Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Although the original domain used to facilitate the $400 transaction is down, a huge number of people remain infected with the "copyright violation alert". Here's a universal license code for removing it.
VeriSign's iDefense Intelligence Operations Team has spotted a underground market ad offering 1.5m Facebook accounts for sale.
Microsoft has yanked the security updates shipped in the MS10-025 bulletin after realizing the patch did not fix the underlying security vulnerability.
Privacy advocate Moxie Marlinspike used the spotlight of the SOURCE conference here to call attention to Google's data harvesting practices, warning that the search engine giant can mine information to figure out even what Web surfers are thinking about.
What's more devastating than a DDoS attack launched by a botnet? In some cases, that's the DDoS attack launched by the "opt-in botnet" aggregated through a crowdsourcing campaign.
New report indicates that the combination of the ZeuS crimeware kit, and the tremendous increase of malicious PDFs seen in 2009, play a crucial role in the growth model of the cybercrime ecosystem.
A MarkMonitor review indicates that less than 10% of the top 300 high trafficked sites have adopted VeriSign's Registry Lock Service.
On the heels of a Black Hat EU presentation that exposed security problems with the cross-site scripting (XSS) filter in Internet Explorer 8, Microsoft plans to ship an update to the filter to fix what is hopefully the last remaining attack scenario.
The New York Times is reporting that Google's password system was compromised during a targeted attack last December.
The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat.
Security researchers at the Intrepidus Group found that the Palm WebOS SMS client did not properly validate input/output validation on any SMS messages sent to the handset.
If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package.
According to Intego's security memo, OSX/HellRTS.D is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs.
The identity thieves behind the Zeus malware attacks are now using the "/launch" command feature in Adobe Reader to launch malicious attacks without exploiting a vulnerability in the software.