Technologies
Apple fixes 41 iTunes security flaws, some more than a year old
Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
May Patch Tuesday critical for users of Internet Explorer and web-based services
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
Monday review - the hot 19 stories of the week
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
A closer look at the malicious Redkit exploit kit
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
Nordstrom tracking customer movement via smartphones' WiFi sniffing
The department store has installed sensors in 17 US stores to collect information from customers' smartphones as those phones automatically scan for WiFi service. Nordstrom promises it's keeping the data anonymous.
Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
Pentagon OKs Androids, BlackBerrys for soldiers
The US Department of Defense has approved the use of Samsung phones running "Knox," a hardened version of Android.
Monday review - the hot 20 stories of the week
Get up to date with everything we wrote in the past seven days - it's weekly roundup time.
Lifting the lid on the Redkit exploit kit
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
Apple ships jolly uninteresting iOS 6.1.4 update
Apple just released iOS 6.1.4 for the iPhone 5.
Apparently, it improves speakerphone calls, but it doesn't fix the lock-screen bug in iOS 6.1.3...
Beware of encryption companies bearing gifts!
An iPhone messaging app that claims to be "totally secure" is offering a £10,000 prize to anyone who can intercept a message from it.
Paul Ducklin wonders how you are supposed to win the prize if the app really is "totally secure"...
Monday review - the hot 20 stories of the week
Catch up with all the security news from the last seven days - it's weekly roundup time.
Google tightens up Play Store policy, officially bans "off-market" updates...
Google has made a number of changes to its Android Play Store ecosystem recently.
There's now a rudimentary anti-virus provided with the OS, a ban on ad blockers, and, most recently, an official policy on sneaky "off-market" updates...
Mac malware found in malformed Word documents - is China to blame?
Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.
Who could possibly be interested in targeting their computers?
Viber flaw bypasses lock screen to give full access to Androids
Security researchers have identified a security hole in Viber that can be exploited to bypass Android smartphones' lock screen and gain full access to the device.
Yet another unpatched security hole found in Java
Just last week you were congratulating yourself for patching your computer against a Java security hole.
Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.
SSCC 107 - Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST]
Here's the latest episode in the popular "Chet Chat" series.
Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.
Monday review - the hot 22 stories of the week
In case you missed any recent stories, here's everything we wrote in the last seven days.
Apple updates Safari, gives better control over Java applets
Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.
It's supposed to give you finer-grained control over Java in your browser.
Paul Ducklin puts it through its paces...
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
