ZSecure, a security consulting company which made a few ripples last year when it announced vulnerabilities detected on HDFC's website, has made a similar discovery, this time with payback.in. Payback is a firm providing loyalty (reward points) programs for customers, in partnership with a number of well known brands.

A Swedish security consultant, Dan Egerstad, has released the passwords of over a 100 e-mail accounts belonging to embassies worldwide including those of India.

Zone-H reports on the latest in a string of recent defacements of Microsoft sites. A Portuguese group who call themselves "Outlaw Group" yesterday defaced www.microsoft.com/mspress/uk/. The site has been unavailable until recently. The full report can be read here.

Computer Weekly reports that Cisco have announced yet another flaw in their software.. This follows a bunch of vulnerabilities detected last month in their router and switch IOS software.

A default user name and password combination were written, or "hard coded", into the software which runs on both devices and cannot be disabled. A malicious user who had the password would have complete control of the affected device, which could be used as a platform for further attacks, Cisco warned.

This must be the millionth "preset username and password" flaw reported in a networking device; albeit this time it's hard-coded :S Patches are available..