News

• Microsoft patches critical IE vulnerabilities and actively exploited Office flaw

  A new batch of security updates released by Microsoft on Tuesday address a total of 23 vulnerabilities in Internet Explorer, Windows and Microsoft Office, including one that is actively exploited by attackers. The handling of digital certificates in Windows was also improved.

• New backdoor malware 'KeyBoy' used in targeted attacks in Asia, researchers say

  Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7.

• New Android Trojan app exploits previously unknown flaws, researchers say

  A newly discovered Trojan program exploits previously unknown flaws in Android and borrows techniques from Windows malware in order to evade detection and achieve persistence on infected devices.

• Hacker publishes alleged zero-day remote code execution exploit for older Plesk versions

  A hacker released what he claims is a zero-day exploit for older versions of the Parallels Plesk Panel, a popular Web hosting administration software package, that could allow attackers to inject arbitrary PHP code and execute rogue commands on Web servers.

• Bill aims to discourage nations from sponsoring cyberattacks

  Three U.S. lawmakers have introduced legislation that would allow President Barack Obama's administration to deny U.S. travel visas to cyberattackers sponsored by foreign governments and to freeze their U.S.-based assets.

• Cyberespionage campaign 'NetTraveler' siphoned data from hundreds of high-profile targets, researchers say

  An ongoing cyberespionage campaign compromised over 350 high-profile victims from more than 40 countries over the past eight years, including political activists, research centers, governmental institutions, embassies, military contractors and private companies from various industries.

• Oracle reveals plans for Java security improvements

  Oracle plans to make changes to strengthen the security of Java, including fixing its certificate revocation checking feature, preventing unsigned applets from being executed by default and adding centralized management options with whitelisting capabilities for enterprise environments.

• Software vendors should respond to actively attacked vulnerabilities within seven days, Google says

  Google wants vendors to fix or offer mitigation advice for previously unknown and actively exploited software vulnerabilities within seven days of their discovery.

• Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet

  Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.

• PayPal says it will recognize under-18 security researchers

  A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website.

• PayPal denies teenager reward for finding website bug

  A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website.

• Microsoft brushes off claim Xbox Live accounts were compromised

  Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service.

• U.S. power companies under frequent cyberattack

  A survey of U.S. utilities shows many are facing frequent cyberattacks that could threaten a highly interdependent power grid supplying more than 300 million people, according to a congressional report.

• Researchers find critical vulnerabilities in popular game engines

  Security researchers found serious vulnerabilities in the engines of several popular first-person shooter video games that could allow attackers to compromise their online servers and the computers of players accessing them.

• Attack on Telenor was part of large cyberespionage operation with Indian origins: report

  A recent intrusion on the computer network of Norwegian telecommunications company Telenor was the result of a large cyberespionage operation of Indian origin that for the past few years has targeted business, government and political organizations from different countries, according to researchers from security firm Norman Shark.