In the latest security lapse involving the Internet's widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well.
Next weekend, voters in the Australian State of New South Wales go to the polls to elect a new government. Some have already cast their votes online, with a system that may be running the FREAK bug.
So say Vanessa Teague and J. Alex Halderman, respectively a research fellow in the Department of Computing and Information Systems at at the University of Melbourne and an assistant professor of computer science and engineering at the University of Michigan and director of Michigan’s Center for Computer Security and Society.
CeBIT attendees on Thursday fell victims to a series of well-executed hacks. Thankfully, they weren’t malicious in origin; instead, they were live demonstrations by notorious ex-hacker Kevin Mitnick.
Though Mitnick’s hacking skills once earned him a spot on the FBI’s Most Wanted list, he is now a world-renowned security consultant. He and his team of specialists use various methods of intrusion to infiltrate clients - including major Fortune 500 companies – and boast a 100% success rate.
Just when it seemed like the controversy surrounding anonymous message posting app Whisper was calming down, the company is facing new accusations. And the app maker is fighting back tooth and nail.
A security startup, Xipiter, has published a long blog post full of scathing allegations about Whisper, including a video that it says demonstrates a security hole it says it found.
Users of Twitch, the Amazon-owned video game streaming site, will have to reset their passwords after the service suffered a security breach, the company revealed today.
A post to the company’s official blog said that users will have to reset their account password, and the company has revoked all stream keys, which allow computers to stream video to the site. In addition, all integrations between Twitch, Twitter and Youtube have been revoked, so people who want those features will have to re-enable them.
SAP has fixed two flaws in a mobile medical app, one of which could have allowed an attacker to upload fake patient data.
The issues were found in SAP’s Electronic Medical Records (EMR) Unwired, which stores clinical data about patients including lab results and images, said Alexander Polyakov, CTO of ERPScan, a company based in Palo Alto, California, that specializes in enterprise application security.
Hospitality giant Hilton Hotels & Resorts recently started offering Hilton HHonors Awards members 1,000 free awards points to those who agreed to change their passwords for the online service prior to April 1, 2015, when the company said the change would become mandatory. Ironically, that same campaign led to the discovery of a simple yet powerful flaw in the site that let anyone hijack a Hilton Honors account just by knowing or guessing its valid 9-digit Hilton Honors account number.
Cisco's small business SPA300 and SPA500 internet protocol (IP) phones contain a vulnerability that if exploited, allows attackers to remotely listen in on audio from the devices.
The vulnerability was discovered by Chris Watts, director of Tech Analysis in Sydney, along with two others.
Two researchers on Thursday took down the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, as Pwn2Own, the annual hacking contest that runs in tandem at CanSecWest, wound down in Vancouver.
The story of the day was Korean researcher Jung Hoon Lee, who worked alone under the name lokihardt and earned the single highest payout for an exploit in the competition’s history, a staggering $110,000 in just two minutes.
Apple's OS X operating system has multiple layers of security to protect users against potentially malicious applications, but according to Patrick Wardle, director of research at Synack, Dynamic Link Libraries (DLL) hijacking can be used to bypass those protections, potentially putting users at risk.
Wardle is set to formally detail his research at a presentation at the CanSecWest security conference in Vancouver, British Columbia, on March 18. Apple did not respond to a request for comment from eWEEK about Wardle's research.
