- Wanted: German security developers for new, homegrown spyware, Ars Technica
- Side-Channel Attack Steals Crypto Key from Co-Located Virtual Machines, threatpost
- Malware disguised as an MMS message, The H Security: News and Features
- Android Smishing Vulnerability Found in Android Open Source Project Firmware, threatpost
- Android 4.2 warns against malicious apps and premium rate texts, The H Security: News and Features
- Adobe Ships Election Day Security Update for Flash — Krebs on Security, krebsonsecurity.com
- Android vulnerability allows phishing texts, The H Security: News and Features
- Google Patches 14 Flaws in Chrome 23, threatpost
- Privacy in Ubuntu 12.10: Full Disk Encryption, Electronic Frontier Foundation
- M3AAWG Recommends New DKIM Best Practices, threatpost
- Chrome 23 closes holes, promises longer battery life, The H Security: News and Features
- Do Not Track finally arrives with version 23 of Chrome, Ars Technica
- Detecting CSRF vulnerabilities, The H Security: News and Features
- Skype accused of ratting out user to private security without warrant, The Register
- Gaping hole in Google service exposes thousands to ID theft, The Register
- QuickTime for Windows updated to close security holes, The H Security: News and Features
- Alleged 0day exploit for Adobe Reader in circulation, The H Security: News and Features
- Update: Adobe Working to Confirm New Reader Zero-Day Sandbox-Bypass Exploit, threatpost
- Twitter resets ‘hacked’ passwords after being compromised, BBC News
- Twitter Says It Was Not Hacked, NYTimes.com
- Security issue discovered in TOR client, Update at The H Security: News and Features
- Memory Bug Fixed in Tor Client, threatpost
- Worth Reading: Dropbox is “quite secure”, The H Security: News and Features
Category: Security
Quick Security Alerts for the Week Ending 11/4/2012
- 3.6 Million South Carolina Taxpayers at Risk of ID Theft, threatpost
- Critical security holes closed in Firefox 16 and Thunderbird 16, The H Security: News and Features
- Another systematic SCADA vuln, The Register
- Physical Keygen: Duplicating House Keys on a 3D Printer, eclecticc via Gnat’s Four Short Links on O’Reilly Radar
- EFF calls Ubuntu Shopping Lens a “major privacy problem”, p developers are weak link for Android security
- California Attorney General Puts Mobile App Developers on Notice, threatpost
- Huawei sends team of engineers to discuss router security revelations with hacker, ZDNet
- Staying safe online: Using a password manager just isn’t enough, ExtremeTech
- Tell-tale status pages, The H Security: News and Features
- Windows 8 ‘penetrated’ says firm which sells to world’s spy agencies, The Register
- Misconfigured Apache sites expose user passwords, other private data, Ars Technica
- Preloading HSTS, Mozilla Security Blog
- OpenBSD 5.2 Released, Slashdot
- Apple releases iOS 6 and Safari security updates, The H Security: News and Features
- Facebook flaw bypasses password protections, BBC News
- More Than 25% of Android Apps Know Too Much About You, Slashdot
- PayPal Security Holes Expose Customer Card Data, Personal Details, Slashdot
Quick Security Alerts for the Week Ending 10/28/2012
- Android apps ‘leak’ personal details, BBC News
- French hacker captures €500,000 with smartphone trojan, The H Security: News and Features
- Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix, threatpost
- ‘Looming menace’ of evil browser extensions to be demo’d this week • The Register, The Register
- CyanogenMod logged lockscreen swipe gestures, The H Security: News and Features
- CyanogenMod Fixes Flaw That Logged Users Unlock Codes, threatpost
- Introducing the USB Stick of Death, j00ru//vx tech blog via Four Short Links
- Why Mozilla should join the CryptoParty, The H Open: News and Features
- Adobe Plugs Several Buffer Overflow Holes in Shockwave Player, threatpost
