Facebook sponsored posts selling access to hacked PayPal accounts

Have you ever been curious just how much vetting Facebook does before it accepts cash for an ad or a sponsored post?

Judging by what’s popping up in some users’ newsfeeds, the answer is not that much.

PayPal’s 2FA proves too easy to bypass

A worrying failure in how PayPal had implemented its two-factor authentication security feature has been uncovered.

Think hovering your mouse over the URL will save you? Think again!

Phishers are using a malicious JavaScript redirect to steal PayPal credentials from unsuspecting computer users.

David Bisson reports.

How to protect your PayPal account with two-step verification (2SV)

David Bisson explains how you can protect your PayPal account from hackers with two-step verification.

Fake Facebook ‘Security System Page’ scams want your payment card details

Warn your friends not to be fooled by this and other scams spreading on Facebook.

David Bisson reports.

PayPal is making it too easy for the zero dollar invoice spammers

Security researcher Troy Hunt has uncovered a new form of PayPal spam: zero dollar invoices that evades the company’s filters and fails to trigger the typical characteristics of a suspicious email.

David Bisson reports.

PayPal XSS flaw could have let hackers steal your unencrypted credit card details

A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.

Read more in my article on the Lumension State of Security blog.

PayPal left red-faced after more security holes found in two factor authentication

Researchers have publicly disclosed new methods to bypass what should have been a strong additional layer of protection for PayPal accounts.

How to bypass PayPal two factor authentication

One of PayPal’s primary mechanisms to protect accounts from being hacked may have been fundamentally flawed for years.

Taboola confirms security breach, and has its PayPal account pwned

This weekend, visitors to news articles on the Reuters website found themselves redirected to a page belonging to the Syrian Electronic Army hacking group.

Now Taboola has put its hands up, and said that it was its widget which got hacked.

You won’t see any mention on its homepage, but shoe retailer Office has been hacked

UK shoe retailer Office has sent its customers an email, explaining that it has suffered a serious security breach.

It hasn’t seen fit to mention it on its homepage though…

It took eBay a *long* time to tell me to change my password

It took eBay a full 5 days, 5 hours, and 10 minutes before it managed to email me about its security breach, and suggested I change my password.

Fortunately I wasn’t waiting for their advice.

eBay password hack proves the danger of the human factor

The moral of today’s story is to review your password practices, change your eBay password, and don’t forget the human factor when considering how to better defend your organisation.

eBay confirms security breach. Users asked to change passwords

Yes, you *should* change your eBay password.

Auction site confirms that hackers compromised an eBay database containing encrypted eBay passwords and other non-financial information.

Should you change your eBay password?

Mystery surrounds apparent advice posted on PayPal’s site saying that all eBay users should change their passwords.

Learn more now, after which you might decide it’s sensible to change your password…

PayPal chief says his staff should remember their PayPal passwords. I say he’s wrong

A bigwig at PayPal says staff can clear off if they can’t remember their passwords.

But, I say he’s wrong. It’s a *good* thing if you can’t remember your passwords.