Exploits / vulnerabilities - News, Features, and Slideshows

News

• IPhone attack reveals passwords in six minutes

  Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode.

• Oracle issues emergency Java patch

  Oracle has issued an emergency patch for a Java vulnerability that can cause systems to hang and that can be exploited by remote attackers without authentication.

• Microsoft update offers an easier way to turn off autoruns

  Microsoft's latest round of patches released on Tuesday includes an optional update that will shut off the "autorun" capability for users of older Windows operating systems, a move the company has made to reflect the resurgence of worms carried on removable media.

• Next generation banking malware emerges after Zeus

  The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.

• ShmooCon: Eavesdropping easy on Evite

  Web service Evite offers more than a convenient way to send out e-mail invitations to events. For those with even a modest amount of malicious gumption, the site can also provide a treasure trove of personal information, at least according to one security researcher.

• Waledac botnet poised for a rebound with stolen credentials

  The Waledac botnet, crippled by legal action from Microsoft and covert infiltration by security researchers just a year ago, appears poised for a big comeback.

• Hackers turn back the clock with Telnet attacks

  A new report from Akamai Technologies shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks.

• Carberp banking malware upgrades itself

  A piece of banking malware that researchers have been keeping an eye on is adding more sophisticated capabilities to stay hidden on victims' PCs, according to the vendor Seculert.

• Coming soon: A new way to hack into your smartphone

  More than three years after the iPhone was first hacked, computer security experts think they've found a whole new way to break into mobile phones -- one that could become a big headache for Apple, or for smartphone makers using Google's Android software.

• IBM DeveloperWorks site defaced

  An IBM site for developers was defaced over the weekend, with attackers replacing some of the Web pages on the site with ones containing their own messages, IBM confirmed Monday.

• Is SAP afraid of a Stuxnet-style attack?

  Enterprise software provider SAP is stepping up its security stance as its once-isolated systems become increasingly connected to the Internet, posing new risks as hackers diversify their targets.

• Trend Micro releases free Stuxnet detection tool

  Trend Micro has released a tool that administrators can use to scan dozens of computers at a time for Stuxnet, the malicious software program that has raised widespread concern for its targeting of industrial systems made by Siemens.

• Black Hat promises new exploit techniques, Stuxnet insight

  The Black Hat security conference will kick off in Abu Dhabi on Monday with new information revealed about the Stuxnet malicious software program along with other cutting-edge research.

• Antivirus software didn't help utility with malware attack

  When the zero-day attack known as the "Here You Have" virus hit about 500 PCs at the Salt River Project, a large public power utility and water supplier for Arizona, it turned out that the antivirus software in use provided no defense.

• Bredolab-infected PCs downloading fake antivirus software

  A massive takedown operation conducted by Dutch police and security experts earlier this week does not appear to have completely dissolved the Bredolab botnet, but it is unlikely to recover.