Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Adobe warns customers of unpatched critical flaw in ColdFusion

Adobe has warned users of its ColdFusion application server platform of a critical vulnerability that could give unauthorized users access to sensitive files stored on their servers.

java

Websense: Most Java-enabled browsers vulnerable to widespread Java exploits

Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense.

on pcworld.com

Adobe releases emergency patches for Reader and Acrobat

Adobe released emergency patches for Adobe Reader and Acrobat 11, 10, and 9 Wednesday that address two critical vulnerabilities being actively exploited by attackers.

malware

Researchers: Surveillance malware distributed via Flash Player exploit

Political activists from the Middle East were targeted in attacks that exploited a previously unknown Flash Player vulnerability to install a so-called lawful interception program designed for law enforcement use, security researchers from antivirus vendor Kaspersky Lab said Tuesday.

on pcworld.com

FCC issues security guidance to smartphone users

The U.S. Federal Communications Commission is advising smartphone users on how to protect their mobile devices and data from mobile security threats.

on techhive.com

Adobe bolsters security in Reader, Acrobat XI with added features

Adobe provides a closer look a the improved sandbox in the recently launched Adobe Reader and Adobe Acrobat XI aimed at making the products harder to attack and exploit.

Researchers: Steam URL protocol can be abused to exploit game vulnerabilities

Attackers can trick gamers into opening malicious steam:// URLs that exploit security issues in games to execute malicious code.

Mozilla releases Firefox 16.0.1 to address four vulnerabilities

Mozilla released Firefox 16.0.1 on Thursday in order to fix a publicly disclosed vulnerability and three other security flaws identified after the release of Firefox 16.

Facebook's phone search can be abused to find people's numbers, researchers say

Attackers can abuse Facebook's phone search feature to find valid phone numbers and the name of their owners, according to security researchers.

on techhive.com

Hackers compromise Adobe server, use it to digitally sign malicious files

Adobe plans to revoke a code-signing certificate after hackers compromised one of the company's internal servers and used it to digitally sign two malicious utilities.

on pcworld.com

firefox

Mozilla launches first beta version of 'Persona' website authentication system

Mozilla launched the first beta version of its browser-independent website authentication system, Persona, on Thursday and hopes to convince the Web developer community to give it a try.

Leaked Apple UDIDs were stolen from digital publishing firm

The unique identifiers of 1 million Apple iOS devices that hackers leaked last week were stolen from the servers of a Florida-based digital publishing firm.

Firefox 15.0.1 fixes bug that exposed websites visited in private browsing mode

Mozilla released Firefox 15.0.1 on Thursday in order to fix a bug that potentially exposed the websites visited by users while in "Private Browsing" mode.

Researchers find critical vulnerability in Java 7 patch hours after release

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released...

Mobile, web security will be major topics at Black Hat

Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls at next week's Black Hat security conference in Las Vegas.