ReVuln, a Malta-based security startup that specializes in vulnerability research, is working on a product that could allow companies to protect their SCADA (supervisory control and data acquisition) software installations against entire classes of vulnerabilities. In the meantime, the company is developing and selling custom patches for SCADA software vulnerabilities that have yet to be addressed by the vendors.
Users who signed into third-party Web or mobile applications using their Twitter accounts might have given those applications access to their Twitter private "direct" messages without knowing it, according to Cesar Cerrudo, the chief technology officer of security consultancy firm IOActive.
Unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organizations from around the world as part of a newly uncovered cyberespionage campaign that started nearly six years ago. The operation involved the use of highly customized and sophisticated data theft malware, researchers from antivirus firm Kaspersky Lab said Monday.
A recent Java 7 update allows users to completely prevent Java applications from running inside browsers or to restrict how Web-based Java content is handled by the Java Runtime Environment (JRE) client. These features will benefit security-conscious users, but companies still have to find methods of isolating older Java versions, security experts say.
The Romanian domain names of Google, Yahoo, Microsoft, Kaspersky Lab and other companies were hijacked on Wednesday and were redirected to a hacked server in the Netherlands.
Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling US$25 million.
Users running pirated copies of Windows 8 Pro can reportedly upgrade to a fully licensed and permanently activated version of the OS by simply installing a free Windows 8 Media Center upgrade offered by Microsoft.
Security researchers from antivirus vendor Symantec have uncovered a piece of malware that uses Google Docs, which is now part of Google Drive, as a bridge when communicating with attackers in order to hide the malicious traffic.
Skype has disabled the account password reset option on its website following reports that the feature can be abused to hijack Skype accounts if the attackers know the email addresses associated with them.
The government of Gabon has decided to suspend the me.ga domain that Megaupload founder Kim Dotcom intended to use for a new file sharing and storage service called Mega.
About 200 Android applications currently hosted on Google Play create spoofed SMS messages on the devices they are installed on, according to security researchers from antivirus vendor Symantec.
Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos and advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices.
Chinese networking and telecommunications equipment manufacturer Huawei plans to send a team of engineers to Germany in order to meet with Felix Lindner, a security researcher who earlier this year disclosed vulnerabilities in the company's products, he confirmed.
Chinese networking and telecommunications equipment manufacturer Huawei plans to send a team of engineers to Germany in order to meet with Felix Lindner, a security researcher who earlier this year disclosed vulnerabilities in the company's products, he confirmed.
Many Apache Web servers, including those hosting some popular websites, expose information about the internal structure of the sites they host, the IP (Internet Protocol) addresses of their visitors, the resources users access and other potentially sensitive details because their status pages are left unprotected.