Vulnerability
Small businesses beware! Point-of-sale malware is after you
Malware targeting point-of-sale (POS) systems has been a major trend for the last six months. With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems.
Virus Bulletin's Technical Director John Hawes takes a look....
Operation Aurora hack was counterespionage, not China picking on Tibetan activists
Claims are made that the Aurora hackers weren't just Chinese-sponsored hackers bent on messing with Tibetan activists.
Rather it was a Chinese counterintelligence operation that sought to discover if the US had uncovered the identity of clandestine agents operating within its borders.
Monday review - the hot 24 stories of the week
In case you missed any recent stories, here's everything we wrote in the last seven days.
How to hack an electric car-charging station
The latest entrant into the scary-infrastructure category comes from a technology that feels like it should be warm and fuzzy and definitely should not contribute to your personal and financial details getting ripped off.
Apple fixes 41 iTunes security flaws, some more than a year old
Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=115&h=115&crop=1)
LulzSec are about to be sentenced, which will tell us what the judge thinks.
But why not tell us what you think, right here, right now?
How to measure the biggest and most dangerous threats
Just about every security company publishes some sort of prevalence data - those little bar charts and top tens showing the most important and widespread threats. The raw data behind these easy-to-consume representations can be very useful to security experts and testers.
The LulzSec hackers who boasted they were "Gods" await their sentence
Four members of the notorious LulzSec hacking gang, who attacked websites belonging to the likes of the CIA, the NHS and the Serious Organised Crime Agency (SOCA), are due to be sentenced by the UK authorities.
Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
May Patch Tuesday critical for users of Internet Explorer and web-based services
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
Monday review - the hot 19 stories of the week
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
May Patch Tuesday coming up - Microsoft still not sure if latest 0-day fix will make the cut
Microsoft's Patch Tuesday for May 2013 will be published in the coming week.
Paul Ducklin points out what to prepare for...
A closer look at the malicious Redkit exploit kit
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
Monday review - the hot 20 stories of the week
Get up to date with everything we wrote in the past seven days - it's weekly roundup time.
US Department of Labor website hacked, serves malware, now fixed
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware.
Paul Ducklin takes a quick look at the attack...
What WERE they thinking? Internet-enabled cameras under the security lens once again...
Vulnerability researchers at Core Security recently turned their attention on internet-enabled cameras, finding lots of holes.
And when security holes arise from features, not bugs, you really do feel like shouting aloud, "What WERE they thinking?"
Monday review - the hot 20 stories of the week
Catch up with all the security news from the last seven days - it's weekly roundup time.
Mac malware found in malformed Word documents - is China to blame?
Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.
Who could possibly be interested in targeting their computers?
The Redkit malware exploit gang has a message for security blogger Brian Krebs
Award-winning security blogger Brian Krebs is loved by everyone on the internet... apart from the criminals.
Find out what they're saying about him in their latest version of the Redkit exploit kit.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
