News & Features
Attackers can remotely execute code with system privileges as a result of a known bug in Telnet daemon telnetd
more »
Version 0.10 of FFmpeg adds several new encoders and decoders, as well as new filters and tools. The latest stable release also closes 15 security holes
more »
The Microsoft Malware Protection Center has discovered a trojan downloader that only downloads and executes malicious code in the RAM, making it difficult to detect
more »
The Apache Shiro application security framework is updated to give better password hashing and storage, more control over sessions and filters, and Guice and OSGi support
more »
A memo from the US TSA says that, in December 2011, hackers disrupted the railway schedules of one unnamed railway operator in the Northwest
more »
An O2 user found that the mobile carrier was adding his phone number to the headers of HTTP requests he made over the 3G network. The problem appears to affect all users of O2, GiffGaff and Tesco Mobile but it isn't a new issue
more »
Security expert HD Moore scanned around 3% of all publicly accessible IP addresses looking for video conferencing systems and managed to monitor corporate board rooms, inmate-lawyer consultation areas and research facilities
more »
In support of Polish NGOs fighting Poland's plan to sign up to the ACTA anti-counterfeiting agreement, Anonymous has called on hacktivists in Poland to stop denial of service attacks on government sites
more »
Symantec has released fixes for a critical flaw in pcAnywhere that allows an attacker with access to a particular TCP port to remotely execute code on a system that has the remote login software installed
more »
Version 11.61 of the web browser corrects several issues found in the existing builds and addresses two security vulnerabilities, including one "high" severity cross-site scripting problem
more »
Twitter has acquired California-based security services provider Dasient. The company will provide Twitter with malware protection expertise and technology
more »
Version 2.5 of the open source CMS is a major release that adds support for Microsoft SQL Server, improves advanced search, and provides better update notifications for administrators; four security holes found in previous builds have been closed
more »
According to Microsoft, the alleged operator of the Kelihos botnet was employed by a firewall and anti-virus software company
more »
The Stable channel update addresses a total of four vulnerabilities, all of which are rated as "high severity". The developers also note that a critical hole was fixed in the previous release but was not documented
more »
Visa and MasterCard hope to use the technology, already well established in Europe, to stem the tide of skimming incidents in the US
more »
An apparently politically motivated hacker has published the access credentials of thousands of Arab Facebook users to the Pastebin anonymous text hosting service
more »
Hackers had paralysed several Polish government web sites, apparently as a protest against the official position on the ACTA anti-piracy treaty; a Polish branch of Anonymous has already claimed responsibility
more »
Exploits for root access are in circulation for Linux 2.6.39 and later after a fix was released for bad permission checking when writing to memory dumps
more »
A vulnerability in the Apache Struts 2 web framework for Java allows attackers to remotely execute commands; versions affected are from 2.0.0 to 2.3.1.1. A fix is now available.
more »
The US-based web hosting services provider and domain name registrar has confirmed that it "detected some unauthorized activity" on its servers in which an unknown party or parties may have gained access to customer passwords
more »
Mozilla's OpenID alternative, BrowserID, gets its first deployment on a number of Mozilla development sites and takes a "Rookie of the year" award
more »
A group of security specialists has published exploits for security vulnerabilities in components used by industrial control systems which could be used by an attacker to compromise or disrupt these systems
more »
In the last seven days: a security-enhanced version of Android from the NSA, developers fix a Linux network problem, OpenStreetMap vandalism, Android 4.0 for HP's TouchPad, extensions for GNOME 3 and the world of open source domotics
more »
Users clicking on a link sent over Twitter may find themselves unwittingly taking part in a DDoS attack on the US Department of Justice
more »
A tool to help security researchers analyse Windows Phone 7 apps has been released by Security Ninja and is capable of decompiling the .dll files within the apps .xap files
more »
Cisco Security Appliances at risk from Telnet bug
