News & Features
An error in the web interface of the LANDesk Management Gateway can be used by an attacker to create their own commands and pass them to the shell of the underlying system to be run with root privileges
more »
Adobe has taken the bull by the horns and officially apologised for not fixing a flaw in the Flash plug-in which has been known since 2008. The delay was said to be caused by internal procedural problems
more »
Novell is reporting a critical security vulnerability in NetStorage which can be exploited by a remote attacker to compromise a system. A patch is available to fix the vulnerability
more »
The European Network and Information Security Agency has published a report that warns of the risks and threats of using mobile social networking services and also provides a list of "17 golden rules for mobile social networks"
more »
The Chinese authorities have shut down what they describe as the biggest training website for hackers in China. Members are reported to have used their skills to obtain private access data for games and other entertainment website
more »
Two malware infected 'experimental' add-ons have been available on the Mozilla download site for a prolonged period
more »
A critical vulnerability in the WebLogic Server Node Manager has forced Oracle to release an unscheduled update outside of its normal quarterly patch cycle.
more »
This week, The H had the latest news on how, even without cookies, web browsers and users can be identified, the latest Linux kernel developments with the Kernel Log, yet another vulnerability in Microsoft's Internet Explorer web browser and
more »
Elcomsoft's iPhone Password Breaker promises to recover the passwords of protected iPhone backups. This is said to allow access to stored data such as addresses, SMS archives, apps, calendar items and photos
more »
A bug in Oracle's Java implementation allows users of database version 11gR2 to obtain arbitrary privileges
more »
The newly revealed vulnerability in Internet Explorer is not one of them, but the company will be fixing the recently discovered 17-year old privilege escalation vulnerability in its Virtual DOS Machine
more »
Too short for news, too good to lose; Lost+Found is a round up of useful security information: Analysis of an iPhone worm, threat lists, Windows rootkits, password japes and fish on bank websites
more »
Google will reportedly be working with the United States National Security Agency (NSA) to investigate and to fight against future incidents, following the recent massive cyber attacks originating in China
more »
The vulnerability allows a crafted website to access and read the content of arbitrary files on a PC
more »
Microsoft has released a new document designed to convince the global developer community that the Secure Development Lifecycle (SDL) also makes sense for small software forges
more »
The microblogging company suspects Twitter accounts have been misused as a result of password stealing on other websites
more »
Apache HTTP Server 1.3.42 has been released and is the last full update of the Apache 1.3 series of web servers. Users are recommended to look at upgrading to Apache 2.2
more »
Germany's emissions trading body and Federal Criminal Police Office have confirmed that hackers have used phishing emails to gain access to databases containing official information on individual companies' emissions permits. According to the Financial Times, the perpetrators transferred emissions rights to other accounts and then sold them on
more »
A new official web page created by the role-playing game operator alerts users to security holes and warns of gold sellers and levelling services
more »
Apple has released version 3.1.3 of its iPhone mobile operating system for all iPhone and iPod Touch devices to address a total of five vulnerabilities
more »
German vendor Securstar has been accused of having had a hand in supposedly independent tests of encryption solutions for mobile devices in which its product was one of the few to be classed as secure
more »
By taking over Hamburg-based company TC TrustCenter GmbH, PGP acquires the certification technology required for identification and authentication applications
more »
The Greater Manchester Police have disconnected themselves from the Police National Computer after an outbreak of the Conficker worm
more »
Specially crafted DNS packets can compromise the popular Squid web proxy/cache in such a way that it briefly fails to respond
more »
The developers have announced an unspecified vulnerability in versions from 1.5.0 up to and including 1.9.1. A workaround solves the problem
more »
Critical vulnerability in Novell's NetStorage
