The name PDFium might not be immediately familiar, but if you're a Chrome user there's a high chance you're using it to view PDFs. The PDF viewer is built into Google's browser, and a vulnerability has been discovered in the jpeg2000 library which could allow for malicious code to be executed.
Unearthed by Aleksandar Nikolic from Cisco Talos, the heap buffer overflow vulnerability could be exploited by simply getting a user to open a PDF document with an embedded jpeg2000 image. The National Vulnerability Database entry warns that the security flaw affects versions of "Chrome before 51.0.2704.63 [and] allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document".
The number, and the frequency of DDoS attacks (distributed denial of service) continues to grow, a new report by content delivery network (CDN) services provider Akamai Technologies says.
The company said its DDoS mitigation platform, the Akamai Intelligent Platform, mitigated 4,500 DDoS attacks during the first quarter of 2016, representing a 125 percent jump, compared to the same period last year.
Almost a fifth (19 percent) of companies in the UK wouldn’t notify their customers in case of a data breach, a new report highlights.
As the EU GDPR draws closer, Trend Micro investigated if companies have formal processes in place to notify data protection authorities (within 72 hours), and the public, in case of a data breach, as will be enforced by the Regulation.
More than 60 percent of web services, or mobile app APIs have at least one high-risk vulnerability, which can potentially lead to a compromised database. Those are the results of a new and comprehensive report by High-Tech Bridge, summing up the trends in web security for the past six months.
The report also says that in case a website is vulnerable to cross-site scripting (XSS), it is also vulnerable to other critical flaws, in at least 35 percent of cases. Other vulnerabilities include SQL injection, XXE or improper access control.
With data breaches still making headlines and security teams facing increased pressures it's not surprising that companies are looking for innovative ways to find flaws in their systems.
Crowdsourced security specialist Bugcrowd has released the results of its second annual State of Bug Bounty Report which shows that the number of bug bounty programs hosted on its platform is up by an average of 210 percent year on year since January 2013.
In the past there's tended to be a perception that running applications in the cloud is less secure than keeping them in-house.
However, a new study by data protection company Bitglass suggests that this view is changing as cloud apps mature. 52 percent of organizations are now confident that cloud apps are as secure as premises-based apps, up from 40 percent a year ago.
Modern-day computers began trickling into the auto industry with cars like the 1971 Chrysler Imperial, which was one of the first to offer anti-lock brakes controlled by an electronic sensor system. Some 45 years later, the growth in computer-based car technology shows no signs of stopping. A number of Chevy vehicles, for instance, will provide you with a standard mobile Wi-Fi hotspot and 4G LTE connectivity for less than $20,000. And for folks who can afford a Tesla, that brand's "Autopilot" nearly lives up to its name. But as we've seen in other fields, as the potential benefits of connectivity increase, so does the potential for cybercrime.
Consider something as basic as mobile Wi-Fi. While Chevy is the only mainstream brand to supply that technology with 4G connectivity right now, a growing number of premium brands offer it, and a growing number of customers want it. Yet while mobile Wi-Fi gives you the same kind of online access as you'd get at your home or office, it also opens you up to all the same security issues you face there, from worries about passwords and personal data being captured, to concerns over the automakers' own security protocols.
The controversial Snooper's Charter -- or the Investigatory Powers Bill as it is officially known -- has been voted into law by UK MPs. An overwhelming majority of politicians (444 to 69) voted in favor of the bill which has been roundly criticized by both the public and technology companies.
The Investigatory Powers Bill grants the UK government, security, and intelligence agencies greater powers for monitoring internet usage, as well as permitting bulk data collection and remote hacking of smartphones. The law allows for the kind of mass surveillance that Edward Snowden warned about, and while the bill may have passed a majority vote, there are still those who fear not enough has been done to safeguard individuals' privacy.
Protecting yourself online is no longer just about your PC and your mobile phone. There are now a whole host of other devices which are potentially vulnerable.
Internet security specialist BullGuard is launching a new, free tool for consumers that reveals connected devices which could be vulnerable to hackers. If a user's smart device is flagged as being vulnerable, details about the specific security issues are provided.
The world is becoming increasingly mobile first and businesses need to ensure that their data is protected however it’s accessed.
Mobile security specialist Lookout has announced that it's partnering with Microsoft to deliver integration of its Lookout Mobile Threat Protection with Microsoft's Enterprise Mobility Suite.
Many organizations rely on the Common Vulnerability Scoring System (CVSS) to evaluate cyber risks, but a new report suggests that relying on the score alone is not enough.
NopSec, a provider of cybersecurity precision threat prediction and remediation solutions, has released its 2016 State of Vulnerability Risk Management report. This suggests that in addition to CVSS, subscores combined with other factors such as context, social media trend analysis, and data feeds deliver a better risk evaluation and prioritization.
Microsoft has changed the way it displays malware warnings in its search engine Bing to help users distinguish between the various forms of attacks that can appear in its searches.
The company has decided to replace its generic warning for websites that could be potentially dangerous for users, and instead offer separate warnings for sites that are known to contain malware and phishing sites.
Security is an ongoing struggle for businesses and many data breaches can be traced back to the use of out of date software.
A new survey from systems management company Adaptiva asked more than 150 IT pros their feelings about their enterprises' security, and found that the majority were concerned about potential vulnerabilities.
Security researchers at Pen Test Partners have discovered a vulnerability in Mitsubishi’s plug-in hybrid electric Outlander that could allow potential car thieves to disable the car’s anti-theft alarms.
The security researchers investigate potential vulnerabilities in connected devices through the use of penetration testing and found that the Outlander’s Wi-Fi module can be accessed by anyone within range of the vehicle by connecting to it with their smartphone.
In the last couple of weeks there have been a huge number of reports from TeamViewer users that their computers have been hijacked. In addition to this, users of the remote access tool have complained of funds being extracted from PayPal and bank accounts. But TeamViewer insists that there has not been a security breach, instead shifting the blame to users.
The company says they are in the habit of reusing the same passwords for a number of apps and services. It suggests that recent high profile security breaches -- such as the password dumps from MySpace and LinkedIn -- have allowed cyber criminals to learn TeamViewer log in credentials. Despite laying the blame firmly at the feet of users, the company is introducing two new measures to help increase security.