Security & Privacy

Adobe issues emergency patch for zero-day Flash vulnerabilities

Adobe Systems released an emergency security update today that addresses a trio of vulnerabilities in Flash, two of which the company said were already being exploited by hackers.

Today's surprise update -- the company's third for the browser plug-in this month -- patches holes "that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security bulletin.

"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which … Read more

What is the Eicar testfile?

When Apple updates its XProtect anti-malware system in OS X with new definitions, it often means a new or updated threat has been found for OS X.

Earlier this morning, Apple issued an update to XProtect, which now includes a new definition for a malware package called "OSX.eicar.com.i," that comes from Eicar.com. This update suggests the new definitions are for a novel malware package, but this is not so with this latest update.

"Eicar" stands for the European Institute for Computer Antivirus Research, which is a group that investigates malware and security … Read more

New Stuxnet whodunit: Malware existed two years earlier than anyone knew

Cybersecurity professionals -- especially in Iran -- woke up today to the latest twist in the history of cyberwarfare when researchers at Symantec said they discovered a version of the Stuxnet computer virus which predates by two years the cyber weapon that was used to sabotage Iran's main nuclear enrichment facilities.

The U.S. and Israel are widely believed to be behind Stuxnet, though neither country has claimed authorship publicly. (The New York Times reported that President George W. Bush initiated the attacks, a program which has continued in the Obama administration.) Stuxnet first came to public light for … Read more

Google spars with Spain over data privacy

Google and Spain's data-protection authorities took to Europe's highest court, the European Court of Justice, to discuss whether the search giant has a responsibility to delete data that could infringe a person's privacy.

The issue at play relates to what is and what is not suitable for public consumption. Spain's regulators argued in the European court in Luxembourg today that Google must delete from its search results any information that would potentially hurt a person's privacy. Google, however, argues that it doesn't have a responsibility to wipe search results, and doing so could create … Read more

The Pirate Bay sets sail for Norway, Spain after Sweden sinks ship

The Pirate Bay has broken its operation in two after an organization backed by the music and movie industries took aim at its backer.

According to TorrentFreak, The Pirate Bay today shifted its operational duties to Norway and Spain. Previously, the Swedish Pirate Party was providing it with the bandwidth it needed to operate its site. However, the Rights Alliance, an organization backed by the biggest music and movie companies, threatened to sue the Swedish Pirate Party over its support. That lawsuit could have cut off the Swedish Pirate Party's ability to pay for The Pirate Bay's bandwidth … Read more

'Copyright Alert System' rolls out to catch illegal downloaders

The "Copyright Alert System," aka "six strikes," kicked off today with the cooperation of five major Internet service providers. The goal of the new campaign is to curb copyright infringement by going after consumers rather than pirates.

While the CAS seems like something that would raise the hackles of privacy and civil liberty groups, the plan isn't to arrest, sue, or fine people downloading illegal movies, games, or music. Instead, the group managing the program -- the Center for Copyright Information -- says its objective is to "educate" such downloaders that they are … Read more

Add Microsoft to list of hacked companies

Updated to include Microsoft comment Security software companies must be smiling ear to ear as they read the news briefs coming off the transom. Microsoft said today that an undetermined number of computers in its Mac software business unit got infected with malware. The company said the number of infected PCs was small but that there was no indication customer data had been compromised.

In a blog post late Friday, Matt Thomlinson, who directs the company's Trustworthy Computing Security program at Microsoft, wrote:

Consistent with our security response practices, we chose not to make a statement during the initial … Read more

HTC settles with FTC over software security vulnerabilities

Mobile handset maker HTC has agreed to settle a complaint filed against it by the Federal Trade Commission accusing the company of failing to take "reasonable steps" to patch a security flaw in software running on its smartphones.

As part of this settlement, HTC has agreed to patch handsets that were left vulnerable to the security risks. And the company has agreed to develop a security program to address future security issues on its handsets.

HTC has already begun rolling out the patches to devices in the U.S., according to the FTC.

In its complaint, the commission … Read more

Sentencing of LulzSec double agent postponed

Hector Xavier Monsegur, better known by his nom de plume "Sabu," was slated to face sentencing in New York City today for his role hacking into public and private Web sites as one of the hacktivists operating under the LulzSec label. All told, he faces a maximum time behind bars of 124 years associated with his guilty plea on ten counts of bank fraud and one count of identity theft.

But Monsegur, who subsequently worked as a double agent for the FBI, still awaits his fate. The authorities abruptly postponed his sentencing. No explanation was offered.

His cooperation … Read more