Bogdan Alecu, a system administrator at Dutch IT services company Levi9, reportedly found that the vulnerability can occur when an attacker sends about 30 so-called Flash SMS messages -- messages that appear immediately on the phone's screen on arrival -- to the Galaxy Nexus, the Nexus 4, or the Nexus 5. If the messages aren't promptly dismissed, … Read more
Google has expanded its bug-bounty program to cover vulnerabilities uncovered in Android.
The program began with Chrome and expanded to Google Web sites and other open-source software projects. Under the program, people who find security holes get paid bounties. That often equates to a few hundred dollars, but particularly skilled attacks can mean big money -- $50,000 last week for one expert who goes by the name Pinkie Pie, for example.
The broader expansion, called the Patch Reward Program, now includes Android, Google security team member Michal Zalewski said in a blog post Monday.
The program also includes three … Read more
Microsoft plans to issue a security update on Tuesday that addresses an Internet Explorer ActiveX Control vulnerability that allowed malware to be installed on computers when users visited at least one breached Web site.
Microsoft said Monday that vulnerability CVE-2013-3918, which was disclosed Friday by security researcher FireEye, was already scheduled to be addressed in "Bulletin 3" on Tuesday. An exploit described by the security firm as a classic drive-by attack is already in the wild, targeting English versions of IE7 and 8 in Windows XP and IE8 on Windows 7.
FireEye said its analysis of the exploit … Read more
A new spate of vulnerabilities have been found in a D-Link router, a security researcher said Monday.
Liad Mizrachi, the researcher who discovered the bugs, said he notified D-Link about the bugs in August, September, and October, but D-Link did not respond.
The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI-624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a … Read more
A pair of vulnerabilities in Internet Explorer are currently being exploited in the wild to install malware on computers that visit at least one malicious Web site, security researches warn.
The classic drive-by download attack targets the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, security firm FireEye warned in a company blog post Friday. However, the security researcher wrote that its analysis indicated that other languages and browser version could be at risk.
"The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily … Read more
Got leaks? Run Proland's Protector Plus Windows Vulnerability Scanner and find out! Better yet, plug any holes with patches before the bad guys find it. This portable freeware scans your PC for potential security holes that let viruses, hackers, and snoops worm their way into your system. It reports its findings and offers to download any available patches. It's updated monthly with new definitions. Protector Plus Windows Vulnerability Scanner is compatible with Vista up; we ran it on 64-bit Windows 7.
Windows Vulnerability Scanner's user interface is basically a window with two buttons, and one of them … Read more
Pushed both by corporate desires for better security and less wholesome motives, the market for finding security holes is getting bigger.
In an attempt to improve security for software it and many others use on the Internet, Google said Wednesday it's offering to pay programmers $500 to $3,133.70 for changes that make widely used open-source software less vulnerable to attack.
With the Chrome reward program and the vulnerability reward program, Google already offers two mechanisms to pay people for finding specific weaknesses in its browser and its online services. The new patch rewards program goes a step … Read more
The permanent patch is for an exploit known as CVE-2013-3893, which had the capability to work its way into all supported versions of Internet Explorer. Microsoft announced the existence of the vulnerability in September and released a downloadable "Fix It" tool until the permanent patch was ready.
"The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer," Microsoft'… Read more
A total of six researchers have found 15 vulnerabilities within the preview version of Internet Explorer 11. And, Microsoft has paid them more than $28,000 to date.
Microsoft announced its month-long bug bounty program for IE 11 in June. The company's goal is to stamp out security vulnerabilities in its software as early on as possible. Microsoft offered researchers up to $11,000 … Read more
Bug bounties from Google and Facebook regularly clear thousands of dollars for a single, high-profile bug. Yahoo finally has joined the game, also for four figures -- but with a different decimal place.
The security firm High Tech Bridge set out to see what Yahoo would pay for disclosing bugs discovered on its site, since the company hadn't stated what they were worth but did say that it encouraged researchers to report bugs.