Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

Google fixes Chrome vulnerabilities exploited at Pwn2Own contest

New versions of Chrome for Windows, Mac, Linux and Android patch a full sandbox escape vulnerability.

on pcworld.com

Adobe patches critical vulnerabilities in Flash Player, ColdFusion

Vulnerabilities in Adobe's software could have allowed unauthorized remote code execution or remote read access.

Facebook forces some users to reset passwords because of Adobe data breach

Facebook locked some users out of their accounts after determining that their log-in credentials were exposed as a result of a security breach at Adobe.

on techhive.com

Flash Player now sandboxed under Safari on Mac OS X

The Flash Player plug-in has more restrictions, which should mean improved security under Safari on Mac OS X Mavericks.

D-Link to padlock router backdoor by Halloween

A security issue in some of D-Link routers could allow attackers to change the device settings without requiring a username and password. D-Link says it will address the problem with a firmware update by the end of the month.

on pcworld.com

security

Flash Player, Reader and Shockwave Player get critical security updates

The new updates to Adobe's Flash Player, Reader and Shockwave Player address vulnerabilities that could allow attackers to compromise computers.

Touch ID

Researchers: Fingerprint sensor in iPhone 5S is no silver bullet

The fingerprint sensor in Apple's new iPhone 5S has the potential to enhance the security of the device, but the devil will be in the details.

Spying digital

Report: NSA broke into UN video teleconferencing system

The U.S. National Security Agency reportedly cracked the encryption used by the video teleconferencing system at the United Nations headquarters in New York City.

on techhive.com

New digitally signed Mac malware confuses users with right-to-left file name tricks

The malware is digitally signed and is probably used in targeted attacks, researchers from F-Secure said.

LinkedIn outage prompts security concerns

LinkedIn's domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.

on techhive.com

malware

Researchers find more versions of digitally signed Mac OS X spyware

Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users.

Developer-signed Mac spyware found on Angolan activist's computer

Previously unknown Mac OS X spyware, signed with a valid Apple Developer ID, has turned up on the laptop of an activist from Angola at a human rights conference in Norway.

Adobe releases critical security updates for Reader, Flash Player and ColdFusion

Adobe has released scheduled security updates for its Reader, Acrobat, Flash Player and ColdFusion products on Tuesday in order to fix many critical vulnerabilities, including one that is already actively exploited by attackers.

Adobe warns customers of unpatched critical flaw in ColdFusion

Adobe has warned users of its ColdFusion application server platform of a critical vulnerability that could give unauthorized users access to sensitive files stored on their servers.

java

Websense: Most Java-enabled browsers vulnerable to widespread Java exploits

Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense.

on pcworld.com