(China)
(Japan)
(Korea)Feed aggregator
Apple Begins to Blacklist Old Versions of Flash for Safari
Similar to what Mozilla did in its Firefox browser earlier this year, Apple has elected to block old, out-of-date versions of Adobe’s Flash Player product in Safari in hopes of getting users to update their systems.
Lock Screen Bypass Flaw Found in Samsung Androids
A vulnerability exists in Samsung devices running Android version 4.1.2 that could give unauthenticated users the ability to circumvent the screen lock and view the home screen, run apps, and reach out to contacts without successfully completing Android’s pattern lock, PIN, password or Face Unlock mechanisms.
Prompted by Oracle Rejection, Researcher Finds Five New Java Sandbox Vulnerabilities
Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn’t end well or the vendor in question—in this case Oracle. Polish security firm Security Explorations, noteworthy for its Java security research, said today it reported five new vulnerabilities in Java SE 7 to Oracle. If combined, researcher Adam Gowdiak said, they can be used to gain a complete bypass of the Java sandbox.
Evernote Compromised, But Says No User Data Affected
Evernote, the online service that enables users to store and sync all kinds of data across multiple devices, has become the latest major Web property to suffer a serious intrusion. The company said on Saturday that attackers had compromised some user information, including email addresses and hashed passwords.
Costin Raiu on the Intricacies of the miniDuke Malware Campaign
With Dennis Fisher out of pocket at the RSA Conference in San Francisco, Ryan Naraine hijacks the Digital Underground podcast and gets on the phone with Kaspersky Lab research guru Costin Raiu to talk about the intricacies of the miniDuke malware campaign.
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.
Dropbox Users Reporting More Spam Following Last Summer’s Breach
It appears the breach of cloud-based storage service Dropbox last year has spurned another wave of spam over the last week or so. Users began posting complaints on the service’s Bugs and Troubleshooting forum yesterday claiming that their Dropbox-specific accounts started receiving spam again last weekend.
The Java Zero-Day Procession Continues
After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found yet another zero-day vulnerability in Oracle’s thoroughly troubled Java platform.
China Publicly Claims to Be the Victim of U.S. Cyberattacks
On Thursday the Chinese government, long considered the aggressor in highly publicized U.S. cyberattacks, publicly spoke about being the victim. Two of its military Web sites were attacked an average of 144,000 per month and two-thirds of those strikes came from the United States, according to a ministry spokesman.
How Much Does A Botnet Cost?
The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations.
Analysis: Mobile Malware Evolution: Part 6
CPOs Challenged with Meeting Privacy Expectations and Maintaining Full User Experience
SAN FRANCISCO – People who interact with online services have mounting privacy expectations that run in parallel with their need for a full experience with the functionality central to those services. But can users have their privacy cake and eat it too?
Software Security Programs May Not Be Worth the Investment for Many Companies
SAN FRANCISCO--The discipline of software security has been gaining traction in a lot of organizations both large and small in recent years, thanks in part to the success that vendors such as Microsoft, Adobe and others have had with it. However, for many companies, the time and money spent on software security initiatives could be put to better use simply fixing flaws after products ship or are deployed, an expert said during a constructed debate.
Anti-Tibetan Attack Stems from Nvidia Abuse, Old RTF Vulnerability
A series of targeted attacks are continuing to bully a signed Nvidia application into dropping a backdoor that lets attackers root their way through the systems of Tibetan sympathizers.
MiniDuke Espionage Malware Hits Governments in Europe Using Adobe Exploits
New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.
Blog: The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
