Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar

In recent weeks we have been discussing some of the ways Zimperium delivers mobile threat defense (MTD) at scale. As the only true enterprise-class MTD solution available, we take that role seriously. So we are pleased to deliver another option for enterprises to implement mobile threat defense and take advantage of available infrastructure and resources. Yo

Oracle just released the July 2017 Critical Patch Update (CPU) to address a total of 308 flaws in its solutions, it’s a record for the IT giant. Oracle issued its quarterly update, the July 2017 Critical Patch Update (CPU), that addresses 308 security vulnerabilities, 30 of them are rated as critical. This July 2017 Critical Patch Update (CPU) address

Oracle patch update for April 2017 fixed a record number of vulnerabilities, including Apache Struts and Shadow Brokers exploits. Oracle has released security updates to fix flaws in its product, including Apache Struts and a Solaris exploit included in a dump leaked by the Shadow Brokers hackers and containing NSA documents and hacking tools. The Oracle

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle‘s MICROS retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices. Visa also published a list of Internet addresses that may have been involved in the O

It’s hard to keep up with the hundreds of security-specific headlines published every week. So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore patches to Oracle’s SDKs, Google’s Chrome browser, Apple’s iOS, and more . Check back every Friday to learn about the latest in

The CVE-2016-0636 flaw affects Java SE running in web browsers on desktops, attackers can trigger it remotely to takeover your PC. Once again a serious security vulnerability affects the Java Oracle software, the new flaw coded as CVE-2016-0636 scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. The CVE-2016-0636 vulnerability affect

Google confirms that the next Android versions will use Oracle’s open-source OpenJDK instead the Java APIs, a strategic choice. Google is leaving Java application programming interfaces (APIs) in future versions of its mobile operating system Android. The company is planning to adopt as an alternative an open source solution

Oracle’s stewardship of Java has been scrutinized by the security community, which in 2013 languished through nearly a full year of targeted attacks exploiting zero days and other vulnerabilities in the platform.Since then, Oracle has improved the Java user experience by denying unsigned applets the ability to execute by default, and putting security r

Oracle received a public slap on the wrist from the US Federal Trade Commission over Java SE, the desktop runtime for Java. The FTC announced today that it had reached a settlement with Oracle Corporation over a complaint not about the security of Java itself, but about Oracle's patching process—and how it unintentionally left consumers to believe that the p

Hello Peter, what's happening?I have a day job that requires me to risk rate security vulnerabilities pretty much all the damn time. :D The risk rating portion isn't too bad but it's not hard to get challenged for the certain rating you give. Anyway, the main point of this post is: LOW doesn't mean OK-LETS-NOT-GIVE-A-SHIT. A combination of two LOW-rated vul

A tweak carried out by Google in the Google App Engine for Java continues to stir up security concerns.Oracle this week patched the latest vulnerability in Java SE-the flaw also lives in Google’s platform-as-a-service entry-after it was privately disclosed by Java bug-hunters from Security Explorations, a security consultancy in Poland. The vulnerabi

Oracle on Tuesday patched 154 vulnerabilities in 54 different products as part of its regularly scheduled Critical Patch Update.More than half of the patches, 84 to be exact, address vulnerabilities that Oracle claims may be remotely exploitable without authentication. Java SE is responsible for 24 of the vulnerabilities, seven which are actually marked as

Our security roundup series covers the week’s trending topics in the world of information security. In this compilation, we’ll let you know of the latest announcements, reports and controversies that the industry has been talking about recently.Here’s what you don’t want to miss from the week of August 9th, 2015:The biggest controversy of the week goes to Or