On Sunday, Kristian Erik Hermansen disclosed a zero-day vulnerability in FireEye's core product, which if exploited, results in unauthorized file disclosure. As proof, he also posted a brief example of how to trigger the vulnerability and a copy of the /etc/passwd file. What's more, he claims to have three other vulnerabilities, and says they're for sale.
OpenSSH Flaw exposes servers to brute-force attacks
SIM card crime ring arrested, is your phone safe?
Investigators say fraudsters purchased codes to unlock SIM cards from phone company employees.
After nearly a year of investigation, French police have busted a ring of mobile phone hackers, whose members included employees of cellular phone companies. The ring had been operating for five years, selling about 30,000 stolen cell phone codes a month, and netting at least $675,000 a month, according to French authorities. Investigators said that fraudsters purchased codes to unlock SIM cards for about $4 each from phone company employees who had access to company databases. The codes were sold online for about $40. Why were the codes worth so much?
iOS device default hotspot passwords easy to crack
iOS users may be far more susceptible to being hacked when using Wi-Fi hotspot connections than they imagined.
Google Android apps found to be sharing data
Some of the most popular apps written for Google's Android phones do not tell users what data they are gathering, says a study by US researchers.
'Outrageous': Verizon reportedly forced to turn over customers' phone records
The U.S. government has obtained a top secret court order that requires Verizon to turn over the telephone records of millions of Americans to the National Security Agency on an "ongoing daily basis," the UK-based Guardian newspaper reported.
Cache of stolen FTP credentials discovered
Security researchers recently stumbled upon a malicious website that housed a cache of stolen FTP credentials.
The malicious domain, discovered last week by researchers at network security and management firm Blue Coat, housed a set of sensitive files, two of which contained a total nearly 100,000 login and password combinations for a mixed batch of domains.
Another file contained 1,905 login and password combinations for the Servage.net domain, a provider that hosts more than 185,000 websites. And, a fourth file contained 197 credentials for a set of sites on the Russian narod.ru domain and several other Russian, Polish and Ukrainian web hosts.