and forwards may be at the bottom of OWASP’s Top 10 list of web application security vulnerabilities, but they are still a potent and widespread problem, says Akamai’s Or Katz, who offers some suggestions for fixing it.
In-brief: Pharmacy chain CVS and discount chain Costco acknowledged this week that a July security incident involving a third party firm that provides online photo processing and printing services resulted in the theft of some customer data. (Updated to add comment from Staples and CVS. PFR Sept. 16, 2015)
In-brief: RESTful application program interfaces (APIs) are a key ingredient to building powerful, scalable web-based applications. But they can also open the door to web-based attacks, while also baffling traditional penetration testing tools and processes. In this article, Barracuda’s Neeraj Khandelwal explains why.