Microsoft reportedly will implement two-factor authentication on users’ accounts at some point down the line, according to reports this week.
Attackers targeting Tibetan freedom supporters aren’t holding back when it comes to using all avenues to infect activists with malware. In a relatively short amount of time, we’ve seen Tibetan nationals in China and in exile around the world targeted with spear phishing campaigns, watering hole attacks, hacks against Android mobile devices and now the latest vector: social media sites.
The streaming video service Vudu on Tuesday began resetting its customers' passwords after thieves broke into the company's Santa Clara, Calif. headquarters and stole a number of items, including hard drives holding customer data.
Mozilla has pushed out the second beta version of its Persona authentication system . The move is the latest step in the company’s campaign to rid the Web of passwords and make it easier for consumers to log on to sites regardless of the browser they’re using.
UPDATE - In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago.
Adobe published its monthly security bulletins today, pushing out updates that address issues in the company’s ColdFusion platform as well as its Flash and Shockwave Players.
The first bulletin provides a hotfix for Adobe’s ColdFusion platform, resolving anonymously reported flaws that could allow attackers to impersonate authenticated users or gain unauthorized access to the ColdFusion administrator console in versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX.
A researcher looking for a way to jailbreak locked down Motorola Android devices found a loophole in hardware-embedded security system to do just that.
The United States government for years has been developing and deploying offensive cyber capabilities, most of it done without much in the way of public notice. That's been changing of late, as government and military officials have become more open in discussing these capabilities and under what circumstances they might be used. Now, the U.S. Air Force has said that it has classified six unnamed tools as weapons, mainly as a way to improve the chances of those tools receiving the funding they need.
Updated 4/10/13: The U.S. House Intelligence Committee voted 18-2 for the new version of CISPA, with the two dissents coming from Democrat members of the committee.
A cross-site scripting (XSS) vulnerability exists in the browser version of AirDroid, a cloud management application for Google’s Android phones. According to an alert from the US-Computer Emergency Readiness Team (US-CERT), at the current time, there is no patch planned and there is no logical workaround.
Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it’s everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they’re buggy and they’re everywhere.
Dennis Fisher talks with Paul Judge, the CTO of Barracuda Labs, about his roots in the security industry, his near-miss with organic chemistry, the start-up and security community in Atlanta and what his next venture might be.
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.
Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan.
Document-sharing website Scribd announced this week it was hacked, the victim of what it’s calling a “deliberate attempt to access the email addresses and passwords of registered Scribd users.”
Bitcoin may still be a virtual unknown quantity for most people, but the digital currency has not escaped the notice of attackers, many of whom are turning their attention to finding ways to use the system for their own gains. The attacks against Bitcoin exchange Mt. Gox and hack of Instawallet this week are the latest evidence, but now there is a piece of malware in circulation that is using Skype as a spreading mechanism and then using infected machines' processing power to mine Bitcoins.