SophosLabs: Symantec has confirmed that a file made available on the internet for anyone to download, does contain the source code for an old version of its pcAnywhere product. For a short while last month, before releasing a patch, Symantec advised customers to disable their pcAnywhere installations because of concern that hackers could exploit vulnerabilities….
Sunbelt: With the U.S. currently in tax season, online criminals have, once again, sought to take advantage of this. Robert Stetson, one of Sunbelt’s malware researchers, spotted a phishing email posing as Intuit Inc., a company that “develops financial and tax preparation software”. They developed Quicken and TurboTax. Below is a screenshot of the said…
H-Online: Researchers at Ruhr-Universität Bochum in Germany have announced that they have cracked the A5-GMR-1 and A5-GMR-2 encryption algorithms used in satellite phones. Satellite phones are mainly used in areas with insufficient mobile network coverage and in the maritime sector. The researchers obtained the proprietary, and previously undocumented, algorithms by reverse engineering phone firmware updates….
v3.co.uk: The uniform infrastructure and predictable behaviors are making corporate retail and restaurant chains the choice targets for cybercriminals. A report from security firm Trustwave found that attackers favor companies with chains of outlets, such as those commonly found in the food and retail industries, when launching targeted attacks. The attackers like the uniform IT…
Google Chrome Wrote: In 2008, we launched Google Chrome to help make the web better. We’re excited that millions of people around the world use Chrome as their primary browser and we want to keep improving that experience. Today, we’re introducing Chrome for Android Beta, which brings many of the things you’ve come to love…
The H-Online: Adobe has released a public beta of a sandboxed version of its Flash plugin for Firefox in an effort to improve its security. The new “Protected Mode” for Flash, which has been in development for at least a year according to Adobe engineer Peleus Uhley, runs with restricted privileges and, to further limit…
The H-Online: RealNetworks has released an update to RealPlayer to close a number of holes in its media player application. Version 15.02.71 of RealPlayer addresses a total of seven remote code execution vulnerabilities, rated as highly critical by Secunia, which could be exploited by an attacker to compromise a victim’s system. These include errors when…
The H-Online: Google plans to turn off online checks for SSL certificate validity in its Chrome browser soon, according to a blog post by Adam Langley, the developer in charge of that element of the browser. Instead, the browser will use the update mechanism to receive lists of revoked certificates. When browsers make a connection,…
The Hacker News: Roland Dela Paz, a threat response engineer with Trend Micro have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval. File-storage services offer several advantages for cybercriminals. SendSpace accepts files and then generates a link that can be shared with other…
The H-Online: Versions 1.7.5 and 2.5.1 of the open source Joomla! content management system (CMS) have been released to address two information disclosure vulnerabilities. These include one medium severity problem in Joomla! 1.7.x that could allow an unauthorized user to gain access to the error log stored on a victim’s server, and, in both versions,…