Many door and window sensors, motion detectors and keypads that are part of security systems used in millions of homes and businesses can be bypassed by using relatively simple techniques, according to researchers from security consultancy firm Bishop Fox.
Some D-Link devices that enable remote access to surveillance camera feeds or other potentially sensitive data contain critical vulnerabilities that enable hackers to bypass authentication and access them from the Internet.
A variety of network-controlled home automation devices lack basic security controls, making it possible for attackers to access their sensitive functions, often from the Internet, according to researchers from security firm Trustwave.
Bitdefender has released a Windows application designed to help users secure sensitive Web-browsing sessions, especially when they shop or bank online. The application is called Safepay and a free version is available to home users.
Microsoft estimates that 88 percent of botnets running the Citadel financial malware were disrupted as a result of a takedown operation launched by the company in collaboration with the FBI and partners in technology and financial services. The operation was originally announced on June 5.
Malware writers are increasingly considering the Tor anonymity network as an option for hiding the real location of their command-and-control (C&C) servers, according to researchers from security firm ESET.
The hacker group calling itself the Syrian Electronic Army (SEA) broke into the customer support website for Viber, an instant messaging and Voice-over-Internet-Protocol (VoIP) application available for both mobile and desktop operating systems.
About 1 percent of Android devices are infected with malware, according to Alcatel-Lucent's Kindsight Security Labs.
An independent security researcher claimed responsibility for the security breach incident that forced Apple to close down its Developer Center website last week.
The British government wants Google, Yahoo and Microsoft to block Internet searches that are likely to lead to child abuse images. Internet search providers have until October to commit to banning lists of keywords deemed abusive or the government will consider legislation to force them, the U.K.'s Prime Minister David Cameron said Monday in a speech.
A new vulnerability in Java 7 could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.
Cisco Systems released a security patch for its Unified Communications Manager (Unified CM) enterprise telephony product in order to mitigate an attack that could allow hackers to take full control of the systems. The company also patched denial-of-service vulnerabilities in its Intrusion Prevention System software.
Despite the significant Java security improvements made by Oracle during the past six months, Java vulnerabilities continue to represent a major security risk for organizations because most of them have outdated versions of the software installed on their systems, according to a report by security firm Bit9.
The Apache Software Foundation has released Struts 18.104.22.168, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one that could allow remote attackers to execute arbitrary code on the server.
The malware is digitally signed and is probably used in targeted attacks, researchers from F-Secure said.