A new zero day vulnerability (CVE-2014-0160) affecting OpenSSL nicknamed ‘Heartbleed’ was introduced in December 2011 and has been fixed today in OpenSSL 1.0.1g. The vulnerable versions of OpenSSL are 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8. Attackers who exploit the vulnerability can monitor all data passed between a service
In a recently leaked document it was revealed that the NSA had a project called “Dropout Jeep”. The purpose of the program was to install a rootkit on an iPhone that would allow calls and other information to be intercepted, as well as enable the device as a microphone, track
A new variant of the CryptoLocker malware has been discovered that uses Yahoo Messenger as its delivery mechanism and is targeting Windows systems. My friends at NSHC in Singapore and Seoul have been battling with the malware that has hit a number of financial institutions throughout Asia Pacific. The variant infects
Target has not revealed much regarding how their massive data breach occurred. To date they have disclosed the breach included 40 million credit cards and 70 million personal records. Target has only stated that the point-of-sale systems were compromised by malware.
So, now Target has updated that the scope of the data breach as being much bigger than the original 40 million credit cards and now includes information on more than 70 million customers including address, email, phone numbers.