Is a Vulnerability the same as malware? What’s the difference?

We’ve been seeing questions where people are confused between vulnerabilities and malware. The difference between a vulnerability and malware can be quite confusing to people who aren’t in information security, so this article is to help explain the difference. To put it simply, a vulnerability is something that is usually a mistake in code that a hacker can use to… Read more →

Heartbleed, a HTTPS Vulnerability Affects TOR, Bitcoin And Others

Heartbleed is a new vulnerability that you need to know about, so you can avoid vulnerable sites that use https. Heartbleed is not malware, it’s a vulnerability. If you want to know the difference between malware and a vulnerability, please read our article explaining it. Now what is hearbleed and how does it affect you? To put it simply, if… Read more →

WordPress mobile apps hacked and fixed

Old WordPress Mobile Apps Can Be Hacked, Issues Fixed Including Plain-text passwords

Bugcrowd reached out to us with the results from the WordPress mobile app bounty. Unfortunately, the results only contain information on the mobile WordPress apps and not the normal web version of WordPress. Those results were redacted, until WordPress patches the web version that powers 75 million sites. The WordPress bounty had 319 participants, 238 bug submissions, with 75 of… Read more →

Partial Disclosure Proposal To Replace Proper Disclosure In Infosec

Today we propose a new method of disclosing web security holes that benefits people who use the web and also helps companies. If you know the history of web security, you’ll know that everyone used to do full disclosure. Companies didn’t like that, so responsible disclosure, also known as proper disclosure was created. Proper disclosure has the company and or… Read more →

Premium WordPress Plugins & Themes Can Be Hacked

Update: We took this article offline for a period of time, since we believed Thesis would release a patch in a quick fashion, especially since we supplied them with a temporary patch and information on pre-built functions that they should use. They have not released an update that we know about in what we deem a reasonable amount of time…. Read more →

Malysian Plane not found by Courtney Love

Courtney Love Did Not Find Missing Plane MH-370; Malware Spreads

Courtney Love, a former singer for the band Hole posted on Facebook lead people to believe she may had located the missing Malaysian plane MH-370 on Tomnod, which Rolling Stone and others picked up and published as news. Unfortunately, the information published wasn’t true, because a Reddit user located it three days prior and a boat had already been sent… Read more →

Mt Gox Hack Contains Malware

We previously wrote that the Mt. Gox hacked database had some credibility to it, since some of the information was verified.  We also noted that we tested it on our system dedicated to malware and had yet to examine the programs for malware. Thanks to @banterash, we were informed that  malware code is allegedly in the programs and is stealing… Read more →

Justin Bieber Hacked

Justin Bieber Twitter Account Was Hacked

Twitter accounts get hacked every single day, but they don’t usually have over 50 million followers, so when tweets started popping up that Justin Bieber was hacked, well, we had to investigate.  While the hacked tweets from his account were removed in a matter of minutes a fan was nice enough to share a screenshot of the tweets that were… Read more →