A new version of the Apache Struts development framework released Friday disables a mechanism called the Dynamic Method Invocation that's a known source of possible security vulnerabilities.
A criminal gang attempted to plant a rogue hardware device on the network of a Santander bank branch in London to remotely control a computer and steal money.
Oracle added a feature in Java that lets companies control what specific Java applets are allowed to run on their endpoint computers, which could help them better manage Java security risks.
The attack campaign, which has been dubbed “Kimsuky,” involves the use of malware to steal sensitive information from South Korean research institutions.
The new updates to Adobe's Flash Player, Reader and Shockwave Player address vulnerabilities that could allow attackers to compromise computers.
The fingerprint sensor in Apple's new iPhone 5S has the potential to enhance the security of the device, but the devil will be in the details.
Android malware is following in the footsteps of Windows malware with attackers adopting some of the same distribution and monetization techniques despite the major differences between the platforms.
The U.S. intelligence community is reportedly using a fifth of its $52.6 billion annual budget to fund cryptography-related programs and operations. according to a report in The Washington Post
The developers of the popular vBulletin software used for commercial Internet forums advise users to delete the ‘install’ directory from their vBulletin installations.
Cisco Systems released security patches for Secure Access Control Server (Secure ACS) for Windows to address a critical vulnerability that could allow unauthenticated attackers to remotely execute arbitrary commands and take control of the underlying operating system.
The cyberattack that resulted in nytimes.com and some other high-profile websites being inaccessible to a large number of users Tuesday started with a targeted phishing attack against a reseller for Melbourne IT, an Australian domain registrar and IT services company.
Image-manipulation software is being used to create counterfeit scanned documents to aid cybercriminals in fraud efforts.
The U.S. National Security Agency reportedly cracked the encryption used by the video teleconferencing system at the United Nations headquarters in New York City.
Mozilla is considering the possibility of rejecting as invalid SSL certificates issued after July 1, 2012, with a validity period of more than 60 months. Google already made the decision to block such certificates in Chrome starting early next year.
Orbit Downloader's DDoS component is used to attack websites and can cause Internet connection problems for users, according to security researchers.