Security News


Study Finds DDoS Attacks Against IPv6 Networks Rising

DDoS attacks are targeting IPv6 networks for the first time since the Internet protocol started implementation last year.

Millions Infected with Trojan Hidden in Android Apps

A large malware ring might have infected more than 5 million Android users with fraudulent apps, according to Symantec.

ForgeRock Updates Java-Based OpenIDM

ForgeRock has released version 2.0 of its OpenIDM identity management offering.

Microsoft Report Finds Java Exploits Top Vulnerability List

According to a Microsoft Security Intelligence Report, released last month, the most common software exploit type in the first half of 2011 was associated with vulnerabilities in Oracle's Java Runtime Environment (JRE).

Chrome Vulnerability Could Lead to Remote Code Execution Attack

Researchers at Acros Security have found and disclosed a Google Chrome flaw it its built-in sandbox protection that could lead to a remote code execution attack.

Report: Mobile Security Not Keeping Up with Increase in Attacks

Attacks against smartphone applications and browsers will continue to rise as the adoption of tablets and smartphones increase.

Follow Safe Practices To Develop Securely for Mobile Apps

Investing the time to apply the proper auditing and testing techniques is worth the time, according to security experts.

Report: Android Malware on the Rise

The creation of malware targeted towards Android devices has increased by a factor of five in the past 12 months.

Report: Top 25 Coding Mistakes

An updated list of the top 25 coding errors considered to be responsible for the majority of security vulnerabilities plaguing software was released yesterday, with input from a coalition of government, academic and private sector security organizations.

Java Update Plugs 17 Critical JDK and JRE Security Holes

Oracle released a security update this week that addresses 17 critical Java vulnerabilities affecting the Java Development Kit (JDK) and the Java Runtime Environment (JRE).

Chrome Hack Blamed on Adobe

After Monday's news that a French security firm had found a zero-day exploit in Chrome's code, personnel at Google are pointing to Flash as the issue. 

Zero-Day Security Flaws Found In Google Chrome

Vupen, a French security group, claimed today that it found a zero-day exploit of Google’s Chrome Web browser when running on Windows.

Survey: Security Processes Lacking in Corporate Application Development

According to a report by Creative Intellect Consulting, 59 percent of enterprise development teams are not following quality and security processes "rigorously" when developing new software.

Malware Targeting Android Phones Growing

According to researchers at Symantec Corp., Google's Android operating system is increasingly becoming the target of malicious code.

IE 9's Browser Tracking Protection May Be Adoped by W3C

Microsoft's tracking protection approach used in Internet Explorer 9 will be reviewed at the Worldwide Web Consortium.

Oracle Squashes Old Java Runtime Security Bug

Oracle has addressed a long-standing security flaw in the Java Runtime Environment (JRE). Known variously as "the Mark-of-the-Beast," "the Magic Number," and "the Floating Point of Death," the bug causes the JRE to hang when parsing strings like "2.2250738585072012e-308" to a binary floating point number.

Black Hat: How iPhone, Android, Other GSM Phones Are Vulnerable To Attack

A demonstration of an attack against an Apple iPhone at the Black Hat Technical Security DC 2011 Conference in Arlington, Va., demonstrated that software in many GSM-based smart phones contains vulnerabilities that could open the phones to remote exploits.

Report: Hackers Shifting Attention to Mobile Devices

Scammers have set their sights on tablets and smartphones, and away from Windows desktops, in response to rising consumer demand for mobile devices.

Consultant Alleges FBI Had Backdoors Installed into OpenBSD

A former FBI consultant claims the FBI had backdoors installed in the OpenBSD operating system to allow the agency to eavesdrop on virtual private networks used by U.S. attorneys nearly a decade ago.

Microsoft: Java Worse Than PDF as Security Threat

Java should be considered a top software security threat, even more so than Adobe PDF files, according to Microsoft's announcement issued today.