- Fake PayPal Emails Distributing Malware, threatpost
- How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole, Threat Level at Wired.com
- Attacking TrueCrypt, The H Security: News and Features
- The 25 worst passwords of the year, The H Security: News and Features
- Attackers Turn to Open DNS Resolvers to Amplify DDoS Attacks, threatpost
- Phony certificates fool faulty crypto in apps from AIM, Chase, and more, Ars Technica
- US-CERT warns DKIM email open to spoofing, The Register
- SSL Vulnerabilities Found in Critical Non-Browser Software Packages, threatpost
- Boarding pass barcodes ‘can be read by smartphones’, BBC News
- Backdoor in computer controls opens critical infrastructure to hackers, Ars Technica
- 4 Simple Changes to Stop Online Tracking, Electronic Frontier Foundation
- TPM Chip in Windows 8 Lays Foundation for Widespread Enhancements to Hardware-Based Security, threatpost
- DoS vulnerability affects older iPhones, Droids, even a Ford car, Ars Technica
- Patch Available for Broadcom Mobile Device Firmware DoS Vulnerability, threatpost
Quick Security Alerts for the Week Ending 10/21/2012
- Precision Espionage miniFlame Malware Tied to Flame, Gauss, threatpost
- Ever Wondered What a Live Botnet Looks Like?, Technology Review
- Eugene Kaspersky Unveils Plans for New Secure SCADA OS, threatpost
- New Zealand government computers leak sensitive data, The H Security: News and Features
- Phishy Direct Messages Link to Fake Twitter Sign-in Page, threatpost
- Zero-Day Attacks Thrive for Months Before Disclosure, threatpost
- Android malware, FUD, and the FBI, ZDNet
- CAPTCHA-busting service relies on CAPTCHA to block bots, The Register
- Steam spawns vulnerabilities, say researchers, The Register
- Pacemakers, defibrillators open to attack, The Register
- Hackers Exploit ‘Zero-Day’ Bugs For 10 Months On Average Before They’re Exposed, Forbes via Slashdot
- A lesser-known new feature in iOS 6: It’s tracking you everywhere • The Register, The Register
- Critical Java Patch Plugs 30 Security Holes, Krebs on Security
- Adobe Extends Security of Reader and Acrobat With Better Sandbox, Force ASLR, threatpost
- Computer Viruses Are “Rampant” on Medical Devices in Hospitals, Technology Review
- Analysts Warn Online Voter Registration Is Vulnerable to Hacking: DCist, dcist.com
- New Verizon Marketing Initiative May Violate Users’ Privacy, threatpost
- Android APK 4.2 teardown shows Google getting serious about security, Ars Technica
- Adobe Reader and Acrobat get another layer of security, Ars Technica
- Apple updates Java for older Mac OS X – kills browser plugin, The H Security: News and Features
- Requesting Sensitive Data Via Google Docs: Phishing Really is That Easy, threatpost
- Spammers Using Shortened .gov URLs, Slashdot
Quick Security Alerts for the Week Ending 10/14/2012
- US law makers against Huawei and ZTE, The H Security: News and Features
- Critical Adobe Flash Player Update Nixes 25 Flaws, Krebs on Security
- Huawei says US probe had ‘predetermined outcome’, The Register
- To Keep Passwords Safe from Hackers, Just Break Them into Bits, Technology Review
- Flaws Allow Every 3G Device To Be Tracked, Slashdot
- Worm spreading on Skype IM installs ransomware, Security & Privacy at CNET News
- Surprise! Microsoft patches latest IE10 Flash vulns on time, The Register
- HTTPS Everywhere 3.0 protects 1,500 more sites, Electronic Frontier Foundation
- Botnet maps the entire internet, The H Security: News and Features
- Chrome Extension Protects Privacy Against Google, Facebook & 1,000 Other Sites, ReadWriteWeb
- Confirmed: Apple-owned fingerprint software exposes Windows passwords, Ars Technica
- Microsoft Patches Windows, Office Flaws, Krebs on Security
- Phil Zimmermann’s New App Protects Smartphones From Prying Ears, Slashdot
