A recently identified backdoor in hardware sold by security company Fortinet has been found in several new products, many that were running current software, the company warned this week. The undocumented account with a hard-coded password came to light last week when attack code exploiting the backdoor was posted online.
In December of 2015 a critical vulnerability has been found in one of PayPal business websites (manager.paypal.com) that allowed to execute arbitrary shell commands on PayPal web servers via unsafe JAVA object deserialization and get access to production databases. The bug was immediately reported to PayPal security team and it was quickly fixed after that.
“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users,” Microsoft’s Skype team wrote in a blog post about the latest version, v. 184.108.40.206 for most users. “This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address.”
The stored cross-site scripting (XSS) bug is present in virtually all versions of Magento Community Edition and Enterprise Edition prior to 220.127.116.11 and 18.104.22.168, respectively, according to researchers from Sucuri, the website security firm that discovered and privately reported the vulnerability.
It turns out the privacy benefits Apple likes to talk about (and the FBI likes to complain about) basically disappear when iCloud Backup is enabled. Your messages, photos and whatnot are still protected while on your device and encrypted end-to-end while in transit. But you're also telling your device to CC Apple on everything. Those copies are encrypted on iCloud using a key controlled by Apple, not you, allowing the company (and thus anyone who gets access to your account) to see their content