Bogdan Alecu, a system administrator at Dutch IT services company Levi9, reportedly found that the vulnerability can occur when an attacker sends about 30 so-called Flash SMS messages -- messages that appear immediately on the phone's screen on arrival -- to the Galaxy Nexus, the Nexus 4, or the Nexus 5. If the messages aren't promptly dismissed, … Read more
Google has expanded its bug-bounty program to cover vulnerabilities uncovered in Android.
The program began with Chrome and expanded to Google Web sites and other open-source software projects. Under the program, people who find security holes get paid bounties. That often equates to a few hundred dollars, but particularly skilled attacks can mean big money -- $50,000 last week for one expert who goes by the name Pinkie Pie, for example.
The broader expansion, called the Patch Reward Program, now includes Android, Google security team member Michal Zalewski said in a blog post Monday.
The program also includes three … Read more
The NSA allegedly gathered millions of records from Google and Yahoo data centers around the world, but soon, the agency might have a much harder time trying to collect this type of data.
Google, Yahoo, Microsoft, Apple, and other prominent technology companies are investing heavily in stronger, 2048-bit encryption. Due to computing power constraints, it's expected to be more than a decade before this type of encryption can be easily overcome.
Microsoft plans to issue a security update on Tuesday that addresses an Internet Explorer ActiveX Control vulnerability that allowed malware to be installed on computers when users visited at least one breached Web site.
Microsoft said Monday that vulnerability CVE-2013-3918, which was disclosed Friday by security researcher FireEye, was already scheduled to be addressed in "Bulletin 3" on Tuesday. An exploit described by the security firm as a classic drive-by attack is already in the wild, targeting English versions of IE7 and 8 in Windows XP and IE8 on Windows 7.
FireEye said its analysis of the exploit … Read more
A new spate of vulnerabilities have been found in a D-Link router, a security researcher said Monday.
Liad Mizrachi, the researcher who discovered the bugs, said he notified D-Link about the bugs in August, September, and October, but D-Link did not respond.
The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI-624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a … Read more
A pair of vulnerabilities in Internet Explorer are currently being exploited in the wild to install malware on computers that visit at least one malicious Web site, security researches warn.
The classic drive-by download attack targets the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, security firm FireEye warned in a company blog post Friday. However, the security researcher wrote that its analysis indicated that other languages and browser version could be at risk.
"The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily … Read more
Track down a security hole on the World Wide Web, and you could earn as much as $5,000.
Sponsored by Microsoft and Facebook, the Internet Bug Bounty challenges you to hack your way into such critical Web platforms as OpenSSL, PHP, Perl, and Apache. One challenge even invites you to hack the Internet itself, meaning finding a bug that affects a wide range of products and users.
"If the public is demonstrably safer as a result of your contribution to internet security, we'd like to be the first to recognize your work and say 'thanks' by sending … Read more
Database hosting service MongoHQ suffered a considerable security breach on Monday, in which users' e-mail addresses, hashed password data, and other account information was exposed to hackers.
"We detected unauthorized access to an internal support application using a password that was shared with a compromised personal account," MongoHQ co-founder Jason McCay wrote in a blog post. "In handling security incidents, MongoHQ's priorities are to halt the attack, eliminate the control failures that allowed the attack to occur, and to report the incident candidly and accurately to our customers."
In an effort to secure its networks, … Read more
A cyberattack launched against Adobe affected more than 10 times the number of users initially estimated.
On October 3, Adobe revealed that it had been the victim of an attack that exposed Adobe customer IDs and encrypted passwords. At the time, the company said that hackers gained access to encrypted credit card records and login information for around 3 million users. But the number of affected accounts has turned out to be much higher.
The attack actually involved 38 million active accounts.
"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were … Read more
The National Security Agency and Central Intelligence Agency have teamed up to spy on German government officials' phone calls, a new report out of Germany claims.
Spiegel, a German news outlet, reported on Sunday that the US is using its embassy in Berlin as a "nest of espionage," where the country's two biggest spy agencies listen in on cell phone communications around government buildings in Germany, including those made by Chancellor Angela Merkel.
US-German relations have been a bit strained since reports surfaced saying the US has been monitoring the chancellor's communications. Merkel called President Obama … Read more