Facebook sponsored posts selling access to hacked PayPal accounts

Have you ever been curious just how much vetting Facebook does before it accepts cash for an ad or a sponsored post?

Judging by what’s popping up in some users’ newsfeeds, the answer is not that much.

1 min read

PayPal’s 2FA proves too easy to bypass

A worrying failure in how PayPal had implemented its two-factor authentication security feature has been uncovered.

52 sec read

Think hovering your mouse over the URL will save you? Think again!

Phishers are using a malicious JavaScript redirect to steal PayPal credentials from unsuspecting computer users.

David Bisson reports.

1 min read

How to protect your PayPal account with two-step verification (2SV)

David Bisson explains how you can protect your PayPal account from hackers with two-step verification.

2 min read

Fake Facebook ‘Security System Page’ scams want your payment card details

Warn your friends not to be fooled by this and other scams spreading on Facebook.

David Bisson reports.

1 min read

PayPal is making it too easy for the zero dollar invoice spammers

Security researcher Troy Hunt has uncovered a new form of PayPal spam: zero dollar invoices that evades the company’s filters and fails to trigger the typical characteristics of a suspicious email.

David Bisson reports.

1 min read

PayPal XSS flaw could have let hackers steal your unencrypted credit card details

A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.

Read more in my article on the Lumension State of Security blog.

0 sec read

PayPal left red-faced after more security holes found in two factor authentication

Researchers have publicly disclosed new methods to bypass what should have been a strong additional layer of protection for PayPal accounts.

2 min read

How to bypass PayPal two factor authentication

One of PayPal’s primary mechanisms to protect accounts from being hacked may have been fundamentally flawed for years.

1 min read

Taboola confirms security breach, and has its PayPal account pwned

This weekend, visitors to news articles on the Reuters website found themselves redirected to a page belonging to the Syrian Electronic Army hacking group.

Now Taboola has put its hands up, and said that it was its widget which got hacked.

1 min read

You won’t see any mention on its homepage, but shoe retailer Office has been hacked

UK shoe retailer Office has sent its customers an email, explaining that it has suffered a serious security breach.

It hasn’t seen fit to mention it on its homepage though…

49 sec read

It took eBay a *long* time to tell me to change my password

It took eBay a full 5 days, 5 hours, and 10 minutes before it managed to email me about its security breach, and suggested I change my password.

Fortunately I wasn’t waiting for their advice.

1 min read

eBay password hack proves the danger of the human factor

The moral of today’s story is to review your password practices, change your eBay password, and don’t forget the human factor when considering how to better defend your organisation.

1 min read

eBay confirms security breach. Users asked to change passwords

Yes, you *should* change your eBay password.

Auction site confirms that hackers compromised an eBay database containing encrypted eBay passwords and other non-financial information.

1 min read

Should you change your eBay password?

Mystery surrounds apparent advice posted on PayPal’s site saying that all eBay users should change their passwords.

Learn more now, after which you might decide it’s sensible to change your password…

1 min read

PayPal chief says his staff should remember their PayPal passwords. I say he’s wrong

A bigwig at PayPal says staff can clear off if they can’t remember their passwords.

But, I say he’s wrong. It’s a *good* thing if you can’t remember your passwords.

1 min read