Researchers bypass the restrictions of Mac OS X default sandbox profiles
The restrictions imposed by Mac OS X generic application sandbox profiles can be easily bypassed, researchers from Core Security Technologies found.
The restrictions imposed by Mac OS X generic application sandbox profiles can be easily bypassed, researchers from Core Security Technologies found.
Amazon Web Services has added the option to use applications to create codes for its Multi-Factor Authentication (MFA) service, the company said on Wednesday.
A server belonging to the Massachusetts Institute of Technology was commandeered by hackers who used it to launch attacks against other websites as part of a larger drive-by download campaign, according to antivirus vendor BitDefender.
Security researchers from the CrySyS laboratory in Hungary have located an installer for Duqu, the <a href="http://www.pcworld.com/businesscenter/article/242114/duqu_new_malware_is_stuxnet_20.html">Stuxnet-inspired threat</a> that has kept the security industry on its toes for the past couple of weeks, and determined that it exploits a previously unknown vulnerability in the Windows kernel.
Researchers from Stanford University have developed an automated tool that is capable of deciphering text-based anti-spam tests used by many popular websites with a significant degree of accuracy.
IBM intends to make the security information and event management (SIEM) technology gained through the acquisition of Q1 Labs, which was officially closed yesterday, the centerpiece of IBM's broad security product portfolio.
Researchers from the Horst Goertz Institute (HGI) of the Ruhr-University Bochum (RUB) in Germany have demonstrated an account hijacking attack against Amazon Web Services (AWS) that they believe affects other cloud computing products as well.
Researchers from the Horst Goertz Institute (HGI) of the Ruhr-University Bochum (RUB) in Germany have demonstrated an account hijacking attack against Amazon Web Services (AWS) that they believe affects other cloud computing products as well.
A new variant of the DroidKungFu Android Trojan is posing as a legitimate application update in order to infect handsets, according to security researchers from Finnish antivirus vendor F-Secure.
Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.
Facebook is ignoring a serious shortcoming in the way it limits application developers' access to information about Facebook users, according to a pair of hackers.
Researchers from browser security vendor Trusteer have identified a new variant of the SpyEye financial Trojan that tricks online banking users into changing the phone numbers associated with their accounts.
Websites that accidentally distribute rogue code could find it harder to undo the damage if attackers exploit widespread browser support for HTML5 local storage and an increasing tendency for heavy users of Web apps never to close their browser.
GlobalSign expects to bring its certificate-issuing systems back online on Monday, and resume business Tuesday, it said over the weekend. The U.S. certificate authority (CA) stopped issuing new SSL certificates last Tuesday in order to audit its security, after being named as a target by the hacker who claimed to have attacked Dutch CA DigiNotar.
Google <a href="http://googleblog.blogspot.com/2011/07/2-step-verification-stay-safe-around.html">said Thursday</a> that it has rolled out its two-step authentication sign-in system to 40 languages across over 150 countries.