Kaspersky Labs has revealed details of what it claims is the first malware to successfully outwit the CAPTCHA online image-based verification system.
The Russian internet security software company said on March 10 that the malware, Trojan-SMS.Android.Podec, was first detected by its security analysts in late 2014, but has since been updated.
Today's bumper crop of updates for Windows and other Microsoft products doesn't just fix a new version of the Stuxnet shortcut attack. It also provides fixes to two serious flaws, one in the operating system's handling of secure connections and the other in Internet Explorer.
While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers.
Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws.
Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last week by researchers, the flaw allows an eavesdropper to intercept connections to HTTPS websites and downgrade the strength of the encryption, allowing miscreants to crack the traffic and steal things like login cookies and banking details.
Messages purporting to be WhatsApp invitations to try out a new voice calling feature are actually nothing more than malware conduits.
WhatsApp, one of the biggest third-party instant messaging app in the world, had 700 million active users sending 30 billion messages per day, as of January 2015, making it a popular target for scammers and hackers. To boot, it has started to roll out the hotly anticipated Free Voice Calling feature—which will add a VoIP capability to make calls, a la Skype and Viber. It’s available for Android, but it’s only invite-only for now.
The Internet of Things is based on sensors and controls in all sorts of devices. When those types of devices are used to create a smart home, they can give residents unprecedented control and insight. The proliferation of smart devices, however, also opens the door to new dangers and threats.
Chinese regulators summoned bank officials for a meeting this month to stress the need to carry out a nationwide directive to cut China’s reliance on foreign technology, said people familiar with the matter.
In the Jan. 15 meeting, the China Banking Regulatory Commission suggested lenders not buy new mainframe computers in 2015 and draft plans to replace the ones they now have, said the people, who asked not to be identified because the meeting was private. A senior CBRC official said in November banks rely on foreign brands for 80 percent of their core servers and systems.
Secure app maker Silent Circle has denied ever being served a secret demand for user data, amid concerns over the weekend suggesting the contrary.
In an email, general counsel Matt Neiderman confirmed the company has not received a warrant "of any type" to date.
The maker of encrypted phone and messaging products was caught in a mini-storm Saturday when reports suggested its warrant canary, a tool designed to alert the receipt of a warrant that comes with a gag order, was missing an explicit declaration that it had not been compromised by a government data demand.
British cops have arrested a 23-year-old man on suspicion of hacking into the US Department of Defense.
The National Crime Agency snared a suspected Lizard Squad hacker on Wednesday in Sutton Coldfield, West Midlands, during a week-long "intensive" national operation against alleged cyber-criminals.
The C99Shell PHP backdoor, originally spotted in 2007, is still around, and is still a danger to both web server operators and end-users.
After getting a tip from a designer about a hacked Joomla page, Panda Security malware researcher Bart Blaze discovered that a newer version (2.1) of this scripted web application Trojan has been used to compromise a web server.
The same server has been infected with other PHP backdoors, one of which seems designed to specifically target mobile users.
Adobe has launched a bug bounty program that hands out high-fives, not cash.
The web application vulnerability disclosure program announced today and launched last month operates through HackerOne used by the likes of Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security messes.
