Skip the navigation

Malware and Vulnerabilities Topic Center

Get the latest news, advice and in-depth analysis on malware, including information on viruses, worms, Trojans and zero-day vulnerabilities

Malware and Vulnerabilities News

VMware promises Heartbleed patches for affected products by the weekend

VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.
Read more...

Google issues patch for Android icon permissions attack

Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye.

Server makers rush their Heartbleed patches

Enterprise IT vendors are rushing to protect users from the Heartbleed bug, which has been found in some servers and networking gear and could allow attackers to steal critical data -- including passwords and encryption keys -- from the memories of exposed systems.

Box patches Heartbleed flaw in its cloud servers

Box has patched the Heartbleed security hole on its servers and has advised its customers to change their passwords.

First sites admit data loss through Heartbleed attacks

Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.

Heartbleed bug can expose private server encryption keys

Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.

Akamai admits issuing faulty OpenSSL patch, reissues keys

Akamai Technologies, whose network handles up to 30% of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the Heartbleed bug.

NSA denies it knew about Heartbleed flaw

The U.S. National Security Agency, which has a cybersecurity mission in addition to surveillance, has disputed a report that it knew about the Heartbleed security vulnerability for at least two years before other researchers disclosed the flaw this month.

NSA secretly exploited devastating Heartbleed bug for years, report says

You had to see this one coming.

Update: IRS misses XP deadline, will spend $30M to upgrade remaining PCs

The U.S. Internal Revenue Service acknowledged last week that it missed the April 8 cut-off for Windows XP support and will be paying Microsoft for an extra year of security patches.

Malware and Vulnerabilities In Depth

Evan Schuman: With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix.

Security Manager's Journal: A rush to XP's end of life

The end of Microsoft support is fast approaching, and the company still has a lot of machines running the old Windows operating system.

The new security perimeter: Human Sensors

Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference

McAfee Offers Global Response to Nationalized Malware

In medieval times, kings let barbarians break down the castle gates but made sure they paid the price once they got inside. McAfee's approach to security takes a similar approach -- since data breaches are inevitable, companies should worry less about the perimeter and more on catching the bad guys in the act.

Ira Winkler: 6 failures that led to Target hack

The storyline that a single point of failure allowed a sophisticated attacker to steal millions of card numbers from Target just doesn't hold up.

7 sneak attacks used by today's most devious hackers

Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users

Security Manager's Journal: An admin surfing on a server? That's a big no-no

How could a tightly restricted server in finance be compromised by malware? Really, it's not that hard.

Malware: War without end

After decades of fighting off viruses, worms, Trojans and other malware and cyberattacks, total victory remains beyond reach.

Cryptolocker: How to avoid getting infected and what to do if you are

The newest piece of ransomware is particularly nasty and, once you've got it, it's a real pain to get rid of. Here's how to protect your corporate assets before getting bit.

7 sneak attacks used by today's most devious hackers

Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users