- Microsoft to devs: Bug users about security … now!, The Register
- Mozilla closes numerous critical holes in Firefox 16, The H Security: News and Features
- RSA splits passwords in two to foil hackers’ attacks, BBC News
- RSA boss demands revamp of outdated privacy, security regs, The Register
- RSA Boss Angers Privacy Advocates, Slashdot
- BIND DNS server updates close critical hole, The H Security: News and Features
- In Under 10 Hours, Google Patches Chrome To Plug Hole Found At Its Pwnium Event, Slashdot
- Use Microsoft Outlook? Patch It Now! New Flaw Attacks Via Email Previews, ReadWriteWeb
- Security Vulnerability in Firefox 16, Mozilla Security Blog
- Firefox 16.0.1 Ready After Serious Vulnerability Forced Mozilla to Suspend Availability, threatpost
- Exploit Code Released Targeting Firefox 16 Vulnerability, threatpost
- Mozilla Details How Old Plugins Will Be Blocked In Firefox 17, Slashdot
- Google May Soon Scan Your Android Apps For Malware, Slashdot
Quick Security Alerts for the Week Ending 10/7/2012
- New Android Malware App Turns Phone into Surveillance Device, threatpost
- DSL modem hack used to infect millions with banking fraud malware, Ars Technica
- Internet Explorer security examined, The H Security: News and Features
- Authentication Implications in Uniquely Identifiable Graphics Cards, threatpost
- Graphics Cards: the Future of Online Authentication?, Slashdot
- Researchers testing Android security with mega network, TechHive
- Zombie-animating malnets increase 300% in just 6 months, The Register
- 4.5 million routers hacked, The H Security: News and Features
- New Strain of Man-in-the-Browser Malware Refines Data Sent to Attacker in Real Time, threatpost
- Team Ghost Shell Claims to Publish Records from Thousands of Universities, threatpost
- HSTS becomes IETF proposed standard, The H Security: News and Features
- Some WordPress Themes, Thousands of Sites Open to XSS Vulnerability, threatpost
- Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In, threatpost
- iOS 6 closes configuration hole, The H Security: News and Features
- Refined hack opens locked hotel rooms–with a magic marker, ExtremeTech
- Malware Signed by Adobe Certificate Only Used in Limited Targeted Attacks, threatpost
- Microsoft to fix critical Word vulnerability on Tuesday, The H Security: News and Features
- New Tactics Helping Toll Fraud Malware on Android Avoid Detection, threatpost
- When Will We See Collisions for SHA-1?, Schneier on Security
- Over 60% of Android Malware Hides In Fake Versions of Popular Apps, Slashdot
- Faux Apps Found Hijacking Chrome, Spamming Tumblr, threatpost
- How About Some Antivirus with that Smartphone Plan?, Technology Review
- Brazil to roll out national radio-chip ID/surveillance/logging for all vehicles, Boing Boing
- Mozilla To Bug Firefox Users With Old Adobe Reader, Flash, Silverlight, Slashdot
Quick Security Alerts for the Week Ending 9/20/2012
- Google Go language gets used: For file-scrambling trojan, though, The Register
- Tiny Evil Maid CHKDSK Utility Can Steal Passwords, threatpost
- Security Vulnerability in Windows 8 Unified Extensible Firmware Interface (UEFI), Schneier on Security
- Forthcoming SHA-3 Hash Function May Be Unnecessary, threatpost
- Lieberman pushes for mandatory standards in White House cyber order, The Hill’s Hillicon Valley
- Exhaust all of DES and crack any MS-CHAPv2-based VPN for a mere $20, Boing Boing
- New Twitter-Based Malware Uses Direct Messaging to Spread, threatpost
- Apple fixes security vulnerabilities with Apple TV 5.1 update, The H Security: News and Features
- A single web link will WIPE Samsung Android smartphones, The Register
- Questions abound as malicious phpMyAdmin backdoor found on SourceForge site, Ars Technica
- Researcher Finds 100k IEEE.org Passwords Stored in Plain-Text on Public FTP Server, threatpost
