A design flaw in a chipset that supports Intels new “Sandy Bridge” Core-i chips will cost the company almost $1 billion in lost revenue and repair expenses. – Intel is recalling a support chip for the highly-touted new “Sandy Bridge” processors in a move that should have little technological impact but a significant financial effect on the company.
Intel officials announced Jan. 31 that a design
flaw found on its 6-Series chipset dubbed “Cougar Point” i…
A security researcher has uncovered a critical vulnerability in a popular SCADA software used in China, as well as in a few others, which raises the possibility of another Stuxnet attack. – A critical security flaw in
supervisory-control-and-data-acquisition (SCADA) systems used in China raises
the possibility of another Stuxnet-like attack, a security researcher said.
The latest stable version of KingView, the SCADA software
developed by Beijing WellinControl Technology Developmen…
Hundreds of banking Websites are still vulnerable to a patched vulnerability affecting certain versions of the RSA Adaptive Authentication platform. – RSA, EMCs security division, is advising customers to apply a
two-year-old patch for its Adaptive Authentication product after a
researcher discovered hundreds of banking Websites are still open to
attack.
RSA Adaptive Authentication is a risk-based fraud prevention and authentication platform t…
Google patched a vulnerability Nov. 20 that allowed someone to send spam to Gmail users. – Google has patched a vulnerability that could have been used to
spam Gmail users who visited a specially crafted Website.
The bug was first reported
Nov. 20 by TechCrunch after someone known as Vahe G. created a site to
exploit the issue. The situation affected users who visited the site whil…
PayPal has rushed out a new version of its iPhone application to fix a security hole that exposes the software to a Man-in-the-middle attack. – PayPal patched a security hole in its iPhone
application that could let hackers steal user passwords and access
their financial accounts, according to the Wall Street Journal.
The vulnerability, where the app wasnt confirming
the authenticity of the PayPal Web site, was uncovered by digital
for…
UPDATE: Attackers exploited a cross-site scripting vulnerability on Twitter Sept. 21 that allowed users to be redirected to Websites by simply scrolling over a link. – Twitter says it has patched a cross-site scripting issue that was exploited by attackers the morning of Sept. 21.
The flaw allowed attackers to display pop-windows or redirect users if they scrolled their cursors over a link. The attacks took advantage of a JavaScript function called onMouseOver,…
Adobe Reader and Acrobat are vulnerable to a new security flaw being exploited in the wild. The bug could allow system takeovers. – Adobe Systems is warning users about a new vulnerability being exploited in
the wild.
According
to Adobe, the vulnerability can be exploited to quot;cause a crash and potentially
allow an attacker to take control of the affected system. quot; The bug exists
in Adobe Reader 9.3.4 and earlier fo…
Adobe Systems is releasing an emergency update Aug. 19 to patch critical vulnerabilities, including a bug discussed at the Black Hat security conference. – Adobe Systems announced that on Aug. 19 it will patch a flaw in
Reader revealed at the Black Hat security conference in an emergency
update.
The update will cover critical bugs affecting Adobe Reader and
Acrobat, including one revealed by Charles Miller, principal
security analyst with consult…
Adobe is planning to release a security update out-of-band later this month to fix multiple security bugs, including a critical vulnerability revealed at last week’s Black Hat security conference. – Adobe Systems is planning to issue an out-of-band security update
later this month to plug multiple security holes, including
one discussed last week at the Black Hat security conference.
The update will cover critical bugs affecting Adobe Reader and
Acrobat. Among them will be a flaw menti…
Apple patches a vulnerability in its Safari browser a day before a presentation at the Black Hat security conference was set to put the issue on display. – Apple has patched a bug in Safari just 24 hours before it featured in a
researcher’s presentation about browser exploits.
