Feed aggregator

Officials from the Republic of Korea are saying North Korea’s military intelligence agency was responsible for the mid-March malware attacks that knocked several prominent South Korean banks and broadcasters offline, according to a Dow Jones Newswire report.

read more

Microsoft reportedly will implement two-factor authentication on users’ accounts at some point down the line, according to reports this week.

read more

Attackers targeting Tibetan freedom supporters aren’t holding back when it comes to using all avenues to infect activists with malware. In a relatively short amount of time, we’ve seen Tibetan nationals in China and in exile around the world targeted with spear phishing campaigns, watering hole attacks, hacks against Android mobile devices and now the latest vector: social media sites.

read more

The streaming video service Vudu on Tuesday began resetting its customers' passwords after thieves broke into the company's Santa Clara, Calif. headquarters and stole a number of items, including hard drives holding customer data.

read more

Mozilla has pushed out the second beta version of its Persona authentication system . The move is the latest step in the company’s campaign to rid the Web of passwords and make it easier for consumers to log on to sites regardless of the browser they’re using.

read more

UPDATE - In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago.

read more

Adobe published its monthly security bulletins today, pushing out updates that address issues in the company’s ColdFusion platform as well as its Flash and Shockwave Players.

The first bulletin provides a hotfix for Adobe’s ColdFusion platform, resolving anonymously reported flaws that could allow attackers to impersonate authenticated users or gain unauthorized access to the ColdFusion administrator console in versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX.

read more

Microsoft released two Bulletins this month patching 3 critical vulnerabilities. Along with these immediate issues, they released five other rated "Important". It appears that the two Bulletins address use-after-free vulnerabilities that can all be attacked through Internet Explorer.

A researcher looking for a way to jailbreak locked down Motorola Android devices found a loophole in hardware-embedded security system to do just that.

read more

The United States government for years has been developing and deploying offensive cyber capabilities, most of it done without much in the way of public notice.  That's been changing of late, as government and military officials have become more open in discussing these capabilities and under what circumstances they might be used. Now, the U.S. Air Force has said that it has classified six unnamed tools as weapons, mainly as a way to improve the chances of those tools receiving the funding they need.

read more

Updated 4/10/13: The U.S. House Intelligence Committee voted 18-2 for the new version of CISPA, with the two dissents coming from Democrat members of the committee.

read more

A cross-site scripting (XSS) vulnerability exists in the browser version of AirDroid, a cloud management application for Google’s Android phones. According to an alert from the US-Computer Emergency Readiness Team (US-CERT), at the current time, there is no patch planned and there is no logical workaround.

read more

Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it’s everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they’re buggy and they’re everywhere.

read more

Podcast and Downloads 03_paul_judge.mp3

Dennis Fisher talks with Paul Judge, the CTO of Barracuda Labs, about his roots in the security industry, his near-miss with organic chemistry, the start-up and security community in Atlanta and what his next venture might be.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.

read more

The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report.

read more

Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan.

read more

Document-sharing website Scribd announced this week it was hacked, the victim of what it’s calling a “deliberate attempt to access the email addresses and passwords of registered Scribd users.”

read more

Bitcoin may still be a virtual unknown quantity for most people, but the digital currency has not escaped the notice of attackers, many of whom are turning their attention to finding ways to use the system for their own gains. The attacks against Bitcoin exchange Mt. Gox and hack of Instawallet this week are the latest evidence, but now there is a piece of malware in circulation that is using Skype as a spreading mechanism and then using infected machines' processing power to mine Bitcoins.

read more

Cybercriminals mine Bitcoins via abusing CPU of the victims by infecting users via Skype