A new study performed by cybersecurity firm Fallible on 16,000 Android applications revealed that around 2,500 had API keys and access tokens for third-party services hard-coded into them.
Stories by Lucian Constantin
The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them.
After deleting data from thousands of publicly accessible MongoDB databases, ransomware groups have started doing the same with Elasticsearch clusters that are accessible from the Internet and are not properly secured.
GoDaddy, one of the world's largest domain registrars and certificate authorities, revoked almost 9,000 SSL certificates this week after it learned that its domain validation system has had a serious bug for the past five months.
Security researchers have found a new very well designed ransomware program dubbed Spora that can perform strong offline file encryption and brings several innovations to the ransom payments model.
Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers.
Microsoft has released one of its smallest monthly patch bundles ever, with only three vulnerabilities fixed across its entire product portfolio.
A cyber sabotage program that wiped data from 30,000 computers at Saudi Arabia's national oil company in 2012 has now returned and is able to target server-hosted virtual desktops.
A security researcher developed a tool that can automatically detect sensitive access keys that were hard-coded inside software projects.
Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them.
A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.
The security team behind the Plone content management system has dismissed claims that hackers have access to information about an unpatched critical vulnerability.
Security vendor Kaspersky Lab updated its antivirus products to fix an issue that could have exposed users to traffic interception attacks.
Over the Christmas a user reported the first in-the-wild case of a ransomware attack that infected an Android-based smart TV.
Insecure default configurations are prevalent in the IoT world, but many of them could be easily avoided if device manufacturers would include LAN-based attacks in their threat modelling.
- DevOps Lead - Agile/AWS VIC
- NetIQ Development & Support NSW
- Level 3 Engineer NSW
- Mid-level Java Developer / Programmer (Contract) Finance CBD NSW
- Linux Engineer NSW
- Consulting Solution/Integration Architect VIC
- iOS Developer - Permanent Opportunity! NSW
- Life/400 Developers / Programmers - Permanent - North Ryde area NSW
- Level 2 Service Desk NSW
- Identity Access + Security Consultant SA