Malware & Vulnerabilities

Malware & Vulnerabilities coverage at Computerworld

android security danger
jamie dimon

Steam password reset vulnerability

Valve patches huge password reset hole that allowed anyone to hijack Steam accounts

After losing control of their Steam accounts, some gamers and Twitch streamers were definitely steamed. Valve blamed the account takeovers on a “bug,” but the vulnerability seemed more like a critical hole – an authentication pit –...

android security danger

Stagefright vulnerability lets criminals send malware by text

Vulnerabilities in Android's "Stagefright" code allows criminals to send malware to any user via text message -- and the user gets infected without even having to open it.

WordPress gets a patch for critical XSS flaw

Developers of the WordPress blogging platform have released a critical security update to fix a flaw that can be exploited to take over websites.


Microsoft patches Windows zero-day found in Hacking Team's leaked docs

Microsoft today issued an emergency security update to patch a flaw in Windows -- including the not-yet-released Windows 10 -- that was uncovered by researchers after a breach of Italian surveillance firm Hacking Team.


Cyberspies love exploits from Hacking Team leak

The leaked files from surveillance software maker Hacking Team have proved to be a great resource for cyberespionage groups, which have used at least two Flash Player exploits from the company's arsenal.

flash update

Latest Flash Player version offers better exploit defenses

The Flash Player update released Tuesday not only fixed two vulnerabilities that were being targeted by attackers, but added additional protections that will make entire classes of security flaws much harder to exploit in the...

credit card malware

New point-of-sale malware distributed by Andromeda botnet

Cybercriminals are casting increasingly wider nets in their search for new point-of-sale systems to infect. This appears to be the case with a new memory scraping malware program called GamaPoS that's distributed by a botnet known as...

Microsoft Windows patch tuesday bug

Microsoft Patch Tuesday says goodbye to Windows Server 2003

With this month's Patch Tuesday round of security fixes, Microsoft has ended its support for the Windows Server 2003 operating system.

flash update

Adobe patches Flash to quash last two zero-days unearthed in Hacking Team's cache

Adobe updated its Flash Player to quash a pair of zero-day flaws found in the cache of documents hackers stole from the Hacking Team surveillance company.

malware keyboard skull and crossbones

Hacking Team's malware uses UEFI rootkit to survive OS reinstalls

Surveillance software maker Hacking Team has provided its government customers with the ability to infect the low-level firmware found in laptops and other computers that they wanted to spy on.

Adobe Flash zero day

PANIC: More Adobe Flash zero-days (revealed by Hacking Team hack)

More Adobe Flash zero-day bugs come to light, thanks to the Hacking Team trove. Email messages lifted from the Italian spyware company reveal two more unpatched vulnerabilities...

computer security stock image

Hacking Team had at least three unpatched Flash Player exploits

Recently breached surveillance software maker Hacking Team had access to three different exploits for previously unknown vulnerabilities in Flash Player. All are now out in the open.

sec vulnerability lock bolt

Adobe to patch second Hacking Team Flash zero-day bug

Adobe next week will patch a second zero-day vulnerability found in the leaked documents from the Hacking Team, a controversial Italian company that sells surveillance software and exploits to governments.

malware keyboard skull and crossbones

VMware patches vulnerabilities in Workstation, Player, Fusion and Horizon View Client

VMware released patches for serious vulnerabilities in several of its products that could lead to arbitrary code execution, privilege escalation on the host OS and denial of service.


Emergency Flash Player updates fix for vulnerability used in widespread attacks

Adobe Systems was forced to rush the release of a Flash Player update after an exploit for a previously unknown vulnerability was leaked on the Internet and quickly adopted by cybercriminals.

Cisco leaves its Unified CDM software open to hackers

Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote...

eyes 492914 1920

Spotting vulnerabilities takes many eyes

Traditional vulnerability management doesn’t always catch security issues. That’s why you need input from as many sources as possible.

office of personnel management

FBI alert details malware tied to the OPM and Anthem attacks

The FBI has released information about the malware used in the breach at the Office of Personnel Management. It turns out that the malware also has ties to the earlier Anthem hack.

Load More