Security News


Hacker Selling Java Zero-Day Vulnerability Online

According to researchers at Krebs on Security, an issue in the latest version of Java is being shopped around online by an unknown seller.

Security: Is Android Becoming the Windows of Mobile?

Android has seen the number of Trojans targeting the platform nearly triple in just the last three months.

Mobile Security Authentication Firm PhoneFactor Acquired by Microsoft

According to an announcement made yesterday, Microsoft has acquired PhoneFactor, a provider of mobile-based authentication solutions.

Researchers Discover Yet Another Java Zero-Day Issue

Researchers have discovered a "critical" zero-day issue with Oracle's Java plugin. This marks the second time in less than a month that researchers have found an issue with Java.

Flaw Exposes Oracle Database Passwords

A vulnerability in Oracle Database 11g Releases 1 and 2 could allow an attacker to remotely steal information located on the database, including user passwords.

Recent Java Update Contains New Flaw

The day after Oracle released Java Version 7 Update 7, a fix for three vulnerabilities (including last week's zero-day disclosure), a security firm has found a new error in the latest version.

Oracle Releases Update for Recently Disclosed Java Flaw

An update for Java 7 that addresses "3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers" was released by Oracle on Wednesday.

Newly Discovered Java Flaw Seen Exploited in Wild

Information on a Java flaw that has been seen in targeted attacks in the wild, and has been tested to work on most major Web browsers for both Mac and PC, was reported on Monday by security firm FireEye.

Amazon Releases AWS Cloud Security Practices

Last week the company submitted a 42-page document detailing security policies for Amazon Web Services (AWS).

Tool Analyzes Open Source Components in Your Java Apps

Sonatype on Wednesday launched a new on-demand service that analyzes the open-source components in Java applications for security, licensing and quality problems.

Java Exploit Added to BlackHole Toolkit

A well-known hacking tool aimed at Java vulnerabilities appears to have gotten an upgrade designed to exploit a newly-patched security flaw addressed in the Java SE 6 Update 33 and Java SE 7 Update 5.

Security Alliance Proposes Cloud Certification Framework

The Cloud Security Alliance (CSA) has disclosed plans to offer a certification program for providers of cloud-based products and services.

Web Sites Open to Attack From PHP Scripting Holes

Two separate flaws in the PHP scripting language found in a large majority of Web sites have been seen being exploited in the wild by attackers.

Apple Patches Java Flaw

Apple says a Java update the company released on April 3 fixes the headline-grabbing security flaw exploited by the Flashback Trojan botnet.

Hacker Kit Updated With Recently Discovered Java Exploit

A recently disclosed Java vulnerability has been updated in the BlackHole kit, a popular exploit set among hackers. Security experts warn that a majority of Java users could be at risk.

Google Launches Authentication Service for Servers and APIs

Google's newly launched Service Accounts will provide certificate-based authentication to APIs for server-to-server interactions.

Suit Alleges App Makers Siphoning User Info

According to a lawsuit filed in a Texas court this week, makers of some of the most popular mobile apps are collecting user information without the consumer's consent.

Encrypted E-mail App Coming to Windows Phones

Microsoft, partnered with with secured and managed mobile enterprise app company Good Technology, will bring encrypted e-mail services to the Windows Phone platform.

HP Unveils Security Platform at RSA

HP today unveiled a new platform of integrated security solutions that, according the company, is designed to "bridge the gap between security and IT operations of security solutions."

Google, Microsoft, Apple Agree on Mobile Privacy Accord

Six tech companies have agreed to provide clear information on their individual privacy policies before their products are downloaded.