Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization.
Israeli software research company NorthBit claimed it had "properly" exploited the Android bug that was originally described as the "worst ever discovered".
The exploitation, called Metaphor, is detailed in a research paper (PDF) from NorthBit and also a video showing the exploit being run on a Nexus 5. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.
American Express has begun notifying cardholders that their data may have been compromised in a third-party breach. A notification letter filed on March 10 with California’s attorney general indicates that AmEx account numbers, user names and other information including expiration dates may have been accessed.
What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.
In real-world war, combatants typically don’t attack hospitals. In the cyber realm, hackers have no such scruples. “We’re attacked about every 7 seconds, 24 hours a day,” says John Halamka, CIO of the Boston hospital Beth Israel Deaconess. And the strikes come from everywhere: “It’s hacktivists, organized crime, cyberterrorists, MIT students,” he says.