Internet security experts are scrambling to assess the extent of the breach caused by a massive bug called Heartbleed in the OpenSSL technology that runs encryption for two-thirds of the web and went unnoticed for two years until last week. A newly discovered bug in software supposed to provide extra Continue Reading
Apple on Tuesday patched the security vulnerability in Safari that was successfully exploited at last month’s Pwn2Own hacking contest, where a team cracked the browser to win $65,000. The Cupertino, Calif. company seeded updates for both Safari 6 and Safari 7 yesterday, promoting the former to version 6.1.3 and the Continue Reading
Researchers have released technical details and attack code for 30 security issues affecting Oracle’s Java Cloud Service. Some of the issues make it possible for attackers to read or modify users’ sensitive data or to execute malicious code, the researchers warned. Poland-based Security Explorations typically withholds such public airings until Continue Reading
The exploit that attackers are using to target a zero day vulnerability in Microsoft Word relies on a complex series of pieces, including an ASLR bypass, ROP techniques and shellcode with several layers of tools designed to detect and defeat analysis. Microsoft officials said the exploit is being used in Continue Reading
Facebook unveiled a new automated ThreatData security service, claiming the advanced malware-detection and mitigation service has already helped take down a criminal campaign. Facebook unveiled the ThreatData service in a blog post. ThreatData is a central intelligence tool designed to automatically detect, catalogue, offer IT administrators information on and combat Continue Reading
By