The OpenSSL Project has released new versions of the popular OpenSSL library in order to address a denial-of-service (DoS) vulnerability that was introduced by a critical patch issued on Jan. 6.
Stories by Lucian Constantin
Researchers showcased unpatched security flaws in software used to control critical industrial systems by oil, gas, water and electrical distribution plants at the 2012 SCADA Security Scientific Symposium (S4) on Thursday.
An inconsistency in how Microsoft's Internet Explorer (IE) encodes double quotes in URIs (uniform resource identifiers) can facilitate cross-site scripting (XSS) attacks, researchers from security firm Imperva claim.
Robert Butyka, a 26-year old Romanian man accused of hacking into multiple NASA servers, received a three-year suspended prison sentence on Tuesday after admitting his guilt.
Vulnerability research firm Secunia <a href="http://secunia.com/blog/292/">announced</a> that, effective from the beginning of the year, software vendors will have a six-month deadline to fix vulnerabilities reported through its Vulnerability Coordination Reward Programme (SVCRP).
The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default.
Online shoe and apparel shop Zappos.com is advising over 24 million customers to change their passwords following a data breach, but its website is currently inaccessible to people outside the U.S.
A new phishing attack that's spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network's security team.
A member of the Anonymous hacktivist collective has published a list of Internet-facing Israeli SCADA (supervisory control and data acquisition) systems and alleged log-in details.
The PHP development team <a href="http://www.php.net/archive/2012.php#id2012-01-11-1">has released</a> version 5.3.9 of the popular Web development platform in order to address a recently disclosed denial-of-service (DoS) vulnerability, as well as other security issues and bugs.
Symantec has been accused in a lawsuit of California's unfair competition laws and fraudulent inducement by using scareware-like tactics to trick users into buying licenses for its PC utility-type products.
Android malware writers are taking advantage of the controversy surrounding Carrier IQ's smartphone tracking software in order to distribute a premium SMS Trojan, security researchers from Symantec warn.
Exploit code for a recently patched denial-of-service (DoS) vulnerability that affects Microsoft's ASP.NET Web development platform has been published online, therefore increasing the risk of potential attacks.
A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.
Two newly discovered vulnerabilities in Adobe's Flash Player can be exploited to execute arbitrary code remotely, according to <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4694">advisories</a> from the U.S. Computer Emergency Readiness Team (US-CERT) and various security research companies.