More Security Hardware and Software News

Is cloud-based security really less expensive?

Businesses in new study were five times more likely to have decreased spending on managing security over three years as a percentage of their overall IT budget.

Android hackers hone skills in Russia

The malware business growing around Google Android -- now the leading smartphone operating system -- is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers.

Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs

German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.

UNC Charlotte: 350,000 SSNs exposed in decade-long breach

Two issues exposed financial data and Social Security numbers for 350,000 people, although it is thought the information has not been abused, the University of North Carolina at Charlotte said.

New Windows-based tool can encrypt DNS requests

A security company specializing in the Domain Name System has released a Windows version of a tool that encrypts DNS requests, which could be spied on to reveal a user's browsing activity.

PHP patches actively exploited CGI vulnerability

The PHP Group has released PHP 5.4.3 and PHP 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.

PHP will try again to patch chip flaw

The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed in a May 3 update.

Apple engineering mistake exposes clear-text passwords for Lion

Apple's latest update to OS X contains a dangerous programming error that reveals the passwords for material stored in the first version of FileVault, the company's encryption technology, a software consultant said.

Microsoft boots Chinese firm for leaking Windows exploit

Microsoft identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.

Hackers blackmail Belgian bank with threats to publish customer data

Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay $197,000 before Friday.

Down but not out: Conficker camouflages new Windows infections

Windows PCs infected with Conficker are more likely to be compromised by other malware because the worm masks those secondary infections and makes those machines easier to exploit, a security expert said.

Researcher misinterprets Oracle advisory, discloses unpatched database vulnerability

Instructions on how to exploit an unpatched Oracle Database Server vulnerability in order to intercept the information exchanged between clients and databases were published by a security researcher who erroneously thought that the company had patched the flaw.

Most of the Internet's top 200,000 HTTPS websites are insecure, group says

Ninety percent of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL attack, according to a report by the Trustworthy Internet Movement (TIM), a nonprofit organization that tries to solve Internet security, privacy and reliability problems.

Russian cybercriminals earned $4.5 billion in 2011

Russian-speaking hackers earned an estimated $4.5 billion globally using various online criminal tactics, Russian security analyst firm Group-IB said in a report published on Tuesday.

Most IT, security pros see Anonymous as serious threat

The majority of IT and security professionals believe that Anonymous and hacktivists are among the groups that are most likely to attack their organizations during the next six months, according to the results of a survey sponsored by security vendor Bit9.

Mind the Byte seeks secure clouds to transmit research

Pharmaceutical and chemical research firm Mind the Byte is using vCider, which aims to take the sting out of managing and securing virtual private clouds across different infrastructure providers. Insider (registration required)

Oracle to issue 88 security patches on Tuesday

Oracle is planning to release 88 patches on Tuesday, covering vulnerabilities affecting a wide array of its products, according to a pre-release announcement posted to its website on Thursday.

Mac security software sales jump after Flashback infections make news

Sales of Mac security software have jumped since the news broke last week about a massive malware infection of Apple computers, according to application statistics and some antivirus vendors.

Free tool detects Flashback Mac malware pestilence

A Mac developer has posted a tool that detects a Flashback malware infection on Apple's computers.

Sophos takes down partner portal after signs of hacking

Security firm Sophos has taken its partner portal offline and will reset every user's password after it found signs of a potential security breach on the server hosting it.