News & Features
Seagate's BlackArmor NAS server is vulnerable to having its administrative password reset by anyone with access to it and a particular URL
more »
Using fake applications, fraudsters have used premium rate text services to pick Android users' pockets. The UK-based company which provides the phone numbers used will now have to reimburse all losses and will face a fine
more »
In the last seven days: Linux 3.4 released, Chrome browser passed milestone, this year's Perl 5.16.0 arrived, and Linux Mint 13 "Maya" was published. Also, Glyn Moody looked at monopolies and open source, and The H spoke to Scala creator Martin Odersky
more »
Two papers from University of Cambridge security researchers provide insights into the guessing of passwords and what is needed to replace passwords in the future
more »
The 27-year-old operator of the Bredolab botnet has been sentenced to four years in prison. At its peak, the botnet was estimated to have infected more than 30 million Windows PCs and was capable of infecting three million new PCs a month through infected emails
more »
Security researchers from North Carolina State University announced the launch of a new initiative – the Android Malware Genome Project – to find, collect and analyse Android malware and share it with researchers around the world
more »
According to a new report from McAfee, malware has seen significant increases across all platforms in recent months, especially on mobile where threats targeting Android have increased by 1,200 per cent compared to the last quarter
more »
Yahoo's launch of Axis, a new browser and extensions for desktop browsers, was marred when a blogger found that Yahoo had included its private certificate, used for signing the Chrome version of the extension, in the extension
more »
Google has patched several security holes in its Chrome browser. The update brings the browser's version up to 19.0.1084.52 and fixes two critical vulnerabilities, one of which was discovered by an external researcher
more »
A visit to Google will warn users who have been infected with the DNSChanger malware. Those who do nothing about the warning will most likely not be able to access the internet from 9 July
more »
Australian billing and services provider WHMCS was attacked using standard social engineering techniques by a group calling itself UGNazi. The attackers downloaded 1.7GB of data from the web server and deleted the company's web site
more »
Browser extensions are the new hiding place for malware, and legitimate cross-browser extension toolkits are being leveraged to make cross-browser and cross-platform malware
more »
Versions 1.6.8 and 1.4.13 of the open source network protocol analyser address three security vulnerabilities that could be exploited by an attacker to cause a denial-of-service by injecting a malformed packet
more »
Google has detailed how participants managed to break out of Chrome's sandbox during the first Pwnium contest
more »
The link in the email will forward users to a third party application that prompts them to install a Java applet. The Java applet will then fake a Flash Player update warning and install malware on the user's machine
more »
Three .NET security updates are putting Windows XP users' systems into an update loop
more »
Kaspersky has discovered a SpyEye variant which films the user in front of the computer when he or she visits a German banking web site
more »
A security specialist has found a way to take tokens tied to certain computers and make them executable on other systems
more »
Following nearly three years of development, NMap 6.0, the open source network scanner and mapper, has arrived with full IPv6 support, new scripts and a new Nping tool, an updated mapping GUI and many performance improvements
more »
A 1.7GB archive of a database and internal emails from the United States Bureau of Justice Statistics has been released as a torrent by the hacktivist group
more »
Although weaknesses in GSM encryption have been well known for years now, only seven of the network operators included in GSMMap have made improvements. Also, few providers took action against services that locate users using text messages
more »
The Chinese handset maker included a program with a hard-coded password in its ZTE Score smartphone which gives root access. The backdoor was discovered after a user posted the credentials on Pastebin
more »
In the last seven days: a beta for PostgreSQL 9.2 arrived, Chrome 19 was declared stable, and Oracle changed its mind about damages in the Android case. Also, The H provided some tools and tips for the systemd Linux init system, and Andrew Back took a practical look at the Internet of Things
more »
Do Not Track is based on the idea that user changes to default browser settings related to privacy should have an effect on the way service providers online handle personal data
more »
According to a report, the security breach at credit card processing company Global Payments extends back even further than was previously believed and may affect more than seven million accounts
more »