Apple will no longer release security updates for the Windows version of QuickTime, leaving two recently-discovered remote code execution vulnerabilities unpatched.
The announcement that QuickTime for Windows is being deprecated was not made by Apple. Instead, Trend Micro-owned ZDI learned of the company’s decision after Steven Seeley of Source Incite reported finding two serious flaws.
read more
Microsoft Sues U.S. Over Secret Warrants to Search Email
San Francisco – Software titan Microsoft on Thursday sued the US government, arguing that secret warrants to search people's email violate the US Constitution.
Microsoft filed the suit against the Justice Department in federal court in Seattle, near the company's headquarters in Redmond.
read more
Hybrid Trojan “GozNym” Targets North American Banks
Researchers at IBM Security have come across a hybrid Trojan that is a combination between the Nymaim dropper and the Gozi financial malware.
read more
Clever Techniques Help Malware Evade AV Engines
FireEye researchers have identified several pieces of malware that managed to go undetected by antivirus engines for extended periods of time by using some interesting techniques.
read more
Security in a Digital World Starts with a Strategic Approach to Segmentation
Has Your Network Segmentation Approach Changed in light of new Technologies and Business Models?
read more
Phishing Attacks Hit the C-Suite With High Value Scams
Any information security professional knows that spear-phishing is effective. Cloudmark calls it "The Secret Weapon Behind the Worst Cyber Attacks", and lists 10 recent major breaches, from Target to OPM, that started with a successful spear-phish.
read more
Malicious Code in IoT Device Demonstrates Widespread Potential Risk
Security researcher Mike Olsen's recent discovery of a malicious iFrame in the embedded control code of a set of security cameras purchased from Amazon highlights one of the emerging threats to the internet of things: it is relatively easy to poison the consumer supply chain.
read more
Google Patches Serious Account Recovery Vulnerabilities
Google Fixes Flaws That Could Have Allowed Hackers to Hijack User Accounts
A researcher got $12,500 from Google for reporting several vulnerabilities in the account recovery process that could have been exploited to change a user’s password.
read more
Former Nuclear Agency Worker Sentenced to Prison for Attempted Hack
A former employee of the U.S. Department of Energy (DoE) and the Nuclear Regulatory Commission (NRC) has been sentenced to 18 months in prison for trying to hack into DoE computers in an attempt to steal nuclear secrets.
read more
White House Announces Commission on Enhancing National Cybersecurity
read more
Continue reading