AOL says encrypted passwords and other user data compromised hacker attack
AOL today said it's investigating a "security incident" involving unauthorized access to its network and systems that resulted in the possible theft of user data, including email addresses, postal addresses, address book contact information, encrypted passwords, encrypted answers to security questions that AOL asks when a user resets his or her password, and certain employee information.
Microsoft has warned Internet Explorer users of a remote code execution vulnerability (CVE-2014-1776 ) that is present in versions 6 through 11. The company is aware of limited, targeted attacks aimed at exploiting the vulnerability, the Redmond outfit said in a security advisory issued on Saturday.
After more than 12 years of service, Microsoft finally pulled the plug on Windows XP by ceasing to support the operating system last week. However, Microsoft did promise to keep doling out updates for its Microsoft Security Essentials (MSE) software, including the version that runs on XP, but in doing so, the Redmond outfit only made things worse. That's because the latest MSE update is causing some XP machines to freeze up and run slow.
New security measures keeps your installed Android apps in check
It's not unusual for a malicious Android app to sneak into Google Play, though they're obviously much more prevalent from third-party sources, especially from sketchy areas of the web. To help protect users from falling prey to an app's malicious intentions, Google is rolling out a new enhancement to its security scheme that will examine an app's behavior after it's been installed.
A so-called "mega breach" can be worth as much as 50 smaller attacks
Large scale cyber attacks are on the rise, says security firm Symantec, which dubbed 2013 "Year of the Mega Breach." According to Symantec, there's a significant shift taking place in how cybercriminals operate. Rather than go in for quick hits with small rewards, cybercriminals are seeing the financial benefit in plotting bigger attacks months in advance. A single mega breach, as Symantec calls these attacks, can yield the same reward as 50 small scale attacks.
Website owners far and wide scramble to fix a major vulnerability
This has been one of the busier weeks in recent history for IT workers and web admins. Earlier this week, researchers discovered a major flaw in OpenSSL, an open source encryption technology that's utilized by an estimated two-third of the world's websites. They're calling it "Heartbleed." By exploiting the bug, cybercriminals can comb through a server's memory and pluck sensitive user data, including usernames, passwords, credit card numbers, and more.
Highest number of valid bug reports came from India, followed by the U.S. and Brazil
Facebook on Friday published an update on the progress of its four-year-old bug bounty program, revealing that it paid out $1.5 million in bounties last year to take the program’s lifetime payouts beyond $2 million.
Managed to log in to dad’s account with simple trick
Each month, the Microsoft Security Response Center publishes a list of security researchers to whom it is thankful for privately disclosing bugs in its online services and, often, working with it to fix them. On the surface, the latest list may not seem too different from the previous ones, but that’s only until you realize that one of the over three dozen security researchers on it is actually a five-year-old kid.
Support for XP might be ending, but the world is not
Security outfit F-Secure has published its Threat Report for the second half of 2013, which provides a detailed look at the threat landscape as well as trends in malware. It also contains some advice for Windows XP users who aren't planning to upgrade to a newer OS once support ends on April 8, 2014. Whether the decision to stick with XP is based on contractual obligations or other reasons, F-Secure says "all is not lost" for businesses and users who ride it out.
Shares of Symantec tumble after security outfit shows its CEO the door
Security firm Symantec announced that it has terminated Steve Bennett as the company's president and chief executive officer, as well as his resignation from Symantec's board of directors. A special committee has begun the search for a permanent replacement, during which time board member Michael Brown will serve as interim CEO. The decision to let Bennett go didn't sit well with investors, who were caught off guard by his surprise dismissal yesterday.