More Security Hardware and Software News

N.J. mayor arrested on hacking, conspiracy charges

The mayor of West New York, New Jersey, was arrested together with his son on Thursday, for allegedly hacking into a website that criticized him and his administration.

Researchers propose TLS extension to detect rogue SSL certificates

A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently issued SSL certificates.

Yahoo leaks private key, allows anyone to build Yahoo-signed Chrome extensions

Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo's name.

Security researcher urges IT to keep up with SAP patches

More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.

Banking malware spies on victims by hijacking webcams, microphones, researchers say

A new variant of SpyEye malware allows cybercriminals to monitor potential bank fraud victims by hijacking their webcams and microphones, according to security researchers from antivirus vendor Kaspersky Lab.

Is cloud-based security really less expensive?

Businesses in new study were five times more likely to have decreased spending on managing security over three years as a percentage of their overall IT budget.

Android hackers hone skills in Russia

The malware business growing around Google Android -- now the leading smartphone operating system -- is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers.

Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs

German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.

UNC Charlotte: 350,000 SSNs exposed in decade-long breach

Two issues exposed financial data and Social Security numbers for 350,000 people, although it is thought the information has not been abused, the University of North Carolina at Charlotte said.

New Windows-based tool can encrypt DNS requests

A security company specializing in the Domain Name System has released a Windows version of a tool that encrypts DNS requests, which could be spied on to reveal a user's browsing activity.

PHP patches actively exploited CGI vulnerability

The PHP Group has released PHP 5.4.3 and PHP 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.

PHP will try again to patch chip flaw

The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed in a May 3 update.

Apple engineering mistake exposes clear-text passwords for Lion

Apple's latest update to OS X contains a dangerous programming error that reveals the passwords for material stored in the first version of FileVault, the company's encryption technology, a software consultant said.

Microsoft boots Chinese firm for leaking Windows exploit

Microsoft identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.

Hackers blackmail Belgian bank with threats to publish customer data

Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay $197,000 before Friday.

Down but not out: Conficker camouflages new Windows infections

Windows PCs infected with Conficker are more likely to be compromised by other malware because the worm masks those secondary infections and makes those machines easier to exploit, a security expert said.

Researcher misinterprets Oracle advisory, discloses unpatched database vulnerability

Instructions on how to exploit an unpatched Oracle Database Server vulnerability in order to intercept the information exchanged between clients and databases were published by a security researcher who erroneously thought that the company had patched the flaw.

Most of the Internet's top 200,000 HTTPS websites are insecure, group says

Ninety percent of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL attack, according to a report by the Trustworthy Internet Movement (TIM), a nonprofit organization that tries to solve Internet security, privacy and reliability problems.

Russian cybercriminals earned $4.5 billion in 2011

Russian-speaking hackers earned an estimated $4.5 billion globally using various online criminal tactics, Russian security analyst firm Group-IB said in a report published on Tuesday.

Most IT, security pros see Anonymous as serious threat

The majority of IT and security professionals believe that Anonymous and hacktivists are among the groups that are most likely to attack their organizations during the next six months, according to the results of a survey sponsored by security vendor Bit9.