We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Attackers able to get their hands on a Dropbox configuration file would be able to access and download any files a user synchronises through the service without betraying any signs of compromise, a security researcher has discovered.
An Adobe security advisory warns of a new critical vulnerability in Flash Player 10.2.153.1 for Windows, Macintosh, Linux and Solaris, Flash Player 10.2.156.12 for Android and the Authplay.dll component in Adobe Reader and Acrobat X 10.0.2 and all earlier versions.
The US Postal Service website received an unwelcome delivery this week of a new attack rapidly spreading among legitimate websites. USPS became the latest victim of the so-called "Blackhole" toolkit, a wildly popular website attack kit that's easy to use and provides obfuscation features that help it evade antivirus detection.
The makers of the internet's most popular open source DHCP program have warned that it's vulnerable to hacks that allow attackers to remotely execute malicious code on underlying machines.
Top-level data breaches often start at the bottom of the ladder. That's a lesson RSA, one of the world's premier computer security firms, learned the hard way.
A prominent information security expert said Tuesday that concerns about the recent Epsilon email hacking incident are misplaced. Bruce Schneier, author of the online Crypto-Gram newsletter, said there's little risk that the alleged theft of millions of email addresses will result in widespread fraud.
The massive attack managed to inject the name of several rogue domains into hundreds of thousands of websites. The link led to a page that carried out a fake virus scan and then recommended fake security software to clean up what it supposedly found.
More and more customers are receiving e-mails warning them of Friday's database hack at Epsilon, which handles e-mail marketing for thousands of companies. The breach exposed personal information like names and e-mail addresses.
Pure Hacking, the Australian experts in helping organisations protect their information assets earlier this week demonstrated to the cards and payments industry how to think like a hacker. The security specialist outlined the prevalence of security compromises for computer networks, hand held devices, WIFI locations and data held on social media sites.
Cybercriminals are increasingly targeting the information assets of some of the world's most well-known organizations, according to the findings of a recent global study by McAfee and Science Applications International Corp. (SAIC) entitled "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency."
There are lots of red faces at Oracle this morning, as two of its sites, MySQL.com and Sun.com, were pwned over the weekend by veteran Romanian extremely-dark-gray-hat hacker TinKode and sidekick Ne0h. The sites were the victims of an as-yet-unidentified "blind" SQL injection technique -- the exact type of attack you'd think the devs and admins at MySQL would know how to protect against. Apparently, you'd be wrong.
Frustrated by the idea of paying for what was once free, some New York Times readers have devised widely publicized methods for subverting its newly erected paywall. Their efforts, it turns out, may have been for naught.
Thousands of Bank of America customers' account information could be in jeopardy after a major security breach. Christy Clark went to a Royal Oak drug store Friday, but when her debit card was declined, she knew something was wrong.
An Iranian hacker has stepped forward to claim responsibility for the SSL certificate hack against Comodo, providing an insight into how the high-profile hack might have been pulled off.
On a security mailing list over the weekend, an unknown party published details about the structure and content of databases on the website of database vendor MySQL. The information was apparently accessible via a security hole on the MySQL.com website.
The recent disclosure about an attack on a Comodo affiliate registration authority has opened a wider conversation about Internet security and SSL certificates.
A COUPLE of 16-year old hackers had their wicked way exploiting a security vulnerability recently that allowed one of them to steal and publish a PHP cloud hosting firm's proprietary source code on Twitter.
According to the development team, access details for a number of accounts were stolen during a hack of the PHP developer wiki server wiki.php.net. Initial investigations have found that no other servers were compromised, but there was concern that the PHP source code might have been modified, as the stolen access data also provides access to the PHP repository.
A former high school senior from Orange County, California, has pleaded guilty to charges that he installed spyware on school computers in order to boost his grades.
Looks like those anti-phishing filters in your browser are working because attackers are now bypassing them by stuffing HTML files into spam messages so the malicious pages don't get detected: Researchers have detected several cases of phishers passing HTML file attachments off as Bank of America, Lloyds, TSB, and PayPal pages.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
