Version 3.5.5 of the LibreOffice free personal productivity suite contains fixes for multiple security vulnerabilities that could be exploited to execute arbitrary code with the privileges of the active user, according to The Document Foundation -- the organization overseeing the software's development.
Security researcher Michael Coppola demonstrated how small and home office (SOHO) routers can be compromised and turned into botnet clients by updating them with backdoored versions of vendor-supplied firmware.
Security researcher Jonathan Brossard created a proof-of-concept hardware backdoor called Rakshasa that replaces a computer's BIOS (Basic Input Output System) and can compromise the operating system at boot time without leaving traces on the hard drive.
Security researchers released two tools at the Defcon security conference that can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise (Wireless Protected Access) sessions that use MS-CHAPv2 for authentication.
Security researcher and Columbia University PhD student Vasilis Pappas was announced the winner of the Microsoft BlueHat Prize contest for an exploit mitigation technology called "kBouncer" which is designed to detect and prevent return-oriented programming (ROP), a popular vulnerability exploitation technique.
The judging panel of the Pwnie Awards, which are handed out every year at the Black Hat security conference for achievements and failures in IT security, have recognized the Windows Update hack used by the Flame cyberespionage malware as the most impressive compromise of the past 12 months.
Three widely deployed payment terminals have vulnerabilities that could allow attackers to steal credit card data and PIN numbers, according to a pair of security researchers from penetration testing firm MWR InfoSecurity in the U.K.
Java vulnerabilities are increasingly exploited by attackers to infect computers, and the problem could become worse if Oracle doesn't do more to secure the product and keep its installation base up to date, according to security researchers who will talk about Java-based attacks at the Black Hat USA 2012 security conference.
Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference.
Cybercriminals no longer control one of the world's largest spam botnets, Grum, because all of the servers the botnet relied on for receiving commands were shut down, according to researchers from security firm FireEye.
A piece of malware called Mahdi or Madi has been used to spy on hundreds of targets from Iran, Israel and a few other Middle Eastern countries during the past eight months, according to researchers from security vendors Seculert and Kaspersky Lab.
Copyright 2013 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.