A cyberespionage group was found using a new remote access Trojan dubbed Trochilus whose detection rate was very low among antivirus products.
Developers of the popular Drupal content management system are working to secure the software's update mechanism after a researcher found weaknesses in it.
Unlike Mozilla, Google plans to ban only SHA-1 certificates that were issued after Jan. 1 by public certificate authorities, not self-generated ones too.
Cyberespionage groups could easily exploit vulnerabilities in antivirus programs to break into corporate networks, according to vulnerability researchers who have analyzed such products in recent years.
Law enforcement authorities from Romania and Republic of Moldova dismantled a gang of criminals that stole 200,000 euros from ATMs in the E.U. and Russia after infecting them with a malware program.
The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.
Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.
Researchers found a flaw that allows them to decrypt files affected by a new version of Linux.Encoder, a file-encrypting ransomware program that infects Linux Web servers.
Exploit acquisition firm Zerodium is offering up to $100,000 for exploits that bypass Flash Player's latest heap isolation protection.
Media processing and kernel privilege escalation flaws were patched in the January Android security update.
A cyberespionage group focused on companies and organizations from the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.
Many payment terminals in Germany - and in other countries too -- were designed without following best security principles, making them vulnerable to attacks that could result in mass fraud against both customers and merchants.
Juniper was using a known flawed random number generator as the foundation for cryptographic operations in NetScreen's ScreenOS and the safeguards it put in place were ineffective.
Google is considering banning certificates signed with the SHA-1 hashing function in Google Chrome starting Jul. 1.
The administrative access issue only affects ScreenOS 6.3.0r17 through 6.3.0r20, while the VPN decryption issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.