Security

Microsoft is deploying a larger bunch of bug fixes this month than usual.

Next week's Patch Tuesday will address 57 different security vulnerabilities through 12 separate updates.

The bugs stretch across a range of programs, including Windows, Internet Explorer, Windows Server, Microsoft Exchange, and Microsoft's .Net Framework.

Five of the 12 patches are rated critical, so they're designed to patch holes that could allow someone to execute malicious code on an unprotected PC. Two of the critical patches are aimed at all versions of Internet Explorer from 6 through 10. That means all current versions of Windows … Read more

Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update.

Released yesterday, the update causes Windows XP computers to lose their connection to the Internet.

IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline.

Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling … Read more

BlackBerry is counting on Trend Micro to help ensure the security of its third-party apps.

Like other app store owners, BlackBerry already scans apps for malware to protect BlackBerry World customers. But the company will add Trend Micro's Mobile Application Reputation Service to take that protection a few steps further.

Both current and new apps submitted to BlackBerry World will be scanned by Trend Micro's cloud-based service to hunt for malware.

"BlackBerry is working with Trend Micro to implement a more robust approach for addressing privacy and security concerns related to third-party applications," Adrian Stone, director … Read more

A couple of Android apps masquerading as cleanup tools actually had a sneakier mission in mind.

Uncovered last month by Kaspersky, two apps named Superclean and DroidCleaner posed as software that claimed to clean up your Android smartphone or tablet. Instead, these two were actually pieces of malware designed to snoop on your conversations by infecting your computer.

The programs worked by downloading files that automatically execute after plugging an Android device into a Windows PC, according to Kaspersky's blog. After executing, the malware would trigger the audio recorder function in Windows, write the information to a file, and … Read more

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more

Hot on the heels of reports from The New York Times and The Wall Street Journal, another storied U.S. newspaper -- The Washington Post -- has confirmed that it too was attacked by what it suspects were Chinese hackers. And a new book from Google's Eric Schmidt reportedly calls the Asian country "the most sophisticated and prolific" hacker of foreign companies.

In an article published today, the Post says attackers gained access to the paper's computer systems as early as 2008 or 2009 and that malware installed on the systems was neutralized in 2011 by … Read more

The Wall Street Journal said today that it's been the target of Chinese hackers stemming from its coverage of China, echoing reports from other news organizations.

Hackers infiltrated the newspaper's computer system through its Beijing bureau in order to monitor the paper's coverage of China, according to the report. Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones, issued a statement that said the hacks "are not an attempt to gain commercial advantage or to misappropriate customer information." The company completed a "network overhaul" on Thursday to increase security.

The … Read more

Internet and social media ranked at the bottom on a list of the most trusted industries for privacy, according to the Ponemon Institute.

Released yesterday, Ponemon's "2012 Most Trusted Companies for Privacy" was compiled from a survey of U.S. adults asked to name the five companies they trust the most to protect the privacy of their personal information.

Based on more than 6,700 responses, the Top 20 list did not include several tech players that had been on it in past years.

Apple failed to make the list for the first time in four years. … Read more

One of the safest and simplest computer-security measures available is also one of the least used. Two-factor authentication adds a layer of protection to the standard password method of online identification. The technique is easy, relatively quick, and free. So, what's the problem?

Critics are quick to point out the shortcomings of two-factor authentication: it usually requires a USB token, phone, or other device that's easy to lose; you sacrifice some privacy by having to disclose your telephone number to a third party; and it is subject to man-in-the-middle and other browser- and app-based attacks.

Still, for online … Read more