Exploits / vulnerabilities - News, Features, and Slideshows

News

• New bug lets you unlock iPhone for calls

  A bug in Apple's iPhone OS gives thieves a way to unlock stolen iPhones and make telephone calls.

• Google adds phishing URL alerts into network tool

  Google has added notification for phishing URLs to its service that lets administrators know if their networks have been compromised.

• Microsoft releases biggest-ever security update

  Microsoft released its largest-ever set of security patches Tuesday, fixing a total of 49 bugs in products such as Windows, Internet Explorer and Office.

• Mobile malware exploits on the way, experts say

  Smartphone exploits are coming, as cybercriminals start to figure out how to make money by hacking mobile devices, two mobile security experts said Tuesday.

• Criminals will continue to use Zeus Trojan, expert says

  Despite dozens of recent arrests targeting large online fraud organizations, other criminals are continuing to use the Zeus Trojan and other Web tools to steal identities and money from Internet users, one cybersecurity expert said Tuesday.

• Zeus botnet thriving despite arrests in the US, UK

  The Zeus botnet remains a robust network that is difficult to destroy despite an international sting operation that saw dozens arrested this week for allegedly stealing money from online bank accounts.

• Cyber Storm III simulates large-scale attack

  A new cyberattack exercise hosted by the U.S. Department of Homeland Security this week reflects the increasingly sophisticated attacks U.S. agencies and businesses face, DHS officials said.

• Idappcom seeks to displace penetration testers

  A U.K. company is seeking to displace penetration testing companies with an appliance and software that can frequently test whether security devices are catching bad network traffic and exploits.

• Twitter contains second worm in a week

  Twitter has put a stop to a worm that posted obscene messages to victims' Twitter feeds. It's the second worm attack the site has suffered in a week.

• Twitter fixes cross-site scripting flaw

  A serious security flaw was apparently found on Twitter on Tuesday but was quickly fixed.

• Vulnerability management basics: Pen testing techniques

  It should go without saying that pen testing is one of the most important pieces of an IT security shop's vulnerability management program. And yet it's something that was <a href="http://www.csoonline.com/article/468766">declared a dead art by Fortify Co-founder Brian Chess</a> a couple years ago.

• Security program automatically tracks down missing patches

  Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test,

• HP buys 3Par, Apple rolls out new gear

  Hewlett-Packard swooped in with the better bid to overtake Dell and win 3Par, so now we can all sit back and wait for the next acquisition battle to roll around. Meanwhile, Apple debuted updated iPods and Apple TV to entertain us, among other IT news stories of the week.

• AVG uncovers new data-stealing Mumba botnet

  Researchers at AVG have uncovered a botnet that has been harvesting personal information and uses the latest version of the Zeus code, underscoring the widespread use of the sophisticated malware.

• Google acknowledges YouTube hack

  Malicious hackers attacked Google's YouTube on Sunday, exploiting a cross-site scripting (XSS) vulnerability on the ultra-popular video sharing site, hitting primarily sections where users post comments.