Showing headlines posted by abennett

A team of researchers from the VUSec Group at Vrije Universiteit Amsterdam in the Netherlands, the Graz University of Technology in Austria, and the University of California in Santa Barbara has demonstrated not only are Rowhammer attacks possible on ARM, but they're even easier to pull off than on x86.

The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability, tracked as CVE-2016-5195, that has existed in the Linux kernel for the past nine years and is already being exploited in the wild.

Cisco's Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.

The new vulnerability, which will be demonstrated at the Ekoparty security conference in Buenos Aires, Argentina next week, uses the NFC communication standard and can be exploited with no new equipment at all -- just an app.

Many flaws were located and fixed in VeraCrypt's bootloader for computers and OSes that use the new UEFI (Unified Extensible Firmware Interface) -- the modern BIOS. TrueCrypt, which serves as the base for VeraCrypt, never had support for UEFI, forcing users to disable UEFI boot if they wanted to encrypt the system partition.

Aug. 25 may be Linux's official birthday, but Oct. 5 is in many ways the day it began to make a real mark on the world. That's when Linux creator Linus Torvalds officially released the first Linux kernel into the wild.

Forking is a concept that can strike terror into the heart of any CIO that relies on open source software. Here’s how to make sure you’re on the right side of the split.

DressCode, a family of Android malware that has the capability of stealing sensitive files from corporate networks, has been found circulating in at least 3,000 Trojanized apps, security firm Trend Micro said on Friday.

Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data analytics and machine learning for cybersecurity.

New Verified Access API will allow companies to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.

Security researchers have found a malicious application on Google Play that had over 500,000 downloads and was designed to gain complete control over Android devices.

Restrictive licenses such as the GNU GPL are steadily falling out of favor — and lawyers may be to blame.

The Xen Project has fixed four vulnerabilities in its widely used virtualization software, two of which could allow malicious virtual machine administrators to take over host servers.

Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.

Google has released another large monthly batch of security patches for Android, this time fixing 55 vulnerabilities, eight of which are rated critical. The fixes are split into three different "security patch levels," which could make it easier for device manufacturers to integrate patches applicable to their devices, but could also lead to confusion among regular users.

Chinese Internet search giant Baidu has decided to open source its deep learning platform. The company will release the software with documentation and specs to GitHub on Sept. 30, under an Apache open source license.

The first beta version of OpenSUSE Leap 42.2 is now available, giving enterprises and other stability-minded users the chance to check it out and get a taste of what's coming in the final release, which is due Nov. 16.

A destructive ransomware program deletes files from web servers and asks administrators for money to return them, though it's not clear if attackers can actually deliver on this promise.

If you have an HDMI-enabled monitor sitting around, spend $30 on Pine 64 board and $10 on Wifi/Bluetooth module and build your own Android PC.

While private cloud proponents have spent the last five years focusing on getting their IaaS offerings working, Amazon, Microsoft and Google have moved way beyond core computing services. And you don’t have to strain to hear the death knell sounding for the private cloud.