Vulnerability
How to hack an electric car-charging station
The latest entrant into the scary-infrastructure category comes from a technology that feels like it should be warm and fuzzy and definitely should not contribute to your personal and financial details getting ripped off.
Apple fixes 41 iTunes security flaws, some more than a year old
Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=115&h=115&crop=1)
LulzSec are about to be sentenced, which will tell us what the judge thinks.
But why not tell us what you think, right here, right now?
How to measure the biggest and most dangerous threats
Just about every security company publishes some sort of prevalence data - those little bar charts and top tens showing the most important and widespread threats. The raw data behind these easy-to-consume representations can be very useful to security experts and testers.
The LulzSec hackers who boasted they were "Gods" await their sentence
Four members of the notorious LulzSec hacking gang, who attacked websites belonging to the likes of the CIA, the NHS and the Serious Organised Crime Agency (SOCA), are due to be sentenced by the UK authorities.
Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
May Patch Tuesday critical for users of Internet Explorer and web-based services
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
Monday review - the hot 19 stories of the week
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
May Patch Tuesday coming up - Microsoft still not sure if latest 0-day fix will make the cut
Microsoft's Patch Tuesday for May 2013 will be published in the coming week.
Paul Ducklin points out what to prepare for...
A closer look at the malicious Redkit exploit kit
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
Monday review - the hot 20 stories of the week
Get up to date with everything we wrote in the past seven days - it's weekly roundup time.
US Department of Labor website hacked, serves malware, now fixed
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware.
Paul Ducklin takes a quick look at the attack...
What WERE they thinking? Internet-enabled cameras under the security lens once again...
Vulnerability researchers at Core Security recently turned their attention on internet-enabled cameras, finding lots of holes.
And when security holes arise from features, not bugs, you really do feel like shouting aloud, "What WERE they thinking?"
Monday review - the hot 20 stories of the week
Catch up with all the security news from the last seven days - it's weekly roundup time.
Mac malware found in malformed Word documents - is China to blame?
Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.
Who could possibly be interested in targeting their computers?
The Redkit malware exploit gang has a message for security blogger Brian Krebs
Award-winning security blogger Brian Krebs is loved by everyone on the internet... apart from the criminals.
Find out what they're saying about him in their latest version of the Redkit exploit kit.
Viber flaw bypasses lock screen to give full access to Androids
Security researchers have identified a security hole in Viber that can be exploited to bypass Android smartphones' lock screen and gain full access to the device.
Yet another unpatched security hole found in Java
Just last week you were congratulating yourself for patching your computer against a Java security hole.
Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.
Sick malware authors exploit Boston Marathon bombing with Trojan attack
With sick inevitability, cybercriminals have exploited interest in the breaking news story of the explosions at the Boston Marathon by spreading malware.
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
