Chuck Miller

"There's a web app attack for that," might be a suitable ad slogan for cybercriminals these days, reports Chuck Miller.

PayPal has suspended the account of a researcher who had demonstrated a proof-of-concept for an attack on SSL certificates. The action Tuesday followed the earlier release of a forged SSL certificate into the wild.

Microsoft confirmed Monday that the credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week.

West Coast Labs (WCL), an independent test facility for information security products and services, has partnered with OPSWAT, a provider of development tools that power software application manageability. The alliance will allow for the incorporation of data from WCL's Checkmark Certification program into the OPSWAT OESIS Framework, a development toolkit for managing endpoint security applications. — CAM

After leveling off during the past two years, the amount of spam laden with virus payloads has spiked, according to a new report.

The SC World Congress Conference and Expo, scheduled for Oct. 13-14 in New York, has added two new feature speakers. Art Coviello, president of RSA, The Security Division of EMC, and Joel McFarland, senior manager of product management at Cisco, will be focusing on trends driving organizations' rapid movement to the cloud, and the implications for security professionals.

Hundreds of thousands of members of a pharmacy benefit management firm may have had their information exposed to extortionists.

Google searches on terms related to its new collaboration and communications platform, Google Wave, are leading to a rogue anti-virus programs, according to the Websense Security Labs. Users seeking information on how to sign up for Wave, which currently is by invite-only, have been victimized by manipulated search results that lead to sites designed to trick victims into paying for a security solution that doesn't work. Searches for Microsoft's new Security Essentials consumer anti-virus product also have led to "poisoned" results. — CAM

An industry built on serving adware has become a full-fledged malware distribution channel.

A fake email notice from the IRS contains the pernicious Zeus information-stealing trojan.