software News, Articles and Updates

Natus reportedly updates EEG device software to squash RCE, DoS bugs

Health care device manufacturer Natus Medical Incorporated has reportedly updated the software used in its Xltek EEG products, which monitors brain activity, after a researcher discovered five vulnerabilities that could be exploited.

Credential stealer masquerades as security product

Malware impersonates Kaspersky antivirus. Security researchers have found malware that steals credentials while pretending to be anti-virus software from Kaspersky.

UK launching Cyber Security Export Strategy today to support sales

The UK is responding to finding itself in conflict with Russia by flaunting its cyber-skills and promoting exports to its allies with a new cyber security export strategy.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to some of the 2.27 million computers that had downloaded it.

Annabelle delivers a panopoly of horror stories to deliver ransomware

All ransomware is a nightmare but Annabelle is a real horror, appearing more designed to 'show off the skills' of the developer who created it, rather than real a bid to raise ransom payments.

The API vulnerabilities lurking in your architecture

As a security topic in its own right, API security and API vulnerabilities are still relatively unknown to most organisations and even many security professionals.

Software vendor found placing malware in its own product

The company FlightSimLabs found itself in the odd position of having to remove malware it had installed on some versions of its software as part of the digital rights management package after it was discovered by a Redditor.

Why antivirus practices should never be allowed to stagnate

Even with a layered defence in place, it cannot be left to stagnate as the nature of threats will change over time and older defences may not be designed to combat new attacks.

Reported vulnerabilities in Microsoft products more than doubled since 2013

The total number of reported vulnerabilities in Microsoft's software products, including those in the new Windows 10 operating system, rose over two-fold in the last four years and critical vulnerabilities rose by 60 percent.

US Congressional Committee threaten DHS with subpoena over Kaspersky docs

US Republican senator Lamar Smith threatened to subpoena the US Department of Homeland Security for documents related to the US federal government's purge of products made by the Russian software firm.

Pulse Secure VPN vulnerability can allow MITM attacks

The Software Engineering Institute at Carnegie Mellon University (KB CERT) posted an advisory warning stating the Pulse Secure VPN Linux graphic user interface (GUI) fails to validate SSL certificates.

Bomgar acquires Lieberman Software

Bomgar has acquired Lieberman Software to help boost the company's secure access software portfolio and giving it access to Lieberman's privileged identity and credential management technology.

Cisco update eliminates DoS vulnerability in Aggregation Services Router OS

Cisco Systems on Wednesday issued a security update that fixes a high-severity denial of service vulnerability in release version 5.3.4 of its IOS XR Software for the Aggregation Services Router (ASR) 9000 Series.

Cisco patches ASA software flaw allowing VPN hacks

Cisco's latest security update patches an Adaptive Security Appliance (ASA) software vulnerability that could allow an attacker to gain complete control of an affected system.

Lenovo addresses insecure credential storage bug in Fingerprint Manager Pro

Hardware and electronics manufacturer Lenovo disclosed an insecure credential storage vulnerability in its Fingerprint Manager Pro utility software, which can be exploited for local privilege escalation on a variety of systems.

Hackers exploit flaw in enterprise software to deploy Monero cryptominer

Security researchers recently observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner software to users' systems by leveraging Kaseya Ltd's Virtual Systems Administrator (VSA).

Global tech firms let Russian defence agency peek at source code for flaws

A handful of tech companies have given a Russian defence agency the opportunity to sort the source code of their software, to uncover vulnerabilities that the Russians say could be exploited by bad actors.

Kaspersky filed an injunction challenging US DHS ban

Kaspersky filed an injunction Wednesday challenging the US government's ban of the software company's products, arguing that the US Department of Homeland Security didn't give it an opportunity to contest the purported evidence.

New and old Windows vulnerabilities top Alienvault list

Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software Microsoft Office and Windows beat out the much maligned Adobe software.

Ethical hackers can earn 16 times a software engineers' salary, report

A recent HackerOne survey found that some bug bounties bounty-hunters are earning more than 16 times what they would have earned as a software engineer in their own country.

North Korean Monero miner: educational tool or weapon prototype?

A North Korean cryptominer is raising questions as to whether it is an educational tool or a prototype to carry out silent attacks on unsuspecting CPUs.

Ukrainian software company compromised to spread Zeus banking trojan

Cyber-criminals launched a cyber-attack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a Ukrainian holiday.

The secure state of security: closing the security skills gap

Developers aren't choosing to ignore security issues - they don't have the skills or resources to create secure code due to a critical deficit in developer security training, especially how to manage vulnerable components effectively.

Major Intel CPU flaw OS-independent; fix could degrade performance

A reported chip flaw in Intel processors that has existed at least for the last 10 years allows software programs to access content in kernel memory and patching the bug.

Containers and the question of trust

Existing software development and security methodologies may need to be modified to better support a new way of developing, running, and supporting applications made possible by containerisation.

Predictions A - Z for 2018 - Dystopian or Utopian dawn?

Happy New Year! SC Media UK resumes news reporting on 2 Jan 2018. During the break, catch up on our experts' predictions for a range of positive and negative futures, from the impacts of AI to likely new Zero days.

Free software downloads infecting users with NiceHash cryptominer

Adversaries are using the lure of free online software downloads to infect unknowing victims with a customised version of cryptocurrency mining software from the NiceHash marketplace.

VMware fixes bugs in vCenter Service Appliance, three hypervisors

VMware on Tuesday patched a series of vulnerabilities in its ESXI, Workstation Pro, and Fusion hypervisors, as well as its vCenter Server Appliance.

Could peer-to-peer technology be the key to stopping the next WannaCry?

Software-Defined Enterprise Content Delivery Networks (SD ECDNs) are virtual networks that allow businesses to share large files - like upgrades - at high speeds, regardless of whether they use legacy network infrastructures.

Threat group APT-C-23 still active, releases GnatSpy mobile malware

A new mobile malware family, dubbed GnatSpy, that may be a much more dangerous variant of the earlier VAMP malware, has been reported in the wild.