exploit

Homeland Security busts child porn ring on Tor network

The US Department of Homeland Security announced Tuesday that it has arrested 14 men who were allegedly operating a child pornography Web site on the anonymous Tor network.

The arrests were the culmination of one of the agency's largest ever online child exploitation investigations -- dubbed "Operation Round Table." The authorities have identified 251 victims who were exploited on the site. The majority of the victims, 243, were male and their ages ranged from 3 to 17; they were identified as being from 39 US states and five foreign countries.

The underground subscription-based Web site was allegedly … Read more

Beware this big iOS flaw -- and it's not alone

VANCOUVER -- A change that Apple imposed to make iOS 7 more secure instead has dramatically weakened the security of devices running that mobile operating system, a security researcher has charged.

At the CanSecWest conference here last week, Azimuth Security researcher Tarjei Mandt said that Apple made a major mistake when it changed its random-number generator to make its kernel encryption tougher in iOS 7. The kernel is the most basic level of an operating system and controls things like security, file management, and resource allocation.

"In terms of security, it's much worse than iOS 6," Mandt … Read more

Adobe issues emergency patch -- again

Adobe Systems and Microsoft on Thursday issued patches with emergency measures for critical vulnerabilities in Flash and Internet Explorer.

Microsoft, which usually fixes security problems once a month on Tuesdays, distributed the off-calendar repair for Internet Explorer 9 and 10 because of the severity of the exploit. The fix is highly recommended for people who use those versions of IE since Microsoft described the previously unknown vulnerability in its security bulletin as actively being used in "limited, targeted attacks."

However, people who use those browsers must apply the fix manually with the FixIt shim tool. A permanent fix … Read more

Adobe and Java vulnerabilities leave Windows open for exploitation

A recent report by the AV-Test Institute found that exploits in Adobe Reader, Adobe Flash, and Java account for 66 percent of Windows systems affected by malware.

In a 10-year-plus study, AV-Test uncovered that one exploit for Adobe Reader had nearly 37,000 recorded variants that exploited user machines with high levels of precision. Users with outdated software or versions known to be susceptible stood virtually no chance of avoiding malware damage without some form of protective software.

The biggest offender? Java, which had a whopping 82,000 attacks spread across different versions, making it one of the most vulnerable … Read more

Microsoft finally fixes critical Internet Explorer vulnerability

In its security update for this month, Microsoft has patched a critical Internet Explorer vulnerability that possibly exposed users to malware and hacks for the last three months.

The permanent patch is for an exploit known as CVE-2013-3893, which had the capability to work its way into all supported versions of Internet Explorer. Microsoft announced the existence of the vulnerability in September and released a downloadable "Fix It" tool until the permanent patch was ready.

"The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer," Microsoft'… Read more

Microsoft pays out $28K to IE 11 exploit hunters

Microsoft recently launched a bounty-hunting program for researchers to find bugs, security flaws, and vulnerabilities in the preview version of Internet Explorer 11. And, now, a handful of hunters have come to claim their prize.

A total of six researchers have found 15 vulnerabilities within the preview version of Internet Explorer 11. And, Microsoft has paid them more than $28,000 to date.

Microsoft announced its month-long bug bounty program for IE 11 in June. The company's goal is to stamp out security vulnerabilities in its software as early on as possible. Microsoft offered researchers up to $11,000 … Read more

Patched Safari bug being exploited by hackers

A known vulnerability in Apple's Safari browser is the new target for a proof-of-concept exploit that allows a hacker to arbitrarily run code on unpatched Mac systems.

The exploit, which was made available today on Packet Storm, takes advantage of a JavaScript vulnerability where information could be written to memory outside of defined buffers, and cause a crash that could result in the executable code being run.

This vulnerability is specific for Safari version 6.0.1 and earlier; it was found and addressed by Apple in November 2012, so it will only affect systems that have not been … Read more

Kaspersky releases 2014 edition of Internet Security and Antivirus

On Tuesday, Kaspersky launched the 2014 release of their Internet Security and Antivirus updates. In addition to a much more polished user interface, Kaspersky brings a slew of under the hood improvements and performance gains across the board. New in 2014 is the Application Control center, a hybrid between a system monitor and task manager that also gives you a trust rating of each running application. For full review or to download a trial, click on the Download button below.

Review: Kaspersky Internet Security 2014

Kaspersky Internet Security 2014 returns as a top-notch security suite with improved overall performance, a slight interface refresh, and new countermeasures against zero-day attacks.

Since last year's release, Kaspersky 2014's design comes with minimal changes to its interface. The mobile-style drawer also makes a return, which reveals extra tools like parental controls, network monitoring, and application controls.

The extraneous arrows and flap-like carousel buttons have all been consolidated into a single-drawer button, following Windows 8-like behaviors. The main interface has been stripped down even more for a much cleaner, uncluttered look.

Menus and settings have also gotten a … Read more