Feed aggregator

In late February, Facebook forged a partnership with four of its most prolific data brokers in order to more accurately target users with relevant advertisements.

read more

Two bills introduced in Texas this week could refine mobile privacy in the state and tweak how law enforcement can request sensitive information from cell phones going forward.

read more

This is the topic that cybercriminals are speculating about and using as a hook to infect victims. The campaign is based on the Blackhole v2.0

Dennis Fisher talks with Adrian Stone, the head of security response at BlackBerry, about the new security model in BlackBerry 10, the partition between private and work data and the challenges of dealing with app developers who might not know a whole lot about security or privacy.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.

read more

VANCOUVER--When Facebook announced last month that its corporate infrastructure had been compromised through a watering-hole attack against several of its employees, it was major news, both because of the attack itself and because the company had come out and owned up to it. The interesting thing, however, is that this was not the first major problem that the Facebook incident response team had handled. In fact it was the third one in less than a year. 

read more

VANCOUVER--Finding and exploiting new vulnerabilities in the major browsers has become a difficult exercise for security researchers, thanks to the exploit mitigations, sandboxes and other protections that Microsoft, Google and Mozilla have added in the last few years. The same has become true of Adobe Flash, but difficult is not the same as impossible, as the contestants at the Pwn2Own contest here have shown.

read more

Software giant Microsoft plans to ship seven bulletins in the March 2013 edition of Patch Tuesday. Four of the bulletins are receiving high-severity, critical ratings.

Three of the four critically rated bulletins that affect Microsoft Windows, Internet Explorer, Silverlight, Office, and Server Software could lead to remote code execution while the final critically rated bulletin could allow for privilege elevations.

read more

No real surprise that F-Secure’s fourth quarter threat report further accentuated the all-but-definite-reality that there is a direct correlation between a platform’s market share and the volume of threats targeting it.

read more

The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning.

read more

VANCOUVER--The Pwn2Own contest has evolved in many ways over the years, from new rules to new targets to larger prizes, but perhaps the one thing that has  changed the most is that the researchers who show up here every year hoping to go home with a bag full of money are having to spend more and more time finding and exploiting vulnerabilities in the browsers and plug-ins in play. The research team at VUPEN, which successfully compromised Internet Explorer 10 on Windows 8 spent several months finding the flaws they used and writing the expoits.

read more

The professional networking site LinkedIn won a class-action lawsuit before it even went to trial after a judge this week dismissed claims from two premium users who maintained the company failed to provide the level of data security outlined in its privacy policy.

read more

VANCOUVER--When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously change-resistant and slow as the Department of Defense. As it turns out, the Cyber Fast Track program he started has been a huge success and though the CFT is ending in less than a month, the program may well serve as a model for other agile research programs inside the U.S. government. 

read more

On the one year anniversary of Google Play comes news that a new botkit is making the rounds that leverages actual verified accounts from that marketplace to trick users into downloading phony banking applications.

read more

A number of U.S. banks are dealing with online service disruptions as hacktivists reportedly have launched another round of distributed denial of service (DDoS) attacks against financial institutions.

read more

Researchers at Seculert have discovered a link between spear phishing campaigns targeting Japanese and Chinese journalists, post-Mandiant’s APT1 report, and domains connected to the Aurora attacks on Google and the Shady RAT campaign.

read more

Facebook users are sharing less information publicly, yet continue to share countless bits of information with what one group of researchers has dubbed “silent listeners.”

read more

Google today revealed - if in vague terms - it last year received less than 1,000 "national Security letters" from federal authorities seeking financial and communications data on up to almost 2,000 individuals. The disclosure of such government requests marks a first for a major Internet service provider.

read more

Google raised the degree of difficulty for Pwn2Own and Pwnium hacking contestants by patching 10 vulnerabilities in its Web browser last night.

read more

A vulnerability in sudo – a program that manages user privileges on certain types of systems – could allow an unauthenticated user to execute commands for about five minutes, without entering a password.

read more

Oracle’s new security model for Java, in place since the release of Java 7 update 11, is under serious fire now that attackers have demonstrated in the wild how to bypass the updated controls with the help of social engineering.

read more