The crime ring behind the latest Storm Worm-related malware attack (Techmeme discussion) is using new tactics to slip malicious executables past anti-virus defenses, serving up another black eye to an industry that already uses questionable tactics to find new customers.Arbor Networks researcher Jose Nazario flagged the poor anti-virus detections of the Storm Worm Trojan in a blog entry that noted the use of password-protected ZIP files to hide .
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
An zero-day vulnerability in the DNS server service in Windows is under attack, Microsoft warned in a security advisory.The "limited attacks" are exploiting a stack overflow error in the Windows Domain Name System (DNS) Server's RPC interface implementation when processing malformed requests sent to a port between 1024 and 5000.
Microsoft is urging Windows users to be very careful when opening ".hlp" attachments.
A new version of the Opera browser has been released with patches for a range of security vulnerabilities. The new Opera 9.
The carefully crafted image of Windows Vista as the most secure operating system of all time is beginning to take a beating.For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.
Microsoft just can't seem to keep pace with hackers finding serious flaws in Office applications.Several new security bugs in the desktop productivity suite have been found and released to the public, including proof-of-concept Word 2007 .
Apple has rolled out a firmware update to fix a pair of security vulnerabilities in the Airport Extreme Base Station.The most serious of the two -- a weakness in the way the default configuration of Airport Extreme handles IPv6 connections -- could allow remote hackers to bypass certain access restrictions.
At the height of the animated cursor(.ani) attacks last week, there were two different groups using different motives to hit a different set of targets.
A few weeks ago, I wrote about a Windows kernel vulnerability that was reported to Microsoft on October 22, 2004 and remained unpatched for more than two years. This is a bug I've been following closely since last November when Cesar Cerrudo, the hacker who found it, got tired of waiting for a fix from Microsoft and published details during the MoKB (Month of Kernel Bugs) project.
The official Web site of Asustek Computer has been hijacked and used to serve up exploit code for the recently-patched animated cursor (.ani) vulnerability.