Attacker’s Playbook Top 5 Is High On Passwords, Low On Malware

Report: Penetration testers’ five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software. Playing whack-a-mole with software vulnerabilities should not be top of security pros’ priority list because exploiting software doesn’t even rank among the top five plays in the attacker’s playbook, according to Read more about Attacker’s Playbook Top 5 Is High On Passwords, Low On Malware[…]

Strawberrynet Beauty site lets anyone read customers’ personal information

Popular online cosmetics site Strawberrynet has asked customers if a function that allows anyone to retrieve its customers names, billing addresses, and phone numbers with nothing more than an email address is a bug or a feature […] The feature means customers are able to checkout quickly by just putting their email address into a Read more about Strawberrynet Beauty site lets anyone read customers’ personal information[…]

>25m accounts stolen after Russian mail.ru forums hacked

Two hackers were able to steal email addresses and easily crackable passwords from three separate forums in this latest hack. Two hackers carried out attacks on three separate game-related forums in July and August. One forum alone accounted for almost half of the breached data — a little under 13 million records; the other two Read more about >25m accounts stolen after Russian mail.ru forums hacked[…]