- Published Threat Intelligence, Not Cybersecurity Laws, Is What’s Needed, threatpost
- New Java Vulnerability Found Affecting Java 5, 6, and 7 SE, Slashdot
- SourceForge Investigates Backdoor Code Found in Copy of phpMyAdmin, threatpost
- The Browser Exploitation Framework Project, BeEF
- Rent-to-own laptops were spying on users, The H Security: News and Features
- Security fixes dominate in Google’s Chrome 22, The H Security: News and Features
- A death blow for PPTP, The H Security: News and Features
- App protects Samsung smartphones against remote wiping, The H Security: News and Features
- Samsung Fixes Remote Wipe Flaw in Galaxy S III Smartphones, threatpost
- Android smartphones: USSD calls can kill SIM cards, The H Security: News and Features
- Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks, threatpost
- Adobe to revoke crypto key abused to sign malware apps (corrected), Ars Technica
- ASIC Seeks Power To Read Your Emails, Slashdot
- PlaceRaider, an entire new class of visual malware, Beyond The Beyond at Wired.com
- Cisco fixes alleged DoS holes, The H Security: News and Features
- Android control code issue affects almost all manufacturers, The H Security: News and Features
Quick Security Alerts for Week Ending 9/23/2012
- Google enables Do Not Track in Chrome, The H Security: News and Features
- W3C presents draft of browser Web Cryptography API, The H Security: News and Features
- Google Online Security Blog: Adding OAuth 2.0 support for IMAP/SMTP and XMPP to enhance auth security, googleonlinesecurity.blogspot.com
- Many ways to break SSL with CRIME attacks, experts warn, Ars Technica
- New IE Zero-Day Being Exploited In the Wild, Slashdot
- Millions of Virgin Mobile accounts at risk of password attacks, Ars Technica
- Tool Scans for RTF Files Spreading Malware in Targeted Attacks, threatpost
- Latest IE Zero-Day Flaw Tied to Nitro Hackers and Recent Java Zero-Day Exploits, threatpost
- Study finds web developers undertake too little vulnerability testing, The H Security: News and Features
- ‘How I CRASHED my bank, stole PINs with a touch-tone phone’, The Register
- Microsoft pledges temporary fix for critical IE bug under attack, Ars Technica
- Microsoft Recommends Workarounds to Mitigate Latest IE Zero-Day; Patch Still to Come, threatpost
- Stuxnet Tricks Copied by Computer Criminals, Technology Review
- Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker, TorrentFreak
- Schneier on Security: Recent Developments in Password Cracking, www.schneier.com
- New vicious UEFI bootkit vuln found for Windows 8, The Register
- SSL Digital Certificate Security Issues Put CAs on Notice, threatpost
- Schneier on Security: Analysis of PIN Data, www.schneier.com
- Sprint Responds to Developer’s Disclosure of Virgin Mobile Security Shortcoming, threatpost
- Apple closes numerous security holes with iOS 6, The H Security: News and Features
- Android Hacked via NFC on the Samsung Galaxy S 3, thenextweb.com via Slashdot
- Facebook’s New Plug-In Gives You Better Protection From Embarrassing Overshares, Gadget Lab at Wired.com
- More Passwords, More Problems, Technology Review
- Apple closes security holes in Mac OS X and Safari, The H Security: News and Features
- Microsoft releases fix for IE bug, BBC News
- Beyond The Beyond at Wired.com, Elderwood and Flame
- Hotmail No Longer Accepts Long Passwords, Shortens Them For You, Slashdot
- Microsoft issues IE 10 Flash flaw fix for Windows 8 • The Register, The Register
Quick Security Alerts for the Week Ending 9/16/2012
- Privacy Threat Model for Mobile, freedom-to-tinker.com
- Al-Jazeera SMS service attacked by pro-Syrian hackers, BBC News
- Microsoft Warns Of Looming Digital Certificate Deadline – Security, Attacks/breaches at Informationweek via Slashdot
- Mobile Trojans Rear Their Head, Repressive Governments Go For Their Checkbooks, Motherboard via Slashdot
