PayPal patched a hole in its Manager functionality this week that could have made it easy for an attacker to hijack an admin’s account, change their password and steal their personal information -- not to mention their savings.
The EFF's annual Who Has Your Back? report praises Apple and Yahoo for its gains in transparency and fighting for users' privacy and civil liberties, while it singles out Snapchat for its shortcomings.
Industrial control systems manufacturers are continuing to discover and provide fixes for the OpenSSL Heartbleed vulnerability.
Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities. The company also released a patch for iTunes that fixes a […]
Al Qaeda's choice to develop homegrown encryption, experts say, likely gives U.S. intelligence efforts a leg up against the terrorist organization.
The IETF released RFC7258 which defines pervasive monitoring of Internet traffic and surveillance of online activity as an attack to be mitigated in all future IETF protocols.
A critical security vulnerability that existed in the Linux kernel for five years has now been fixed, but could cause system crashes, code execution, and privilege escalation.
Malicious campaign targeting tax payers from Colombia accusing them of tax fraud and stealing they passwords and money.
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the […]
Google resolved three highly rated security vulnerabilities in Chrome. US-CERT warns an attacker could exploit these bugs to take control of affected systems.
The peer-to-peer version of Zeus was especially busy in the first quarter with infections reported by banks in 10 countries that previously had eluded Zeus’ reach.
Microsoft issued advisories informing users they can now disable RC4 in .NET, in addition to additional credential protection for Windows and that it had revoked digital signatures for four UEFI modules.
The NSF is awarding $15 million worth of grants to researchers who can implement new Internet architectures that move toward a more robust and secure Internet.
Patches are available for buffer overflow bugs in Yokogawa production control software. Public exploits are available for the vulnerabilities, as well as a Metasploit module.
Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate certificates. The company made the policy change last year, […]
Microsoft pushed its largest batch of Patch Tuesday updates so far this year today - eight bulletins, two critical – addressing important 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework.