Malware & Vulnerabilities

Malware & vulnerabilities news, trends, analysis and practical advice

information security

malware bug virus security magnifying glass detection

Dropbox to pay security researchers for bugs

Dropbox said Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing. The popular...

Adobe patches vulnerabilities in ColdFusion, Flex and Flash Player, including a zero-day flaw

Adobe Systems released security patches for ColdFusion, Flex and Flash Player, the latter addressing a flaw for which an exploit is already available.


With latest patches, Oracle signals no more free updates for Java 7

Oracle released patches for 98 security issues across a wide range of products, including 14 in Java. This marks the last free patch for Java 7, and users are being encouraged to upgrade to version 8.

band-aid patch bandage

Microsoft Patch Tuesday: The patches keep coming

For Microsoft, the vulnerabilities appear to be surfacing more quickly than ever before.

login page with login and password forms 000011952367

Windows vulnerability can compromise credentials

A vulnerability found in the late 1990s in Microsoft Windows can still be used to steal login credentials, according to a security advisory.

That's not the hat I was wearing when you asked

This pilot fish is the go-to guy for antivirus issues at his company, and he's painfully aware that there are a few gaps in the protection -- and one very special gap in particular.

keyboard chinese flag china hacker

The 'Great Cannon' of China enforces Internet censorship

China is deploying an online tool that can be used to launch huge distributed denial-of-service attacks to enforce Internet censorship.

guard dog cyber attack prevent security

In a mock cyberattack, Deloitte teaches business how to respond

Deloitte conducted a cyber incident war-game for the media on Tuesday to show how businesses should respond in the event of a cyberattack.

Large Google malvertising campaign hits users

A large number of ads distributed by a Google advertising partner in Bulgaria redirected users to Web-based exploits that tried to install malware on their computers.

cybersecurity lock touch worker man

HP warns cybersecurity customers to focus on people and processes

To protect against cyberattacks, organizations should focus more on training their employees and improving internal processes instead of buying new technology.

cisco security malware 625x416

Enterprise bank accounts targeted in new malware attack

IBM has identified a new targeted attack, called Dyre Wolf, that has already bilked organizations of untold sums of money

android malware

Fewer than 1% of Android devices affected by potentially harmful apps

Based on data collected by Google, less than 1% of Android devices had a potentially harmful application installed last year.

security hole in fence clouds gap opening

Wider use of HTTPS could have protected GitHub

The unique attack method used to disrupt code-sharing site GitHub over the last week could have been prevented if more websites enabled encryption.


Update: Obama authorizes sanctions against hackers

President Obama signed an executive order allowing the U.S. government to impose sanctions on people, organizations and governments that conduct "malicious cyber-enabled activities" that harm the country.

malware keyboard skull and crossbones

New malware used to attack energy companies

A new malware program, Trojan.Laziok, is being used to do reconnaissance for targeted attacks against energy companies.

sec vulnerability lock bolt

EFF questions US government's software flaw disclosure policy

It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation.

Cisco patches autonomic networking flaws in IOS routers, switches

The flaws could allow attackers to gain limited access over affected devices or to disrupt their normal operation

Zero-day, Web browser vulnerabilities spiked in 2014

Secunia found that overall more than 83 percent of vulnerabilities had patches ready when the flaws became public

Load More