Flawed Android backup mechanism can lead to injected malicious apps
A flaw (CVE-2014-7952) in Android’s backup/restore mechanism can be exploited by knowledgeable developers to “respawn” malicious apps on phones, and make …
First Java zero-day in two years exploited by Pawn Storm hackers
Another zero-day vulnerability is being exploited in attacks spotted in the wild: this time, the targeted software is Java.The flaw was spotted by Trend Micro researchers, who …
Identifying the five principal methods of network attacks
Companies are underestimating the risk of failing to provide security training to non-technical staff.A new Intel Security study, which surveyed IT decision makers in …
Two more Flash 0-day exploits found in Hacking Team leak, one already exploited in the wild
Exploits for two more Adobe Flash 0-days have been found in the leaked Hacking Team data. The existence of the vulnerabilities has been acknowledged by Adobe with a security …
Week in review: HackingTeam breach and consequences, and Android games unmasked as phishing tools
Here’s an overview of some of last week’s most interesting news and articles:Hacking Team hacked, 400GB+ of company documents and emails leakedHacking Team, the …
Apple to introduce two-factor authentication option in iOS 9 and OS X El Capitan
Starting with OS X 10.11 (“El Capitan”) and iOS 9, Apple will introduce a two-factor authentication option that will replace the current two-step verification …
VMware fixes host privilege escalation bug in Workstation, Player, Horizon View
VMware has issued software updates for VMware Workstation, Player, and Horizon View Client for Windows, which fix relatively serious a host privilege escalation vulnerability …
Sensitive info of over 21.5M people, including SSNs and fingerprints, stolen in OPM hack
The US Office of Personnel Management (OPM) has revealed on Thursday the full extent of the information stolen in the two data breaches it suffered in 2014.In the first …
Naked pictures or financial info? Users would rather thieves stole the former
Every day it seems information security is ruling the headlines, Americans are (perhaps understandably) feeling insecure about the security of their financial information. In …
IIS 6.0 users are heading towards new security dangers
RiskIQ has discovered that 24 of the top 30 FTSE-listed companies in the UK are running web servers that will be out of support in less than a week, posing a potential …
FBI director insists Silicon Valley can solve the encryption dilemma – if they try hard enough
On Wednesday, the US Senate Judiciary Committee got to hear from FBI director James Comey and DOJ Deputy Attorney General Sally Quillian Yates on how end-to-end encryption …
Severe OpenSSL bug that allows certificate forgery has been plugged
The wait is over: the OpenSSL Project has issued security updates for the popular open-source implementation of the SSL and TLS protocols, and has shared some details about …
Featured news
Resources
Don't miss
- Why your security team feels stuck
- It’s time to give AI security its own playbook and the people to run it
- Kanvas: Open-source incident response case management tool
- 6 eye-opening books on AI’s rise, risks, and realities
- Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)