Blog

Windows 8 and Windows RT will receive their first security fixes when next week’s Patch Tuesday rolls around from Microsoft.

The patches are designed to prevent “remote code execution,” which means they’ll plug holes in the OS that could let someone remotely run malicious code on a PC.

Beyond securing Windows 8, the fixes cover just about every other version of Windows, including XP, Vista, and Windows 7 as well as Server 2003, 2008, and 2012.

The rollout includes ...

Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.

The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they’ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI  (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. ...

Research in Motion has won key government security certification for its BlackBerry 10 operating

system months ahead of its launch, allowing the smartphone to be used in secure government workplaces.

The FIPS 140-2 certification signals that U.S. and Canadian government agencies, along with private firms, can deploy BlackBerry 10 smartphones as soon as they launch, with a guarantee that data stored on the devices is appropriately secured and encrypted.

FIPS (Federal Information Processing ...

Metasploit has become a go-to platform for penetration testing and signature development, so much so that disclosure of new software vulnerabilities often are accompanied by a Metasploit exploit module.

The Metasploit Project is a computer security project that developed and maintains the Metasploit Framework for creating and executing exploit code. Available as a free open-source tool and in more sophisticated commercial products from Rapid7, it contains libraries of vulnerabilities and modules to exploit them. The framework lets developers and researchers build ...

Last month, Google was planning to starting scanning Android apps for malware on users’ smartphones.

Google has now confirmed that the functionality will be coming to the next version of Android (4.2, also known as Jelly Bean).

In a recent interview with Computerworld, Android’s VP of Engineering explained that in the next version of the operating system, it will be possible to scan any apps that are installed from third-party marketplaces.

Hiroshi Lockheimer told JR Raphael ...

Multiple trivially remotely exploitable vulnerabilities were disclosed this week in Sophos antivirus products, after researcher Tavis Ormandy had worked with the company to ensure patches were in place prior to the release. As Ormandy included proof-of-concept exploits in his disclosure notes, malicious activity around them is expected to begin immediately. Users of Sophos products should update their software immediately.

In a scathing writeup that is a follow-on to a more theoretical release last year, well-known security researcher Tavis Ormandy released a series of practical attack techniques against common Sophos antivirus ...

That didn’t take long. Windows 8 was officially released a week ago and hackers have already found a security flaw in it.

Team from Vulpen hacking Internet Explorer

But that’s not even the worst news. These guys have not told Microsoft about the flaw. Instead, they’re selling it to others, reports Computerworld.

The flaw was found by the French company Vupen, which makes a living finding vulnerabilities ...

Several NBC websites were briefly hacked today by a hacker trying to make a very original Guy Fawkes Day reference. (But really, you know they just saw V for Vendetta way too many times.)

Affected sites included NBC’s Saturday Night Live page, mobile main page, and its main show section. In addition to the Guy Fawkes message (full text below), the hacker also embedded annoying music and a reference to user information and passwords being leaked.

The sites were also marked with a message ...

Researchers at NC State University have discovered a new bug in current versions of Android that would allow malware to spoof the sender of an SMS message. The exploit works on Gingerbread, Ice Cream Sandwich, and Jelly Bean, Google has been made aware of the issue and will be releasing a security patch.

In the meantime, the team at NC State says they won’t be releasing all the specifics of how it’s done, but chances are ...