Mozilla is considering the possibility of rejecting as invalid SSL certificates issued after July 1, 2012, with a validity period of more than 60 months. Google already made the decision to block such certificates in Chrome starting early next year.
Stories by Lucian Constantin
Recent versions of Orbit Downloader, a popular Windows program for downloading embedded media content and other types of files from websites, turns computers into bots and uses them to launch distributed denial-of-service (DDoS) attacks, according to security researchers.
Cisco Systems has released new security patches for several versions of Unified Communications Manager (UCM) to address vulnerabilities that could allow remote attackers to execute arbitrary commands, modify system data or disrupt services.
A portion of the North American user base of "League of Legends" (LoL) had its account information compromised by hackers, according to Riot Games, the company developing the popular online multiplayer game. Passwords and credit card numbers stored in encrypted form were accessed, as well as other details.
Although cyberattacks caused just 6 percent of significant outages of public electronic communications networks and services in the E.U. last year, they affected more people than hardware failure, a much more common factor in service disruptions, according to a report from the European Union Agency for Network and Information Security (ENISA).
A new variant of the Ramnit financial malware is using local Web browser injections in order to steal log-in credentials for Steam accounts, according to researchers from security firm Trusteer.
Cybercriminals were quick to integrate a newly released exploit for a Java vulnerability patched in June into a tool used to launch mass attacks against users, an independent malware researcher warned.
Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.
Cybercriminals are controlling malware on Android devices through a Google service that enables developers to send messages to their applications, according to security researchers from antivirus vendor Kaspersky Lab.
Microsoft released two optional security updates Tuesday to block digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol.
Mobile ad networks can provide a loophole to serve malware to Android devices, according to researchers from security firm Palo Alto Networks who have found new Android threats being distributed in this manner.
The Chinese hacker group that broke into the computer network of The New York Times and other high-profile organizations, including defense contractors, has launched new attacks following a few months of inactivity, according to researchers from security vendor FireEye.
An increasing number of Android phones are infected with mobile malware programs that are able to turn the handsets into spying devices, according to a report from Kindsight Security Labs, a subsidiary of telecommunications equipment vendor Alcatel-Lucent.
Cisco Systems released a security patch for its Unified Communications Manager (Unified CM) enterprise telephony product in order to mitigate an attack that could allow hackers to take full control of the systems. The company also patched denial-of-service vulnerabilities in its Intrusion Prevention System software.
Aiming to better address the security needs of businesses of all sizes that are facing increasingly complex attacks, McAfee has added two endpoint security suites to its product lineup.