In late February, Facebook forged a partnership with four of its most prolific data brokers in order to more accurately target users with relevant advertisements.
Two bills introduced in Texas this week could refine mobile privacy in the state and tweak how law enforcement can request sensitive information from cell phones going forward.
Dennis Fisher talks with Adrian Stone, the head of security response at BlackBerry, about the new security model in BlackBerry 10, the partition between private and work data and the challenges of dealing with app developers who might not know a whole lot about security or privacy.
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.
VANCOUVER--When Facebook announced last month that its corporate infrastructure had been compromised through a watering-hole attack against several of its employees, it was major news, both because of the attack itself and because the company had come out and owned up to it. The interesting thing, however, is that this was not the first major problem that the Facebook incident response team had handled. In fact it was the third one in less than a year.
VANCOUVER--Finding and exploiting new vulnerabilities in the major browsers has become a difficult exercise for security researchers, thanks to the exploit mitigations, sandboxes and other protections that Microsoft, Google and Mozilla have added in the last few years. The same has become true of Adobe Flash, but difficult is not the same as impossible, as the contestants at the Pwn2Own contest here have shown.
Three of the four critically rated bulletins that affect Microsoft Windows, Internet Explorer, Silverlight, Office, and Server Software could lead to remote code execution while the final critically rated bulletin could allow for privilege elevations.
VANCOUVER--The Pwn2Own contest has evolved in many ways over the years, from new rules to new targets to larger prizes, but perhaps the one thing that has changed the most is that the researchers who show up here every year hoping to go home with a bag full of money are having to spend more and more time finding and exploiting vulnerabilities in the browsers and plug-ins in play. The research team at VUPEN, which successfully compromised Internet Explorer 10 on Windows 8 spent several months finding the flaws they used and writing the expoits.
VANCOUVER--When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously change-resistant and slow as the Department of Defense. As it turns out, the Cyber Fast Track program he started has been a huge success and though the CFT is ending in less than a month, the program may well serve as a model for other agile research programs inside the U.S. government.
On the one year anniversary of Google Play comes news that a new botkit is making the rounds that leverages actual verified accounts from that marketplace to trick users into downloading phony banking applications.
A number of U.S. banks are dealing with online service disruptions as hacktivists reportedly have launched another round of distributed denial of service (DDoS) attacks against financial institutions.
Researchers at Seculert have discovered a link between spear phishing campaigns targeting Japanese and Chinese journalists, post-Mandiant’s APT1 report, and domains connected to the Aurora attacks on Google and the Shady RAT campaign.
Facebook users are sharing less information publicly, yet continue to share countless bits of information with what one group of researchers has dubbed “silent listeners.”
Google today revealed - if in vague terms - it last year received less than 1,000 "national Security letters" from federal authorities seeking financial and communications data on up to almost 2,000 individuals. The disclosure of such government requests marks a first for a major Internet service provider.
A vulnerability in sudo – a program that manages user privileges on certain types of systems – could allow an unauthenticated user to execute commands for about five minutes, without entering a password.
Oracle’s new security model for Java, in place since the release of Java 7 update 11, is under serious fire now that attackers have demonstrated in the wild how to bypass the updated controls with the help of social engineering.