Mark Shuttleworth, the founder of the popular Ubuntu Linux distribution, believes proprietary firmware and unverifiable firmware code poses a serious security threat to users and encourages hardware manufacturers to implement support for their innovations through the Linux kernel instead.
Security researchers demonstrated zero-day exploits against Google Chrome, Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Adobe Flash Player during the second day of the Pwn2Own hacking competition Thursday, racking up total prizes of US$450,000.
Adobe Systems released a new security update for Shockwave Player in order to fix a critical vulnerability that could allow attackers to remotely take control of affected systems.
Adobe released updates for Flash Player that fix two vulnerabilities that could allow attackers to bypass security controls in the software.
For this month's "Patch Tuesday" round of bug fixes, Microsoft has focused on correcting multiple vulnerabilities in Internet Explorer (IE), including one that is already being used in targeted attacks.
Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.
Cisco Systems released new firmware versions for some of its small business routers and wireless LAN controllers in order to address vulnerabilities that could allow remote attackers to compromise the vulnerable devices or affect their availability.
A group of attackers managed to compromise 300,000 home and small-office wireless routers, altering their settings to use rogue DNS servers, according to Internet security research organization Team Cymru.
Microsoft is making a special exception in the way it retires Windows XP in China, and will continue offering security support for the OS to users in the nation.
The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people.
Security researchers managed to bypass the protections offered by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a utility designed to detect and block software exploits, and concluded that the tool would not be effective against determined attackers.
Cisco Systems has released security updates to fix serious vulnerabilities in a range of products including its Intrusion Prevention System, Unified Computing System Director, Unified SIP Phone 3905 and Firewall Services Module products.
Security researchers published a proof-of-concept exploit for a recently disclosed vulnerability that allows attackers to launch denial-of-service attacks against websites hosted on Apache Tomcat servers.
Adobe Systems released a security update for Shockwave Player in order to address two vulnerabilities that could allow attackers to remotely take control of affected systems.
Administrators hoping to slack off a bit for this month's Microsoft Patch Tuesday will have no opportunity to do so. At the last minute, Microsoft added a slew of Internet Explorer (IE) fixes to its monthly release of software patches, including one patch that fixes a publicly known vulnerability.