Security

I hope you can hold a grudge.

Most cybersecurity pros expect passwords to be around for the next 10 years, according to a Wakefield Research survey performed in conjunction with authentication vendor SecureAuth.

In the survey of 308 full-time cybersecurity IT employees, 91 percent believe that the traditional password will not exist in 2025. By comparison, other things made obsolete by better technology in 2025 will include car mirrors, plastic credit cards, cords and chargers, and dedicated remote controls, according to PC Magazine.

Japanese cars could be hacked and remote-controlled through smartphones if they were equipped with devices connected to the Internet, according to an experiment conducted by an associate professor at Hiroshima City University’s Graduate School of Information Sciences.

In the experiment, Hiroyuki Inoue remotely opened and closed car windows, displayed an incorrect speed meter reading and paralyzed the car’s accelerator, although the effects do not directly apply to cars currently on the market as their computers have no Internet access, he said.

Joomla has slung a patch to crush a critical eight-year-old remote code execution vulnerability under active exploitation by attackers.

Sucuri threat man Daniel Cid says hundreds of attacks are now taking place having ramped up from a mere handful Saturday.

"This is a serious vulnerability that can be easily exploited and is already in the wild," Cid ahrfe . "If you are using Joomla, you have to update it right now.

The next time you need to pay for parking, it might be best to have a handful of coins ready for the meter.

That’s the advice from researchers at NCC Group, who recently dissected 6 mobile apps being used as alternatives to paying with coins or cards at parking meters.

Their findings: nearly all were affected by security vulnerabilities, “some more serious than others.” One serious vulnerability has to do with badly implemented encryption.

Google researchers found a software flaw in several models of FireEye's security appliances that they say could give a cyberattacker full access to a company's network.

It's not unheard of to find security flaws in security software, but the latest discovery highlights once again how no technology is immune to such problems.

As promised, the Node.js Foundation updated all maintenance, long-term-support, and stable releases of Node.js to address two critical vulnerabilities.

The patches were announced a week ago and were expected earlier this week, but the Foundation held back the release in order to include the latest OpenSSL version, also patched this week. Node.js 0.10.x (Maintenance) and 0.12.x (LTS) depend on OpenSSL 1.0.1, and Node.js 4.x (LTS Argon) and 5.x depend on OpenSSL 1.0.2.

SAP has dismissed concerns about security flaws in its HANA platform, but acknowledges there are gaps in customers' understanding about how they can benefit from S/4 HANA.

Senior executives from the German software vendor gathered at the SAP HANA Forum held here Tuesday, where they provided an update on user adoption of the in-memory database.

Gas detectors used in factories and other industrial settings to identify toxic conditions contain several vulnerabilities that can allow hackers to remotely sabotage the devices, according to an industry advisory published late last week.

Last year, a clever piece of code grabbed the computers of a foreign company, and held them hostage — detaining information on 5,000 Canadian passport applicants in the process.

The malware demanded an undisclosed sum of money, or else all the computer's data would be encrypted forever, effectively locking it and throwing away the key.

Want to learn how to break into the computerized heart of a medical device or an electronic voting machine? Maybe a smartphone or even a car? Thanks to the legacy of military rule and a culture of breaking rules of all sorts, Argentina has become one of the best places on Earth to find people who could show you how.