All

In the 15 months since Google began offering rewards to researchers who report vulnerabilities in its Web applications, the company has paid out more than $400,000 in bug bounties. That's a lot of money, even for Google, and the company is counting the program as a huge success.  Read more »

The Russian software company, ElcomSoft, has developed a tool capable of recovering iWork passwords from Apple Numbers, Pages, and Keynote applications. According to ElcomSoft, ‘Distributed Password Recovery’ is the first commercially available tool with this capacity. Read more »

Members of an online hacking group that calls itself SwaggSec say they hacked systems belonging to Chinese electronics manufacturing giant Foxconn and made off with login credentials belonging to some of the company's biggest clients. Foxconn has declined to comment. Read more »

After a researcher discovered that any person who decides to download the Path app onto their mobile device is unknowingly sending their address book to a server belonging to the social network and photo-sharing service without prior notification, the company has released a new version of the app that asks people to opt in to that behavior. Read more »

CANCUN--The offensive security research community has evolved in the last decade or so from a relatively small and insular group inwardly focused, to a large and rather vocal group with a wide variety of motives, opinions and skill levels. But, to hear Brad Arkin of Adobe tell it, the huge amount of talent in that community could be put to better use trying to develop new defensive technologies and techniques rather than searching for the next bug in an infinite sea of bugs. Read more »

The fallout from last month's S4 Conference continues in February, with a planned Valentine's Day release of tools that make it easy to test and exploit vulnerable programmable logic controllers and other industrial control systems. Among the releases will be a tool for cracking passwords on the common ECOM programmable logic controllers by Koyo Electronics, a Japanese firm, according to a blog post by Reid Wightman for Digital Bond.  Read more »

Attackers and malware authors are well-known for their proclivity for taking whatever tactics and techniques work for others and making them their own. That adaptive ability has now extended to the idea of open-source projects, with one malware gang having set up its own community for improving and updating a piece of malware known as Citadel, a derivative of Zeus. Read more »

Google has released a major update for its Chrome browser, fixing 20 security vulnerabilities and including a new feature that scans downloaded executables and warns users if they're potentially malicious.  Read more »

Researchers in China published a trove of information on previously unknown (zero day) vulnerabilities in popular applications for Google's Android mobile operating system on Wednesday, including mobile browsers and at least one mobile wallet application. Read more »

Researchers at a German university have broken the encryption of the two main standards used to protect calls from satellite phones, giving them the ability to intercept conversations that are meant to be private. The attacks on the GMR-1 and GMR-2 standards are thought to be the first such work against the satellite phone ciphers. Read more »