Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more.
Stories by Lucian Constantin
Adobe has fixed six critical vulnerabilities in Shockwave Player that could potentially be exploited by attackers to execute malicious code, via the release of version 184.108.40.2068 of the software.
Facebook users who have associated a mobile phone number with their accounts in order to enable the "Login Approvals" security feature can no longer be found on the website based on those phone numbers, the company said Monday.
Microsoft has bought multi-factor authentication specialist PhoneFactor with the goal of integrating the company's technology into its cloud services and on-premises applications.
Researchers from security vendor AlienVault have identified a variant of a recently discovered Internet Explorer exploit that is used to infect targeted computers with the PlugX remote access Trojan (RAT) program.
Researchers from security vendor Damballa have identified malicious Internet traffic that they believe is generated by a new and elusive variant of the sophisticated TDL4 malware.
A group of hackers released a file containing unique identification data for over 1 million Apple iOS devices and claim that the information is part of a larger database stolen from the compromised laptop of an FBI agent.
Oracle knew since April about the existence of the two unpatched Java 7 vulnerabilities that are currently being exploited in malware attacks, according to Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.
Security researchers have proposed several methods for users to protect their computers from ongoing attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7.
Gen. Keith B. Alexander, National Security Agency director, addressed attendees of the recent Defcon hacker conference and asked for their help to secure cyberspace.
New configurations of the Shylock financial malware inject attacker-controlled phone numbers into the contact pages of online banking websites, according to security researchers from antivirus vendor Symantec.
Criminals are sending malicious emails that purport to come from payroll services firms in order to infect with malware the computers of payroll administrators from various companies, according to researchers from the SANS Internet Storm Center (ISC).
The judging panel of the Pwnie Awards, which are handed out every year at the Black Hat security conference for achievements and failures in IT security, have recognised the Windows Update hack used by the Flame cyberespionage malware as the most impressive compromise of the past 12 months.
One of the world's most active spam botnets -- Grum -- was crippled after two of its command and control (CnC) servers hosted in the Netherlands were taken down, according to researchers from security firm FireEye.
A group of hackers on Thursday published a list of over 453,000 log-in credentials on the Internet that were allegedly stolen from a database associated with an unnamed Yahoo service.