According to THN, an independent security professional has discovered a malicious Pinterest plugin.
[WARNING] Malicious Pinterest Plugin Steals Passwords
Category: Online Safety
Antivirus Alone Isn’t Enough
Securing consignment systems involves more than just installing free antivirus software and hoping all goes well.
PCI DSS Requirements Pt. 1 | Build and Maintain a Secure Network
Twitter Adds Two-Factor Authentication
Why Connecting to a VPS via Remote Desktop Violates the PCI DSS
If you connect to a “cloud” VPS using Remote Desktop without TLS or SSL and you swipe (or type) credit card numbers from your computer ‘up’ to software running on your VPS, your business is in violation of the PCI DSS [PDF].
0-day Windows Kernel Vulnerability
ConsignPro Cloud, ConsignmentTill Cloud, Liberty Cloud, Anything Cloud
The “cloud” service for Liberty is actually something you can do with any of the consignment software programs.
Stunnel Vulnerability | Remove or Patch Immediately
Stunnel, an application that provides secure ‘tunneling’ for commonly used, insecure protocols (e.g. SMTP, POP3, etc.) has issued a security bulletin.
Days Since Last Known Java 0-day Exploit
A handy website to let you know how many days its been since the last-known Java 0-day exploit.
Evernote Hacked, Change Your Password Immediately
Heads-up, Evernote users. Evernote is reporting they have been hacked and have issued a Security Notice. As a safety measure, they have initiated password resets for all accounts. Evernote has stated that no user content appears to have been compromised.
I know it’s a very common thing for people to use the same password and email address across multiple sites. Do not do that. Think about it, if your Evernote account was compromised and your email + password were the same for Gmail, Amazon, eBay, iTunes, etc. you would risk losing access to everything and even incurring some real expenses or data loss.
Stay safe and if you have any questions or comments, feel free to post below!