August 24, 2012 Added by:Pierluigi Paganini
Crisis Malware is an agent used to spy on victims by intercepting communications, and it is able to open a backdoor on the infected host once the user executes a JAR file made to look like an Adobe Flash Installer. The malware has been developed for several OSs, and a Mac version has been isolated...
August 16, 2012 Added by:f8lerror
There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...
July 12, 2012 Added by:Pierluigi Paganini
Using a JAR, the malware is able to identify the OS and download the right files to infect the targeted machine. After identifying the type of operating system a unit is running, a Java class file will download the appropriate malware, with the purpose to open a backdoor to allow remote access to the machine...
July 03, 2012 Added by:Headlines
July 02, 2012 Added by:f8lerror
March 16, 2012 Added by:Danny Lieberman
February 01, 2012 Added by:Pierluigi Paganini
According the announcement from researchers at Eleven, a German security firm, it is sufficient that a communication is merely opened in the email client to infect the target without the user clicking on a link or opening an attachment...
January 24, 2012 Added by:Fergal Glynn
While Android may be a new platform, some of the security issues we found are reminiscent of old mistakes we have seen developers make. One example of this was the practice of hard-coding cryptographic keys directly into the application...
January 20, 2012 Added by:Kevin McAleavey
January 18, 2012 Added by:Rafal Los
Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...
December 15, 2011 Added by:Mark Baldwin
December 07, 2011 Added by:Headlines
"This U3D memory corruption vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows..."
November 22, 2011 Added by:Keith Mendoza
This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?
October 07, 2011 Added by:Tom Eston
OS X Lion's new feature poses a security risk. When an OS X laptop joins a network which contains a captive portal, a window is automatically opened to prompt the user to interact with it. This presents a major security risk if an attacker can control this functionality...
September 28, 2011 Added by:Headlines
“I am very disturbed by news that supercookies are being used to collect vast amounts of information about consumers’ online activities without their knowledge. Companies should not be behaving like supercookie monsters, gobbling up personal, sensitive information without users’ knowledge..."
August 23, 2011 Added by:Headlines
"Does it make sense to allow users to 'embed' HTML code in their Skype profile and especially in those 'phone number' fields? Also, there is no option to define any HTML code in Skype client. I was able to find those bugs with Linux Skype client. I guess they don't focus so much on that client..."
Mass Disclosure of Vulnerabilities in SAP... john niko on 12-09-2013
Join Trend Micro & SecurityWeek in Belle... Shah Alam on 12-06-2013
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013