Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Zero-Day

Why aren't customers dropping Oracle?

Josh Shaul, CTO, Application Security Inc. May 04, 2012

In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.
 

Connecticut community college hit with "zero-day" malware

April 13, 2012

Eighty-seven thousand people affiliated with Housatonic Community College may be open to identity theft after the institution became the second Connecticut school to experience a malware outbreak this year.
 

Debate: Anti-virus is essential

David Harley, ESET | Jeremiah Grossman, WhiteHat Security April 02, 2012

Debate: Anti-virus is essential.
 

Duqu variant uncovered

March 23, 2012

The year's first variant of the notorius W32.Duqu, a trojan that seems intended for cyber war, has been discovered by Symantec researchers.
 

DoD ID cards under attack

January 18, 2012

The ID cards that every DoD employee uses to access networks across the entire bureau have fallen victim to malware.
 

Microsoft scrambles to address widespread ASP.NET bug

December 28, 2011

There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.
 

Out-of-band fix for Adobe Reader security issue coming Friday

December 15, 2011

An out-of-cycle patch is coming to fix a flaw in Adobe Reader and Acrobat 9 for Windows.
 

Lockheed Martin hit, but not breached, with Adobe zero-day

December 08, 2011

Defense contractors appear to be the prime target of sophisticated malware that attempts to take advantage of an unpatched flaw in Adobe Reader and Acrobat software.
 

Microsoft security update addresses four flaws, not Duqu

November 03, 2011

Microsoft is prepping four security bulletins for its November update, though it is not expected to provide a fix for the zero-day flaw used to spread Duqu.
 

Duqu trojan spreads through 0-day Microsoft bug

November 01, 2011

A piece of malware that has drawn comparisons to the notorious Stuxnet worm is using an unknown Windows kernel vulnerability to infect its targets.
 

Flash to get update for zero-day bug

September 21, 2011

Adobe is rushing a fix for a Flash Player vulnerability that is being actively exploited to launch cross-site scripting attacks.
 

Zero-day holes found in Blackboard platform

Darren Pauli, editor, SC Magazine, Australia/New Zealand edition September 16, 2011

Vulnerabilities in the Blackboard Learn platform have the potential to affect millions of school and university students and thousands of institutions around the world.
 

Zero-day flaw affects popular WordPress image utility

August 02, 2011

Hackers are exploiting a zero-day vulnerability affecting an image resizing utility, possibly impacting a large number of WordPress sites.
 

Podcast Episode No. 2: Targeted attacks

July 22, 2011

In this episode, Michael Cotton, chief network security architect of Digital Defense, explains why targeted cyberattacks are on the rise and why many organizations are failing to recognize this increasing threat. Cotton offers a list of corporate actions that may incite such an attack and suggests some remedies for staying out of the hackers' crosshairs and being compromised. Hint: Uninstall the programs your employees don't need.
 

"LulzSec" uses zero-day on PBS, promises more attacks

May 31, 2011

There is a new cybervigilante group in town, and its name is LulzSec. Its technical ability became known over the weekend with the infiltration and subsequent defacement of PBS.org.
 

Threat of the month: Flash zero-day

May 02, 2011

Threat of the month: Flash zero-day
 

Department of Energy-funded lab silenced by APT attack

April 21, 2011

Internet and email service remains offline at the Oak Ridge National Laboratory after spear phishing attacks led to the theft of sensitive data.
 

Adobe fixes Reader, Acrobat issues early

April 21, 2011

Adobe has sped up the planned release of updates to its Reader and Acrobat software, good news for customers now that reports of public exploits have emerged. The updates, released Thursday but not expected until next week, shore up two critical vulnerabilities, one of which has been leveraged in in-the-wild attacks, according to a revised bulletin. Reader X for Mac and Acrobat X for Windows and Mac received updates, as did Reader/Acrobat 9.4.3 for Windows and Mac. Reader X for Windows won't receive a new version until June 14, a scheduled quarterly update, because the "Protected Mode" capability prevents against exploit. The flaw being used in attacks also was present in Flash Player, but that software was patched last week.
 

Microsoft updates "coordinated" bug program

April 20, 2011

Microsoft on Wednesday announced new components to its Coordinated Vulnerability Disclosure program, unveiled last summer to enhance transparency around the discovery, response and handling of security flaws.
 

Microsoft's April patch batch to address 64 flaws

April 07, 2011

Microsoft's planned security update for next week likely will include a fix for a vulnerability that is being actively exploited.
 

New Flash patch expected today

March 21, 2011

A fix is expected later today for a critical vulnerability in Adobe Flash Player 10.x and earlier versions used on various operating systems, as well as Reader and Acrobat X. The flaw could cause a crash and enable an attacker to gain control of an affected system. Limited exploits in the wild against Flash Player - embedded in an Excel file and attached to email - have been reported. Adobe stated that it is not aware of attacks targeting Adobe Reader and Acrobat.
 

Unwitting accomplices and complicit security teams

Anup Ghosh, founder and chief scientist, Invincea February 25, 2011

End-users may be the weakest link, but technology exists to take security out of their hands.
 

Microsoft says zero-day flaw not exploitable remotely

February 18, 2011

Microsoft confirmed the existence of an unpatched vulnerability affecting all versions of Windows, but said it is unlikely the flaw could be exploited remotely.
 

Cybercrime: Narrowing the gap

February 01, 2011

The $1 trillion cybercrime industry is expertly - and competitively - run. Take a peek into the inner workings of these syndicates and how the good guys are closing in.
 

THREAT OF THE MONTH

Carsten Eiram, chief security specialist, Secunia February 01, 2011

IE zero-day
 

Microsoft kicks off 2011 with light patch load

January 11, 2011

Tuesday's security update is comprised of two fixes for three vulnerabilities, but it does not address two publicly known flaws.
 

Microsoft upset over Google researcher's tool release

January 03, 2011

A potentially exploitable zero-day vulnerability in Internet Explorer, detailed by a Google researcher who created a fuzzing tool to find browser flaws, is under investigation by Microsoft.
 

Targeted, smarter attacks dominate 2010 threat landscape

November 10, 2010

According to an SC World Congress speaker, cybercriminals have over the past year grown more innovative and relied heavily on opportunistic, targeted and blended attacks.
 

Stuxnet: Lessons not yet learned?

Charles Jeter, ESET cybercrime investigator November 03, 2010

According to Iran, Stuxnet is no longer a threat - however use of a new zero-day exploit has extended its life cycle.
 

Adobe updates Flash Player to address critical flaw

September 20, 2010

Adobe issued a security update to address a "critical" vulnerability in Adobe Flash Player that could allow an attacker to take control of a targeted system.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws