News & Features
Thursday, 23 May 2013
Apple has released QuickTime 7.7.4, fixing 12 critical security holes causing memory corruption and buffer overflows when processing a number of media formats
more »
Wednesday, 22 May 2013
Chrome 27.0.1453.93 closes 17 security vulnerabilities for which Google has paid out almost $15,000. The newest version of the browser also improves page load speed for pages with many assets
more »
Unscrupulous profiteers are openly offering DDoS attacks as a service. They have no fear of being prosecuted - according to a reputable US blogger, the prosecutors themselves might be on board
more »
Available free of charge, the Clueful app exposes Android programs that don't take users' privacy seriously enough, for example by sending personal information to advertising networks
more »
The hacker attacks on Google in late 2009 may have had a greater impact than previously thought. The attackers reportedly had access to information on foreign agents collected by the US counterintelligence service
more »
Tuesday, 21 May 2013
Alerted by the levels of outgoing traffic, Yahoo Japan believes that 22 million user IDs were leaked from their systems but it is confident that no password or other verification data was involved in the exfiltration
more »
Back in February, a report by cybersecurity firm Mandiant exposed a Chinese military unit that targeted companies and media in the US. When the New York Times ran a feature on the APT1 group, things went quiet around the group. Now, APT1 has resumed operation
more »
The latest version of the live Debian Linux distribution for anonymity and privacy especially in repressive environments is now available with on the fly package updating and support for the latest obfuscation bridges
more »
Monday, 20 May 2013
Among the enhancements in NetBSD 6.1 is support for the Raspberry Pi's USB and onboard Ethernet, along with security and bug fixes. The same fixes are also in the newly released 6.0.2
more »
A convenient online search facility is now available for the enormous amount of data that was accumulated during a port scan of the entire internet
more »
Saturday, 18 May 2013
In the week ending 18 May Microsoft is reading what you type in Skype's chat, an exploit for the Linux kernel is discovered, Google unveils its new IDE for developing Android applications, and the International Space Station is using more Linux
more »
Friday, 17 May 2013
On The H's radar over the last seven days: Samsung's Smart TV software, phone scammers with their own hotline, tricking malware with Vaccination, Qualcomm is pre-installing Kaspersky on Android phones and Twitter account security
more »
A newly found item of Mac malware appears to have been signed by its creator but is apparently unable to deliver its cache of screenshots to the two command and control servers it is meant to connect to
more »
The ownCloud developers have released versions 5.0.6, 4.0.15, and 4.5.11 to fix a number of serious vulnerabilities in their software including SQL injection, code execution and privilege escalation problems
more »
Thursday, 16 May 2013
Four hackers from the infamous group LulzSec were sentenced in the UK today. Three of them are facing prison, while the fourth got a suspended sentence
more »
What is someone scanning the internet for easily accessible industrial plants actually up to? The SCADA honeypot Conpot can help supply answers to that question
more »
The zPanel server is unavailable at the moment, most likely as a result of a hacker attack brought on by a member of the support team who swore at a forum user
more »
At the meeting of the RIPE IP address registry, discussions revolved around how to get black sheep to implement overdue security measures
more »
To avoid the need to develop new fuzz testing tools, researchers at Fraunhofer FOKUS institute have created the Fuzzino open source fuzzing library that can be used to add fuzzing features to existing test tools
more »
Wednesday, 15 May 2013
A bug that was fixed in the development branch of the kernel back in April was not identified as being security relevant and can therefore still be exploited on many systems
more »
The magazine's anonymous drop site is based on DeadDrop, developed by the late Aaron Swartz. Anonymity is in part ensured by only accepting connections via the Tor project's network
more »
Critical holes are also closed in Mozilla's Firefox ESR, Thunderbird and Thunderbird ESR, along with fixes for high severity issues; one of the high severity issues is a local privilege escalation through Mozilla's Maintenance Service
more »
With an increase in security updates and a need to schedule non-security changes predictably, Oracle has decided to rework how Java updates get a version number
more »
The company has fixed a critical hole in Internet Explorer that is already being exploited by attackers, and patched vulnerabilities in all versions of Windows, in Office, in Windows Essentials, and in other components
more »
Adobe's May Patch Tuesday brings a flurry of security updates that close various critical security holes. Administrators who manage ColdFusion servers should act immediately; the remaining updates should also be installed as soon as possible
more »