News

• Oracle renumbers Java patch updates, confuses users even more

  Oracle has changed the numbering of its Java security updates, prompting one expert to say, "As if Java updates weren't confusing already."

• Microsoft rushes IE8 zero-day fix into next week's Patch Tuesday

  Microsoft today said it will issue 10 security updates next week, two rated "critical," to patch 34 vulnerabilities, including the zero-day bug that has been used by cyber criminals to poison "watering hole" websites in attacks aimed at U.S. government workers.

• Microsoft admits zero-day bug in IE8, pledges patch

  Microsoft has confirmed that a "zero-day," or unpatched, vulnerability exists in Internet Explorer 8, the company's most popular browser.

• Printers, routers used as bots in DDoS attacks

  Printers, routers, IP cameras, sensors and other Internet-connected devices are increasingly used to launch large distributed denial of service attacks, security firm Prolexic warned in a report this week.

• Google pays record $31K bounty for Chrome bugs

  Google this month paid a security researcher $31,336 for reporting a trio of bugs in Chrome.

• Vulnerable terminal servers could let bad guys hack stoplights, gas pumps

  Thousands of older systems, including those used to manage traffic lights, fuel pumps, point-of-sale terminals and building automation can be tampered with because they're insecurely connected to the Internet.

• Microsoft re-releases 'Blue Screen of Death' patch

  Microsoft has re-released a security update that had crashed customers' PCs and crippled the machines with endless reboots, saying that the revised patch is now safe to install.

• AV-TEST stands by claims that Bing shows more malware-infected links than Google

  AV-TEST today stood by the results of its search engine investigation that claimed Microsoft's Bing shows five times the number of malware-hosting websites than Google in its results

• Schnucks supermarket chain struggled to find breach that exposed 2.4M cards

  The Schnucks supermarket chain struggled for two weeks to find the source of a breach that exposed credit and debit card information on as many as 2.4 million customers.

• Microsoft urges Windows 7 users to uninstall 'Blue Screen of Death' patch

  Microsoft today urged Windows 7 users to uninstall a patch shipped earlier this week that has crashed customer's PCs and crippled the machines with endless reboots.

• DHS warns of spear-phishing campaign against energy companies

  The Department of Homeland Security has a warning for organizations that post a lot of business and personal information on public web pages and social media sites: Don't do it.

• Microsoft to patch IE10 Pwn2Own bugs next week, says security expert

  Microsoft will ship nine security updates next week, two rated "critical," to patch Internet Explorer, Windows, SharePoint Server, Office Web Apps and the company's anti-malware software in Windows 8 and RT.

• Security experts applaud Apple's new two-factor authentication

  Apple this week followed the lead of rivals like Facebook, Google and Microsoft, offering two-step authentication to help customers secure their Apple IDs against hacking.

• South Korea cyberattacks hold lessons for U.S.

  U.S companies and government agencies can learn from the large-scale disruptions that have hit several banks and media outlets in South Korea in the last 24 hours, security analysts said.

• Google pays $40K to 'Pinkie Pie' for partial hack of Chrome OS

  Google today said it had paid a researcher $40,000 for a partial exploit of Chrome OS at its Pwnium 3 hacking contest two weeks ago.