Skip the navigation

More Malware and Vulnerabilities News

Apple users were left at risk by 3-week delay between OS X and iOS patches

Apple exposed iOS users to security threats by taking three weeks longer to patch the same vulnerabilities in the mobile OS that it previously fixed in Safari on OS X, a former Apple security engineer said.

Tip of the Hat: Heartbleed prompts chastened tech giants to fund OpenSSL

Computerworld offers a Tip of the Hat to Jon Brodkin of Ars Technica for an incisive look at how only a potential disaster could convince top tech execs to finally help fund the OpenSSL and other open-source projects.

Russian Android SMS Trojan hits U.S.

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

Coding error protects some Android apps from Heartbleed

Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.

Apple patches Secure Transport, but not because of Heartbleed

Apple today issued a security-only update for OS X, patching 25 vulnerabilities in Mavericks, its newest operating system, and 7 bugs in older editions.

Mystery malware infecting jailbroken iPhones, iPads

A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.

SEC seeks data on cyber security policies at Wall Street firms

The Securities and Exchange Commission plans to review the cyber defenses of 50 Wall Street broker-dealers and investment advisers to determine whether they are prepared for potential cyber threats.

Most but not all sites have fixed Heartbleed flaw

The world's top 1,000 websites have been patched to protect their servers against the "Heartbleed" exploit, but up to 2% of the top million were still vulnerable as of last week.

Satellite communication systems are rife with security flaws, vulnerable to hackers

Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.

Michaels breach exposes nearly 3M payment cards

About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.

This Netcraft tool flags sites affected by Heartbleed

Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.

Android trojan app targets Facebook users

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

Microsoft extends Windows 8.1 Update migration deadline for business

Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.

Teen nabbed in Heartbleed attack against Canadian tax site

Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.

Oracle identifies products affected by Heartbleed, but work remains on fixes

Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.

Rushed Heartbleed fixes may expose users to more attacks

In the race to protect themselves from the Heartbleed vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.

VMware promises Heartbleed patches for affected products by the weekend

VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.

Google issues patch for Android icon permissions attack

Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye.

Server makers rush their Heartbleed patches

Enterprise IT vendors are rushing to protect users from the Heartbleed bug, which has been found in some servers and networking gear and could allow attackers to steal critical data -- including passwords and encryption keys -- from the memories of exposed systems.

Box patches Heartbleed flaw in its cloud servers

Box has patched the Heartbleed security hole on its servers and has advised its customers to change their passwords.