software News, Articles and Updates

Kaspersky filed an injunction challenging US DHS ban

Kaspersky filed an injunction Wednesday challenging the US government's ban of the software company's products, arguing that the US Department of Homeland Security didn't give it an opportunity to contest the purported evidence.

New and old Windows vulnerabilities top Alienvault list

Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software Microsoft Office and Windows beat out the much maligned Adobe software.

Ethical hackers can earn 16 times a software engineers' salary, report

A recent HackerOne survey found that some bug bounties bounty-hunters are earning more than 16 times what they would have earned as a software engineer in their own country.

North Korean Monero miner: educational tool or weapon prototype?

A North Korean cryptominer is raising questions as to whether it is an educational tool or a prototype to carry out silent attacks on unsuspecting CPUs.

Ukrainian software company compromised to spread Zeus banking trojan

Cyber-criminals launched a cyber-attack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a Ukrainian holiday.

The secure state of security: closing the security skills gap

Developers aren't choosing to ignore security issues - they don't have the skills or resources to create secure code due to a critical deficit in developer security training, especially how to manage vulnerable components effectively.

Major Intel CPU flaw OS-independent; fix could degrade performance

A reported chip flaw in Intel processors that has existed at least for the last 10 years allows software programs to access content in kernel memory and patching the bug.

Containers and the question of trust

Existing software development and security methodologies may need to be modified to better support a new way of developing, running, and supporting applications made possible by containerisation.

Predictions A - Z for 2018 - Dystopian or Utopian dawn?

Happy New Year! SC Media UK resumes news reporting on 2 Jan 2018. During the break, catch up on our experts' predictions for a range of positive and negative futures, from the impacts of AI to likely new Zero days.

Free software downloads infecting users with NiceHash cryptominer

Adversaries are using the lure of free online software downloads to infect unknowing victims with a customised version of cryptocurrency mining software from the NiceHash marketplace.

VMware fixes bugs in vCenter Service Appliance, three hypervisors

VMware on Tuesday patched a series of vulnerabilities in its ESXI, Workstation Pro, and Fusion hypervisors, as well as its vCenter Server Appliance.

Could peer-to-peer technology be the key to stopping the next WannaCry?

Software-Defined Enterprise Content Delivery Networks (SD ECDNs) are virtual networks that allow businesses to share large files - like upgrades - at high speeds, regardless of whether they use legacy network infrastructures.

Threat group APT-C-23 still active, releases GnatSpy mobile malware

A new mobile malware family, dubbed GnatSpy, that may be a much more dangerous variant of the earlier VAMP malware, has been reported in the wild.

Hidden HP Keylogger found preinstalled on models dating back to 2012

Security researcher Michael Myng found a keylogger code that records every stroke typed, pre-installed into HP laptop software drives in models of computers dating back as far as 2012.

Updates address vulnerabilities in Apache Struts versions 2.5 to 2.5.14

A pair of security updates released by the Apache Software Foundation patch vulnerabilities in Apache Struts versions 2.5 to 2.5.14 that would let a remote attacker take control of a system, according to a US-CERT alert.

The role of code signing in securing the Internet of Things

Some IoT devices have no update capability whatsoever so it's important to focus more on software security; developed using best practices, tested for vulnerabilities, and able to ensure the authenticity and integrity of updates.

Flaw in macOS High Sierra allows easy access

A root access flaw in Apple's macOS High Sierra 10.13.1 makes it possible for anyone to log into the system by typing "root" into the name field.

From cyber-crime to human error: The rise of software failures

Phil Codd says software failures caused US$ 1.1 tn losses to businesses in 2016, demonstrating that it is time to pay attention to the main causes of IT system failures or risk financial loss and reputational damage.

Microsoft adds ransomware defence with new Windows update

Microsoft is claiming that the latest version of Windows 10, the Fall Creator's Update, is the most secure version of the operating system yet released.

Kaspersky transparency initiative to share code, updates to build trust

Following the US Federal ban on Kaspersky Lab products the company has launched a Global Transparency Initiative, providing its source code for third-party review and opening three transparency centres internationally.

Elmedia unknowingly distributed OSX/Proton malware

A trojanised version of Elmita's Elmedia Player software was seen being distributed via the company's own official site in the late hours of 20 October 2017.

Oracle patches 252 bugs, increase in E-Business Suite and PeopleSoft flaws

Oracle Corp's quarterly Critical Patch Update (CPU) has fixes for 252 vulnerabilities, including extremely severe bugs found in the company's Hospitality Applications, Siebel CRM solution, and PeopleSoft HR software.

OpenText Document Sciences full of holes - multiple vulnerabilities found

SQL injections and cross-site scripting vulnerabilities are among the flaws found in OpenText Document Sciences xPression.

Cisco patches remote code execution flaws in IOS and IOS XE

Cisco released a series of updates to address vulnerabilities affecting its IOS and IOS XE products one of which could have allowed remote code execution in both products.

How to avert overlay attacks - deploy built-in app security

Applications themselves should have security built in that detects that the application is being pushed to the background says Giovanni Verhaeghe. Then any user input should be blocked and the placing overlay eliminated

31 bugs across Safari, Edge, Internet Explorer, Firefox & Chrome browsers

Google project zero team researcher Ivan Fratric discovered 31 bugs in the DOM engines of Safari, Edge, Internet Explorer, Firefoxand Chrome browsers.

US bans use of Kaspersky Labs software on government systems

Acting on concerns that Russian company Kaspersky Lab has connections to cyber-espionage activities, the US government has banned the use of Kaspersky Lab security software.

Flaw in Windows kernel hinders identification of potentially dangerous files

A programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime.

Developers - getting away with it - and Googling it when advice needed

81 percent of software developers avoiding asking their manager for advice. For 41 percent, YouTube is the first go-to place for developers to learn new programming tricks.

Fuze fixes portal security lapses that could expose sensitive data

Cloud-based unified communications services provider Fuze earlier this year repaired three vulnerabilities in a customer web portal.