The latest vector for exploits of the Shellshock bug in the Bash shell is SMTP, where the mail headers themselves trigger the exploit.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Fake transactions from Brazil take advantage of implementation errors to approve what appear to be chip card purchases without the PIN. Hint to banks: It's "Chip AND PIN," not OR.
Researcher finds malicious Tor exit node which envelops Windows EXEs inside another Windows EXE which drops malware.
A collection of notable security news items for the week ending October 24, 2014. Covers enterprise, controversies, reports and more. UPDATED.
In a move that has surprised and angered security researchers, chip maker FTDI has admitted to issuing a silent update that bricks cloned FTDI FT232 [USB to UART] chips. UPDATED.
In almost every security incident there's some best practice that someone didn't follow. Here are six security technologies and techniques that would help in these cases.
A vulnerability exists in Windows OLE for all versions except Server 2003. The company has released a workaround to block known attacks, but newer attacks could still get through.
A man-in-the-middle (MITM) attack in China against logins to Apple's iCloud is easily-detected by web browsers, but appears sophisticated in other ways.
U2F is Universal 2nd Factor, the first FIDO Alliance standard for two-factor authentication. The goal: simple systems to combat phishing and other credential breaches.
Fingers have been pointed at the Chinese government over alleged cyberattacks targeted at Apple's iCloud with the aim of furtively lifting user data.