Apple issues security patches to protect devices from the FREAK bug

In addition to launching new MacBooks and revealing its smartwatches' release date, Apple has also issued software updates to protect its devices from the FREAK bug. If you recall, the security flaw allows hackers to force weaker encryption on Safari (and Android browser) users visiting certain websites, including a few owned by the government.

15-Year-Old JasBug Vulnerability Affects All Versions of Microsoft Windows

Microsoft just issued a critical patch to fix a 15-year-old vulnerability that could be exploited by hackers to remotely hijack users’ PCs running all supported versions of Windows operating system.

What is the Shellshock Bash bug and why does it matter?

By now you may have heard about a new bug found in the Bash shell. And unless you're a programmer or security expert, you're probably wondering if you should really worry. The short answer is: Don't panic, but you should definitely learn more about it, because you may be in contact with vulnerable devices.

Everything you need to know about the Shellshock Bash bug

Remember Heartbleed? If you believe the hype today, Shellshock is in that league and with an equally awesome name albeit bereft of a cool logo (someone in the marketing department of these vulns needs to get on that). But in all seriousness, it does have the potential to be a biggie and as I did with Heartbleed, I wanted to put together something definitive both for me to get to grips with the situation and for others to dissect the hype from the true underlying risk.

Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks

With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic.

As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request. The shellshock attacks are being used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers’ commands. And in at least one case the hijacked machines are already launching distributed denial of service attacks that flood victims with junk traffic, according to security researchers.