We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Epic hacks, major vulnerabilities, and other security surprises rolled across the Internet like a tidal wave in 2014. We thought we
In September 2014, cyber criminals managed to breach the security of the University of California, Berkeley servers. The Real Estate Division of the UC Berkeley was apparently hacked and the personal information of approximately 1600 people including student and faculty may have been compromised.
A new variety of Ransomware has been discovered by Trojan7Malware researchers. Dubbed as OphionLocker, this Ransomware is very unique in the sense that it uses elliptic curve cryptography for file encryption, and Tor for communication. Another unique signature of OphionLocker is that it uses malvertising campaigns to propagate itself rather then traditional spear phishing methods.
A further dump of Sony Pictures corporate secrets appears to have been put on the Internet over the weekend, with hackers warning of more to come.
Security researchers have uncovered two Linux variants of a complex piece of Windows malware, which is known to have previously targeted embassies, the military, and pharmaceutical companies.
Illegal search engine optimization (SEO) is the goal of attackers who are freely distributing pirated Joomla, WordPress and Drupal themes and plugins that are packaged with a backdoor being referred to as CryptoPHP.
The FBI has warned US businesses to maintain a heightened state of alert following a high profile cyber attack on Sony Pictures Entertainment last week.
Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013.
We all like to write and talk about flashy zero-day vulnerabilities. However, a new threat report cautions enterprises not to flatter themselves, because the majority of criminals are not using valuable zero-days exploits to penetrate corporate networks: they
The annual Mobile Pwn2own competition, sponsored by Hewlett-Packard's Zero-Day Initiative (ZDI) and held in Tokyo on Nov. 12 and 13, yielded some surprising results.
When a small-time Tennessee restaurateur named Khaled Abdel Fattah was running short of cash he went to an ATM machine. Actually, according to federal prosecutors, he went to a lot of them. Over 18 months, he visited a slew of small kiosk ATMs around Nashville and withdrew a total of more than $400,000 in 20-dollar bills. The only problem: It wasn
A serious vulnerability in a popular Belkin router could be exploited by a local, unauthenticated attacker to gain full control over affected devices.
Yesterday I stumbled onto a site indexing 73,011 locations with unsecured security cameras in 256 countries
A cyberespionage group that has built its operations around a malware program called BlackEnergy has been compromising routers and Linux systems based on ARM and MIPS architectures in addition to Windows computers.
An effective new phishing technique identified by researchers with Trend Micro allows attackers to go after information without having to spend as much time developing copies of websites.
In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery
The maintainer of the tnftp FTP client has patched a remote code execution vulnerability which affected operating systems including NetBSD, FreeBSD and Mac OS X. The flaw (CVE-2014-8517), which did not affect OpenBSD due to modifications, was patched over the weekend.
The Linux OS is likely to become even more popular as 32bit computing becomes a commodity and projects like Yocto make it easier to create, develop and maintain Linux based systems for embedded applications.
If your organization uses Drupal, you might have a serious problem on your hands. On October 15, Drupal urged users to apply an update that fixed a SQL Injection flaw. However, unless that patch was installed within seven hours, Drupal now says it's best to assume the website was completely compromised.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
