UPDATE – Samsung is contending claims last week that several of their Galaxy branded devices have a backdoor that could give an attacker “over-the-air remote control,” access to the phone’s file system and turn them into spying tools.
A recent watering-hole attack targeted firms in the energy sector and led victims to a separate site that used the LightsOut exploit kit to compromise their machines.
The term metadata and the implications of its collection and analysis have been one of the key points in the debate surrounding the NSA’s broad surveillance programs over the last year. Legislators, policy makers and others continue to argue about whether metadata can actually reveal anything about the people behind the phone numbers, but researchers[...]
The Pwn4Fun prelude to the Pwn2Own contest paid out more than $80,000 to the Red Cross of Canada, but critics wondered how long HP and Google sat on the zero-day vulnerabilities used in the contest.
The Early Random Pseudo-Random Number Generator in Apple iOS 7 returns predictable outcomes threatening kernel exploit mitigations native to the mobile operating system.
Exploit broker Vupen won four cash prizes for zero-day exploits of Internet Explorer 11, Firefox, Adobe Reader and Flash at the Pwn2Own contest.
More than 162,000 “popular and clean” WordPress sites were recently used in a large-scale distributed denial of service attack (DDoS) that exploited the content management system’s pingback feature.
Google has fixed several serious security vulnerabilities in Chrome 33, just ahead of the Pwn2Own hacking competition at CanSecWest this week, which surely will reveal several more new bugs in the browser. The company’s Chrome browser is always at the top of the target list for contestants in Pwn2Own, which rewards them with cash prizes[...]
NTP amplification DDoS attacks are on the rise despite an effort to close off the holes in network time protocol servers that enable such attacks.
Researchers looking into the recently uncovered Turla, or Snake, cyber espionage campaign have discovered some similarities connecting it to older pieces of malware such as Agent.btz and Red October.