- Majority of Mobile Malware Now Reliant On Toll Fraud, Slashdot
- UK to regulate export of spy software, The H Security: News and Features
- Foxit Reader 5.4 fixes DLL hijacking vulnerability, The H Security: News and Features
- The Password Fallacy: Why Our Security System Is Broken, and How to Fix It, Rachel Swaby at The Atlantic
- Fingerprint reader reveals passwords, The H Security: News and Features
- Early Windows 8 Users to Remain Vulnerable to Flash Exploits Until October, threatpost
- WhatsApp allegedly creates overly simple passwords under iOS too, The H Security: News and Features
- Microsoft, Adobe Working to Secure Flash in IE 10, Webmonkey at Wired.com
- Markey introduces mobile privacy bill, The Hill’s Hillicon Valley
- Chip and pin ‘weakness’ exposed by Cambridge researchers, BBC News via Slashdot
- CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions, threatpost
- Crack in Internet’s foundation of trust allows HTTPS session hijacking, Ars Technica
- Chrome for Android update strengthens sandbox, The H Security: News and Features
- Apple closes more than 160 security holes in iTunes, The H Security: News and Features
- Research Shows Half of All Androids Contain Known Vulnerabilities, threatpost
- PHP 5.5 should reduce password sloppiness, The H Security: News and Features
- OWASP ZAP – the Firefox of web security tools, Mozilla Security Blog
- Senator Seeks to Graft E-Mail Privacy Onto Netflix-Facebook Bill, Threat Level at Wired.com
- BlackHole 2.0 gives hackers stealthier ways to pwn, Ars Technica
- Manipulated data causes BIND DNS servers to crash, The H Security: News and Features
- Vulnerability in SSL encryption is barely exploitable, The H Security: News and Features
- Quantum Key Exchange With an Airplane, Slashdot
Quick Security Alerts for the Week Ending 9/9/2012
- Russia Unveils Secure “Almost Android” Tablet To Keep Data Away From Google, SecurityWeek.Com
- Oracle’s emergency Java patch brings sandbox bypass, ZDNet
- Hackers turn remote maintenance tool into trojan, The H Security: News and Features
- Knocking Infected PCs Off the Internet, Slashdot
- Google suspicious sign-in alert contains a trojan, The H Security: News and Features
- Eye Twitch Patterns as a Biometric, Schneier on Security
- Newest Java 7 Update Still Exploitable, Researcher Says, threatpost
- New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions, threatpost
- Apple Releases Fix for Critical Java Flaw, Krebs on Security
- Secret account in mission-critical router opens power plants to tampering, Ars Technica
- Consumers getting cagier about mobile app privacy • The Register, The Register
- Apple patent could remotely disable protesters’ phone cameras, ZDNet
- Virtual Machine Escape Exploit Targets Xen, threatpost
- Digging into the UDID data, O’Reilly Radar
- Huawei Denies Stealing State Secrets or Supporting Cyber Espionage, threatpost
- New open-source app extracts passwords stored in Mac OS X keychain, Ars Technica
- BEAST creators develop new SSL attack, The H Security: News and Features
- Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes, threatpost
- Laptop fingerprint reader destroys ‘entire security model of Windows accounts’, NetworkWorld via Slashdot
- Mozilla updates Firefox 15 to fix private browsing problem, The H Security: News and Features
- Microsoft: ‘Update your security certs this month – or else’ • The Register, The Register
- Google Adds Online Malware Scanner VirusTotal To Security Lineup, threatpost
- Apache Patch To Override IE 10’s Do Not Track Setting, Slashdot
- Sleuths Trace New Zero-Day Attacks to Hackers Who Hit Google, Threat Level at Wired.com
- WordPress 3.4 update fixes security vulnerabilities, The H Security: News and Features
- WhatsApp Is Using IMEI Numbers As Passwords, Slashdot