The critical security vulnerability in OpenSSL known commonly as “Heartbleed” continues to raise alarms, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users.
It’s one thing to have a security hole that relies upon users visiting an infected website, or opening a dodgy attachment – but it’s quite a different level of threat when simply *previewing* a message in your email client infects your computer.
If computers continue to run Windows XP, and don’t receive any more security patches. they are not just putting themselves and the data they carry at risk, they are endangering all of us who use the internet.
Microsoft releases a fix for a zero-day vulnerability that has already been exploited by hackers in targeted attacks against some organisations. Don’t delay!
Belkin’s WeMo home automation systems contain multiple vulnerabilities which could allow attackers to remotely control devices attached to a WeMo system – for instance, blacking out lighting in a home, or even starting fires, researchers have claimed.
If your system administrator looks a little frazzled this week, be nice to him or her and don’t grumble too much about the photocopier being jammed. It may be that they have more serious issues on their mind.
Hackers have published what they claim is a database of 4.6 million Snapchat users, with phone numbers matched to usernames, which is searchable online now. The hack could be a huge blow to the ‘discreet’ photo-message service.
Two researchers have demonstrated an attack that could alter and steal data direct from MicroSD cards, using tiny microcontrollers on the cards themselves. The attack could be used to copy or steal data – and even modify sensitive data such as encryption keys.
Finding vulnerabilities can be a profitable business – even if you work for the right side of the law. Last month, Facebook paid out $12,500 to a researcher for finding a bug – this month, Yahoo! paid out … $12.50.
“Bug bounties” paid out for finding and reporting bugs and vulnerabilities are a cheap and effective way for companies to bolster their security, an independent study by UC Berkeley researchers has found.
China and the U.S. have agreed to work together on cyber security, with the two countries setting up a working group to deal with the issue, U.S Secretary of State John Kerry said on Saturday in Beijing.
Representative Mike Rogers, Chairman of the Permanent Select Committee on Intelligence, said that Congress needs to act quickly, in an interview with NBC this week. The websites of major U.S. banks have been offline for 249 hours in the past six weeks, due to a series of sustained cyber attacks by an unknown foreign group.
Adobe and Microsoft have both released patches this week to address vulnerabilities in respective software applications and advise all users to apply the patches as soon as possible, if applicable to them.
On Thursday, September 12, Duo Security, a young-but-respected vendor of two-factor authentication devices, announced the preliminary results of a study of over 20,000 Android devices from a two month old study they performed. Based on the results, they calculated that over half of Android devices on the market have security vulnerabilities that are, as yet,
Are you one of the 50 million users of Instagram, the photo-sharing service bought by Facebook in April for $1 billion? If so you need to look out for an Instagram update to fix a vulnerability that has just been published by Spanish security researcher Sebastián Guerrero. This vulnerability, which Guerrero has dubbed the "Friendship
Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one: The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on
Since yesterday’s Much Ado About Facebook post in the ESET Threat Blog, we have written additional articles, received a few comments, and also received updated information on the “threat,” so it seems that now is a good time for a follow-up article. Reports continue to come in of pornographic and violent imagery on Facebook, and
Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer
My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself
Added to the resources blog at http://blog.eset.com/2011/01/03/stuxnet-information-and-resources: Report of a Stuxnet-unrelated vulnerability in SCADA software A speculative cyberwar link Some links on Iranian post-Stuxnet "cybermilitia" recruitment. http://www.itworld.com/security/133469/iran-responds-stuxnet-expanding-cyberwar-militia http://blogs.forbes.com/jeffreycarr/2011/01/12/irans-paramilitary-militia-is-recruiting-hackers/?boxes=financechannelforbes David Harley CITP FBCS CISSP