Feed aggregator

Appropriately enough for the start of the baseball season, Microsoft is going to go 4-for-4 and release another set of critical Internet Explorer patches on Tuesday, the fourth consecutive month in which serious vulnerabilities in the browser are being addressed in Microsoft’s Patch Tuesday monthly security updates.

read more

UPDATE Popular applications Skype and Dropbox fixed holes in their websites this week that could have allowed an attacker to gain control of users’ Facebook accounts. In what’s technically being referred to as an “open direct vulnerability,” both applications failed to validate sites before sending users and their access tokens to them.

read more

The maintainers of the PostgreSQL database software have patched a security vulnerability, which, in some very limited circumstances, could be used to run arbitrary code on vulnerable servers. The vulnerability, which affects versions 9.0, 9.1 and 9.2, also can be used to cause a denial-of-service by any remote attacker.

read more

As with any asset of monetary value, once said asset reaches a noteworthy level, cybercriminals’ interest is going to pique. Such is the current situation with virtual currency Bitcoin, which hit a high of $142 yesterday and the value of all Bitcoins in circulation has soared to more than $1 billion.

read more

A report released Wednesday indicates an organization on average experiences a malware-related event every three minutes, often involving business-related spear phishing and targeting technology companies.

read more

Security-related policy or legislation is enacted and then enforced to protect corporate, government or military interests. Civil organizations are often left flailing in the wind, fending for themselves with fewer IT resources and experience than a Middle America mom-and-pop operation. Yet these non-governmental—and not-for-profit—organizations have tasked themselves with helping those targeted by lethal adversaries who aren’t just after corporate secrets, but are out to deny people their freedom or, in some cases, their lives.

read more

Nearly a year since the Flashback Trojan surfaced and ultimately infected more than 600,000 Apple OS X computers, the author of the malware may haven been discovered.

read more

Hackers compromised the forum and game database of the massively multiplayer online game, The War Z, forcing the game’s producer OP Productions to temporarily take the game and its forum offline.

read more

California, which set the standard for data breach notifications nationwide, is again seeking to set a precedent by becoming the first state in the nation to require companies upon request disclose to California consumers the data they've collected and to whom it was shared during the past year. They would be required to respond within 30 days and provide the report for free.

read more

Mozilla has added a new privacy feature to Firefox that enables users to begin a new private browsing session in a separate tab while still running a normal session in other tabs. Firefox 20 also includes patches for 11 critical security vulnerabilities.

The new version of Firefox expands the capabilities of the private browsing function in the browser, a feature that allows users to browse without any cookies, logs or any other data retention.

read more

Much like malware that was discovered last year, a new Trojan has been reported that relies on detecting mouse clicks to evade sandbox analysis. BaneChant masquerades as a Word document and incorporates advanced evasion techniques making it stealthier than its predecessor.

read more

Tibetan activists in China as well as those living in exile around the world are being targeted by dangerous malware that not only steals data from infected computers, but also has graduated to reporting location data from mobile devices for surveillance purposes.

read more

The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took the Army CIO to task in a new report, saying that the CIO "did not implement an effective cybersecurity program for [commercial mobile devices]".

read more

A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week.

read more

The call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.

read more

Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company's top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of serious privacy scandals and controversies.

read more

It’s the ultimate what-if scenario: What if an attacker could own all the customer premises equipment (CPE) doled out by ISPs such as routers and modems? Would it be trivial with available scanning equipment and other tools to find vulnerable gear, and then modify and re-upload the firmware to be able do anything such as control Web traffic, launch DDoS attacks, or even disconnect large blocks of machines from the Internet?

read more