In-brief: Wind turbines made by the UK firm XZERES Wind are susceptible to common, web-based attacks including cross site scripting, according to a warning published by the Industrial Control System CERT (ICS-CERT).
Tag: Web
Toymaker Hack Highlights Dark Side of Tech Industry’s Data Obsession
In-brief: The hack of VTech, a maker of technology products for children, has exposed sensitive data on hundreds of thousands of children, the company acknowledged this week. Also exposed: the toy industry’s growing and unregulated appetite for information on the children who play with their toys.
Last of OWASP’s Top 10 Still a Potent Threat
In-brief: Open redirects and forwards may be at the bottom of OWASP’s Top 10 list of web application security vulnerabilities, but they are still a potent and widespread problem, says Akamai’s Or Katz, who offers some suggestions for fixing it.
Update: Photo Bombed Retailers CVS and Costco Admit Customer Data Stolen
In-brief: Pharmacy chain CVS and discount chain Costco acknowledged this week that a July security incident involving a third party firm that provides online photo processing and printing services resulted in the theft of some customer data. (Updated to add comment from Staples and CVS. PFR Sept. 16, 2015)
The Challenge of Securing REST APIs
In-brief: RESTful application program interfaces (APIs) are a key ingredient to building powerful, scalable web-based applications. But they can also open the door to web-based attacks, while also baffling traditional penetration testing tools and processes. In this article, Barracuda’s Neeraj Khandelwal explains why.
