More Malware and Vulnerabilities News
Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.
About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.
Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.
Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.
Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.
Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
In the race to protect themselves from the Heartbleed vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.
VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.
Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye.
Enterprise IT vendors are rushing to protect users from the Heartbleed bug, which has been found in some servers and networking gear and could allow attackers to steal critical data -- including passwords and encryption keys -- from the memories of exposed systems.
Box has patched the Heartbleed security hole on its servers and has advised its customers to change their passwords.
Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.
Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.
Akamai Technologies, whose network handles up to 30% of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the Heartbleed bug.
The U.S. National Security Agency, which has a cybersecurity mission in addition to surveillance, has disputed a report that it knew about the Heartbleed security vulnerability for at least two years before other researchers disclosed the flaw this month.
You had to see this one coming.
The U.S. Internal Revenue Service acknowledged last week that it missed the April 8 cut-off for Windows XP support and will be paying Microsoft for an extra year of security patches.
Computerworld offers a Tip of the Hat to The Register's Chris Williams for his insights on how a lack of oversight of open source technologies contributed to to the creation -- and the two-year spread -- of the Heartbleed bug.
Android and IOS mobile applications are just as vulnerable to the Heartbleed bug as websites are, security vendor Trend Micro warned.