Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.
A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.
Cisco Systems released new firmware versions for some of its small business routers and wireless LAN controllers in order to address vulnerabilities that could allow remote attackers to compromise the vulnerable devices or affect their availability.
Hackers found security weaknesses that allowed them to overdraw accounts with Flexcoin and Poloniex, two websites that facilitate bitcoin transactions, and exploited them to steal bitcoins from the two services. The attacks put Flexcoin out of business and cost Poloniex's users 12.3 percent of their bitcoins.
A group of attackers managed to compromise 300,000 home and small-office wireless routers, altering their settings to use rogue DNS servers, according to Internet security research organization Team Cymru.
Mozilla is pushing ahead with its efforts to discourage the use of plug-in based content on the Web and gave developers until the end of March to apply for an exemption from the plug-in blocking planned for the Firefox browser.
A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes it significantly harder to remove, according to security researchers from Sophos.
A mobile application designed to make it easier for RSA Conference 2014 attendees to navigate the event and interact with their peers exposes personal information, according to researchers from security firm IOActive.
Fourteen prominent security and cryptography experts have signed an open letter to technology companies urging them to take steps to regain users' trust following reports over the past year that vendors collaborated with government agencies to undermine consumer security and facilitate mass surveillance.
The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people.
Security researchers managed to bypass the protections offered by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a utility designed to detect and block software exploits, and concluded that the tool would not be effective against determined attackers.
A hacker defaced the website of EC-Council, an organization that runs IT security training and certification programs, and claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization's courses.
The source code for an Android mobile banking Trojan app was released on an underground forum, making it possible for a larger number of cybercriminals to launch attacks using this kind of malware in the future.
Cisco Systems has released security updates to fix serious vulnerabilities in a range of products including its Intrusion Prevention System, Unified Computing System Director, Unified SIP Phone 3905 and Firewall Services Module products.
Copyright 2014 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.