Over 86 percent of all Android devices remain vulnerable
The flagrant fragmentation that has come to be associated with Android is once again in focus, with IBM Security researchers shedding light on a major vulnerability (CVE-2014-3100) affecting the all-important Android KeyStore service, which is used for storing cryptographic keys and other sensitive credentials. Although the said vulnerability has been fixed in the latest version of the operating system (Android Kitkat 4.4), the problem is that the vast majority of Android users don’t have the latest version.
Many a heart skipped a beat when it emerged earlier this month that millions of web servers around the world were vulnerable to a yawning hole in the open-source OpenSSL cryptographic software library. The discovery sent IT execs and web admins around the world scampering to plug the hole. Ten days after coverage of Heartbleed first began, security research firm Sucuri decided to scan the Internet’s top one million websites (as ranked by Alexa) to see how many of them were still vulnerable.
Managed to log in to dad’s account with simple trick
Each month, the Microsoft Security Response Center publishes a list of security researchers to whom it is thankful for privately disclosing bugs in its online services and, often, working with it to fix them. On the surface, the latest list may not seem too different from the previous ones, but that’s only until you realize that one of the over three dozen security researchers on it is actually a five-year-old kid.
Windows XP support is entering its final stages. This coming Tuesday will see the release of some of the last security patches for the operating system which, despite its advanced age, still commands a sizable share of the PC market and simply refuses to die.
Nearly 900 million devices running Android 1.6 or later at risk
The Black Hat USA 2013 security conference does not get underway until July 27, 2013, but there is already plenty to look forward to, with the folks at Bluebox Security dropping a bombshell by claiming to have unearthed a yawning hole in Android’s security fabric and promising to shed some technical light on the vulnerability during the upcoming conference.
Latest security bulletin addresses three vulnerabilities
February is proving to be a very busy month for those tasked with the unenviable task of plugging Flash Player holes at Adobe. The Adobe Product Security Incident Response Team (PSIRT) on Tuesday announced the availability of new security updates for the Flash Player. This is the third time this month that the company has had to release security updates for the ubiquitous plugin.
Microsoft will deliver six security bulletins on April 10, 2012 as part of its monthly security update, the Redmond-based company said in an advance notification Thursday. The six security bulletins will, between them, address 11 vulnerabilities in Windows, Office, Internet Explorer, SQL Server. .NET Framework and Forefront Unified Access Gateway. Hit the jump for more.
Downright malicious browser plugins and add-ons are obviously a massive security risk, but make no mistake unpatched or outdated extensions are just as big a headache. For this reason, Mozilla has a blocklist service to deal with plugins that jeopardize the security, stability, or performance of Firefox. The latest addition to the Firefox blocklist happens to be the ubiquitous Java plugin. Hit the jump for more.
Google earlier this week updated the Chrome Stable channel to 16.0.912.77 for Windows, Mac, Linux and Chrome Frame, patching four privately reported vulnerabilities in its browser. How come only four, you ask, when the headline clearly mentions five? Actually the fifth was patched a couple of weeks back, but Google mistakenly failed to include it in the release notes. Hit the jump for more.
A computer science student at Stanford University has discovered a hole in Adobe Flash that could be used by an attacker to furtively enable the victim’s camera and microphone. The vulnerability is not in Flash itself, but the Adobe Flash Settings Manager page. More details about the vulnerability can be found after the jump.