OpenSSL is getting some much needed funding with reports saying new Core Infrastructure Initiative members Huawei, Smartisan and Nokia have made annual pledges.
The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.
A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.
Twitter, which recently acquired year-old Android security start-up Whisper Systems, announced Tuesday that it is making some of the company's open-source code publicly available.
Visitors to MySQL.com on Monday were greeted with a drive-by download that attempted to silently install malware on their machine.
The Georgia Tech Research Institute (GTRI) is currently heading a new five-year, $10 million U.S. Department of Homeland Security project to investigate open cybersecurity methods and how they can benefit government. The program, called Homeland Open Security Technology (HOST), is aimed at identifying open-source approaches that can support federal security objectives while saving agencies money. As part of the program, GTRI researchers are reaching out to members of government, industry and academia to learn how such solutions have been successfully implemented and where challenges remain. They plan to launch a public information portal this summer.
The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.
The number of new and unpatched vulnerabilities decreased last year compared to 2008, but attack volume grew substantially, according to a new report from IBM ISS.
On the eve of Microsoft's Patch Tuesday, Apple released a monster security update for its Mac OS X platform.
Apple on Monday released web browser Safari 4.0, which contains fixes for more than 50 vulnerabilities.
The CERT Coordination Center at the Carnegie Mellon Software Engineering Institute in Pittsburgh on Thursday released a free, open-source tool that software developers can use to detect ActiveX vulnerabilities. Dubbed Dranzer, the tool was tested on 22,000 ActiveX controls produced by more than 5,000 organizations. Dranzer is designed for use during the quality assurance phase of software creation and can help prevent flaws, such as buffer overflows, from being shipped in software to the public. — DK
A researcher has shown that the Google Chrome web browser also can succumb to clickjacking.
The vulnerabilities can be maliciously exploited to bypass certain security restrictions.
Google and T-Mobile late last week began rolling out a patch to users of the G1 phone to address a security vulnerability in the Android operating system.
The open-source alternative to Microsoft Office has released patches to rectify two critical flaws.
Mozilla's Firefox 3.0.2, released late Tuesday, corrects 12 vulnerabilities, seven that are deemed "critical."
Surprise, surprise. Researchers have discovered vulnerabilities in Google's latest innovation, the Chrome browser.
A U.S. Department of Homeland Security-sponsored project has not only discovered that the quality of open-source software code has improved significantly over the past two years, it has debunked a widely held assumption that longer function strings within source code are associated with an increased number of code defects.
Three "critical" vulnerabilities have been discovered in the Linux kernel found in many of the widely used distribution versions of the popular open source operating system.
Security vendor SecureWorks says a mass attack launched against Apache servers running Linux, which has now infected 10,000 websites, can be thwarted by disabling dynamic loading in the server configuration.
A vendor working with the U.S. Department of Homeland Security (DHS) has uncovered vulnerabilities impacting 11 major open-source software projects, including the Perl and PHP programming and scripting languages used widely to develop web applications.
The information in an authentication dialog box from Mozilla's Firefox browser can be spoofed, allowing an attacker to conduct phishing schemes, according to Israeli researcher Aviv Raff.
Apple has issued patches to correct at least 40 vulnerabilities in its Mac operating system that could permit an attacker to install malicious software on a victim's machine
OpenOffice.org released a new version of its productivity suite this week, fixing a flaw that could allow arbitrary code execution attacks.
Anti-virus vendor Grisoft announced today that it has acquired web-browsing security provider Exploit Prevention Labs.
Apple on Wednesday released security updates for Mac OS X and Safari Beta 3, patching nearly 50 vulnerabilities.
Clothing retailer Gap Inc. revealed that a laptop containing the Social Security numbers of 800,000 job applicants was stolen from a third-party vendor. The laptop contained info of job applicants who applied to the company's Old Navy, Banana Republic, Gap and Outlet stores. The vendor, not identified by Gap, contacted law enforcement authorities about the breach. The data was not encrypted.
A legion of data exposures have occurred over the past year, with many affected companies not only being forced to address customer and investor concerns, but also pay fines and adhere to prolonged sets of requirements administered by the Federal Trade Commission. So just how is news of such breaches, exposures and possible thefts affecting the way organizations -- large and small -- focus on information security plans?
New Zealand-based network monitoring provider Endace has acquired Applied Watch Technologies, a managed security services provider, for $5 million.
Mozilla on Thursday acknowledged that a year-old vulnerability in the QuickTime media player plug-in for Firefox could let a hacker break into the open-source browser.
Sign up to our newsletters
SC Magazine Articles
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- CozyDuke APT group believed to have targeted White House and State Department
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure