ZRTPCPP, an open-source library that's used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.
A critical vulnerability that could allow remote attackers to access sensitive enterprise log-in credentials and other data was fixed last week in Crowd, a single sign-on (SSO) and identity management tool used by large organizations to simplify access to their internal Web applications and services.
A new piece of malware designed to delete files from hard disk drives and render computers unable to boot targets South Korean users, according to researchers from security firm Symantec.
A new variant of the Citadel financial malware uses in-browser injection techniques combined with extensive content localization to steal log-in credentials and credit card information from users in different countries, according to researchers from security vendor Trusteer.
Cisco Systems released security patches for its email, Web and content security appliances in order to address vulnerabilities that could allow attackers to execute commands on the underlying OS or disrupt critical processes.
A recent targeted attack that used Chinese malware compromised over 1,000 computers belonging to dozens of South Korea organizations, according to researchers from Israeli security firm Seculert.
Over three quarters of Android threats are malicious apps that send SMS messages to premium rate numbers and could be mitigated by a protection feature present in Android 4.2, according to researchers from networking vendor Juniper Networks.
The source code for the Carberp financial malware has been leaked online, increasing the risk that other cybercriminals will create their own variants based on it, Russian cybercrime investigations firm Group-IB says.
The National Security Agency can retain communications of U.S. citizens or residents potentially indefinitely if those communications are encrypted, according to a newly leaked secret government document.
SAP has significantly improved the security of its products over the past few years but many of its customers are negligent with their deployments, which exposes them to potential attacks that could cripple their businesses, according to security researchers.
Microsoft will pay security researchers for finding and reporting vulnerabilities in the preview version of its Internet Explorer 11 (IE 11) browser, for finding novel techniques to bypass exploit mitigations present in Windows 8.1 or later versions, and for coming up with new ideas to defend against exploits.
Oracle addressed 40 security issues in Java and enabled online certificate revocation checking by default in its scheduled critical patch update for Java on Tuesday.
The source code for the Carberp banking Trojan program is being offered for sale on the underground market at a very affordable price, which could result in additional Carberp-based financial malware being developed in the future, according to researchers from Russian cybercrime investigations firm Group-IB.
British intelligence agency Government Communications Headquarters (GCHQ) reportedly intercepted the electronic communications of foreign politicians during G20 meetings that took place in London in 2009.