News & Features
Versions 1.7.5 and 2.5.1 of the open source content management system close two information disclosure vulnerabilities; the update to Joomla! 2.5.x also fixes 30 bugs found in the prevoius release
more »
Some TRENDnet IP cameras permit anyone to view the rooms being monitored by the camera, whether or not an access password has been created. Lists of openly accessible camera streams are circulating
more »
Anti-virus software, backups, updates, an alternative browser and a healthy level of mistrust are the main components of the German Federal Office of Information Security's (BSI's) PC security concept
more »
In the last seven days: a critical hole in PHP was closed, Ubuntu 12.04 Alpha 2 arrived and there was controversy around a Busybox alternative. Also Debian 7.0 will use the 3.2 kernel, VLC 2.0 gets ready to bloom and Wayland 1.0 approaches
more »
Google has disclosed that it has, for the last year, been using a system called Bouncer to scan the Android Market for malware and says there was a 40% decline in downloads of malicious software in 2011
more »
The lure was a well-made invitation to a prestigious conference which then injected spyware into employee's computers
more »
In late 2011, the US corporation notified the authorities of several intrusions into its IT systems in 2010. However, no important information is believed to have been stolen
more »
Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques
more »
Android applications running on some HTC smartphones can access the passwords of the Wi-Fi networks they are connected to and potentially send that information to third parties. HTC has release updates for the affected devices
more »
The company has released Mac OS X 10.7.3 and, for users who have yet to upgrade from 10.6.8 to Lion, Security Update 2012-001. The updates address more than 50 security vulnerabilities that could be exploited to, for example, remotely execute arbitrary code
more »
Mozilla has detailed the security fixes included in the recent updates to its Firefox web browser, Thunderbird email client and SeaMonkey suite. Version 10.0 of Firefox, for example, closes 8 holes, 5 of which are rated as critical
more »
At a conference, Kristin Paget demonstrated how easily RFID-enabled credit cards can be used to make a payment without requiring any card owner interaction
more »
Post the Carrier IQ controversy, a legislative initiative aims to give US mobile phone users more control over their data. In future, users would have to explicitly consent to the installation of information-collecting software
more »
The addition of a debug option to the widely used sudo command introduced a flaw which could allow an attacker to gain root privileges by using a symbolic link to change the name of the command
more »
What Symantec calls malware is really applications participating in an aggressive ad network says Lookout security
more »
The new technology for signing Git pull requests is an indirect consequence of the break-in at kernel.org.
more »
MIDI music on web pages is providing the soundtrack to malware exploiting a vulnerability in Windows multimedia to install a rootkit
more »
A small memory leak on every connection to the Samba file sharing daemon could be exploited to create a denial of service. A patch and an update have been released
more »
Symantec warns that 13 Android apps are infected with malware that accesses data on smartphones and tablets and changes the start page in the browser
more »
In the last seven days: Linux 3.3 goes into testing, Ubuntu 12.04 gets a new HUD and a Linux root exploit surfaced. Also KDE 4.8 and a stable release of Cinnamon arrived, jSlate was open sourced and the 6502 microprocessor relaunched
more »
Attackers can remotely execute code with system privileges as a result of a known bug in Telnet daemon telnetd
more »
Version 0.10 of FFmpeg adds several new encoders and decoders, as well as new filters and tools. The latest stable release also closes 15 security holes
more »
The Microsoft Malware Protection Center has discovered a trojan downloader that only downloads and executes malicious code in the RAM, making it difficult to detect
more »
The security services provider recommends using the remote control software only if absolutely necessary
more »
The Apache Shiro application security framework is updated to give better password hashing and storage, more control over sessions and filters, and Guice and OSGi support
more »
Break-ins at domain registrar VeriSign in 2010 
