Don't-Miss Security Stories

Apple iPhone 5S (1)

Increasingly popular "hot patching" update tool for iOS apps puts users at risk

An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through the official app store's review process, an action that poses security risks for users.

chromex

Google will mark non-encrypted websites with a scarlet letter

Google Chrome can mark unencrypted sites with a red "X," but only as an optional feature for now.

3 virustotal

Google's VirusTotal now identifies suspicious firmware

Google's VirusTotal service has added a new tool that analyzes firmware, the low-level code that bridges a computer's hardware and operating system at startup.

Java logo

Oracle's killing a favorite security hole for attackers: the Java browser plug-in

Next year, the Java browser plug-in, which is frequently the target of Web-based exploits, will be retired by Oracle.

150817 google marshmallow 03

New Android ransomware uses clickjacking to gain admin privileges

A new Android ransomware app called Lockdroid.E is abusing system dialogs to hijack user clicks and grant itself administrator privileges.

The ultra-secure Tails OS beloved by Edward Snowden gets a major upgrade

Tails 2.0 is out with improved features, a new desktop shell, and an easier way for new users to install the OS.

PayPal logo

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.

Security

Lenovo fixes hard-coded password in file-sharing utility

Lenovo has patched several software flaws in a file-sharing utility, which could allow attackers to browse and make copies of files.

publicityclerks xss

Online advertising company fixes severe XSS flaw

An online advertising company has fixed a vulnerability in its platform that could have allowed hackers to steal information from a large number of users.

Federal Trade Commissioner Terrell McSweeny

Let consumers look at the code running their devices, says Federal Trade Commissioner

Consumers should have the right to inspect the source code for connected devices they own, to ensure it doesn't contain bugs or backdoors, one U.S. Federal Trade Commissioner believes.

juniper netscreen 5200 firewall

U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances.

pc antivirus

Tested: Microsoft’s Windows Defender antivirus is less awful than it used to be

Windows Defender has risen from dead last in independent testing to somewhere in the middle, actually outperforming some paid competitors.

magento logo

Critical vulnerabilities patched in Magento e-commerce platform

The latest patches for the Magento e-commerce platform fix critical vulnerabilities that could allow attackers to hijack administrative accounts.

Apple brings down apps, mainly Chinese ones, with malware

Single group of hackers targets Uyghur, Tibetan activists

A years-long campaign of seemingly disparate cyberattacks against Tibetan and Uyghur activists likely comes from a single group of hackers, according to a seven-month study by Palo Alto Networks.

Fortinet FortiGate

FortiGuard SSH backdoor found in more Fortinet security appliances

Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over FortiSwitch, FortiAnalyzer and FortiCache devices.