The Safari AutoFill flaw
was among 15 fixed by Apple July 28 in a Safari update. All but two of the bugs
reside in the WebKit browser engine. Several of the WebKit bugs cou…
Beware, mobile bankers: Citigroup is encouraging Apple iPhone owners who downloaded the company’s mobile banking app to upgrade to a patched version after a security flaw was found. – Banking giant Citigroup and iPhone maker Apple are encouraging users who
downloaded Citi’s banking application for the smartphone to upgrade to a new
version after a security flaw was discovered in the application. The flaw
accidentally saves personal information, including access codes, bill pay…
News Analysis: Apples iPhone 4 is becoming a major problem for the company. Its also becoming increasingly clear that a recall is what it really needs. The sooner Apple fixes the problem the sooner it will put this customer relations disaster behind it. –
The iPhone 4 was supposed to be the most successful iPhone to have
ever hit store shelves. After all, the device is well-built, runs iOS 4, and
includes a front-facing camera that allows users to have video chats over WiFi
with other iPhone 4 owners. Its a major upgrade over its…
News Analysis: Apple is continuing to face criticism from product reviewers and engineers about the poor performance of the iPhone 4′s antenna. However, it appears that Apple is stubbornly determined to rely on spin to minimize the public perception of the problem rather than to deliver a real solution. Even Apple’s mighty reputation will suffer for it. – I can only assume that life for Steve Jobs is getting worse by the day. At
least it must be if he cares about the image of Apple as a provider of quality
products, or if he cares about treating his customers openly and fairly. But it’s
also possible that he doesn’t care at all as long as he’s hai…
Researchers at Vupen Security say they have uncovered a security vulnerability in Microsoft Office 2010. However, their discovery has been met with criticism from Microsoft, which complains that it has not received technical details of the bug. – A report of a security flaw in Microsoft Office 2010 has been greeted with
criticism by Microsoft because researchers chose not to notify the company of
their findings.
Researchers at Vupen Security
said they discovered a memory corruption flaw that could be used by an
attacker to execute code…
Researchers at Core Security Technologies are warning of a vulnerability affecting versions of Microsoft’s Virtual PC software that can be used to bypass several Windows security mechanisms.
– Researchers at Core
Security Technologies issued
an advisory March 16 about a new security vulnerability that leaves users
of Microsofts Virtual PC software open to attack.
According to Core
Security, certain versions of the Virtual PC hypervisor contain a
vulnerability that allows attackers…
Researchers at Symantec say exploit code for a zero-day security vulnerability has been uncovered in Internet Explorer 6 and 7.
– Proof-of-concept code for an attack targeting old versions of Microsoft Internet Explorer has made its way online.
According to Symantec, someone posted the code Nov. 20 to the Bugtraq mailing list. The code targets a flaw tied to how Internet Explorer (IE) uses cascading style sheet (
CSS
) i…
Mobile handsets including iPhones and those using Windows Mobile or Google’s Android operating system are vulnerable to text-based attacks, say experts.
Software code that arrives in a text message can hijack the phones, said Charlie Miller and Collin Mulliner at the Black Hat conference in Las Vegas.
The malware could knock phones off the network or access data and programs.
The team say that hackers could develop programs to exploit the weakness in as little as two weeks.
The pair said that publicising the means of attack was necessary to ensure the problem was addressed.
"If we don’t talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mr Mulliner, an independent security expert, said.
Access all areas
The hack works by slightly modifying the data that arrives with an SMS message.
The system that processes such messages is similar across different operating systems and can, once compromised, gain access across a range of applications including a phone’s address book or camera.
The team wrote software to exploit the weakness, targeting iPhones on four networks in Germany as well as AT&T in the US. However, they believe it would work equally well in any country.
The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.
The problem could be fixed by directly patching the vulnerability in smartphones’ operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code.
They said they informed Apple, Microsoft, and Google of the hack but so far only Google had addressed the problem.
The Black Hat gathering, part of a leading series of conferences for information and computer security experts, took place from 25 to 30 July.
This article is from the BBC News website. © British Broadcasting Corporation, The BBC is not responsible for the content of external internet sites.
On the heels of a price reduction for the Amazon Kindle 2, one user files a lawsuit claiming a design flaw in the device’s cover causes the screen to crack.
–
The much publicized, much scrutinized e-reader from online
retail giant Amazon.com, the Kindle, is now under fire from one of its users,
who claimed the device is liable to break due to a design flaw in a lawsuit
filed in the U.S. District Court for the Western District of Washing…
