eWeek: Online thieves are expanding their use of malware to steal credit- and debit-card information from point-of-sale systems, easily defeating many defenders' uneven efforts to keep them out, according to a report released on May 12 by Arbor Networks, a network security firm. While a variety of different types of malware are popular among digital thieves, most are not that sophisticated and could be detected by vigilant companies, the report stated. Yet, in many of...
Read moreThreatpost: Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate certificates. The company made the policy change last year, but gave CAs about a year to comply and now that grace period is running out.
Read moreWall Street Journal: Europe’s top court ruled that Google can be forced to erase links to content about individuals on the Web, a surprise decision that could disrupt search-engine operators and shift the balance between online privacy and free speech across Europe.
Read moreForbes: The latest security risk to computers running Windows XP highlights the dangers to supply chains that continue to rely on that obsolete operating system. Less than a month after Microsoft announced that it was no longer supporting Windows XP, the company warned of a security gap in Internet Explorer that could allow hackers to take control of infected computers. The risk was so high that Microsoft back-pedaled on its vow to abandon XP, and issued a patch.
Read moreV3 - Microsoft has announced a wealth of security enhancements for its Azure cloud platform, including new in-built anti-malware and Site Recovery services. The services were announced at the opening keynote of Microsoft's TechEd 2014 conference. The anti-malware solution is available in preview now and offers Azure users the ability to install solutions from Symantec and Trend Micro into their Azure environments.
Read moreThreatpost: PointDNS says most of its DNS servers are online again after a massive DDoS attack late last week took down the service provider. A post on the company’s Twitter account on Friday said the provider was adding nameservers and working with network providers to restore service to its customers. Many of those same customers took to social media complaining about downtime and unavailability of their own websites and services. According to its website, PointDNS...
Read moreThe Hacker News: Till now the Internet was encountering the traditional DDoS attacks where a large number of compromised systems are used to flood servers with tremendous amounts of bandwidth; but in the past few months we have noticed massive changes in the techniques of DDoS attacks.
Read moreIntego: iOS 7 has brought some cool new features to Apple’s mobile operating system, but it has also introduced its fair share of embarrassing and unwelcome security holes. Some of the more high profile flaws have involved methods to bypass the iPhone’s lock screen Astonishingly, the first of these appeared just one day after the initial release of iOS 7, and there have too many others since.
Read moreSoftpedia: Back in March, Microsoft issued a warning regarding a remote code execution vulnerability in Word, that was being leveraged by cybercriminals in targeted attacks. The company patched the security hole in April, but experts have found that cybercriminals are still relying on it in their campaigns.
Read moreArstechnica: Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running updated versions that contain a fix.
Read more