Zero Day

A two-month study by Barracuda Labs, reviewing more than 25,000 trending topics and 5.5 million search results, names Google as the most popular search engine used by malicious attackers relying on poisoned keywords.

Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

Apple has shipped a major Safari browser update to fix 15 documented security holes, including a known flaw in the browser’s AutoFill Web Forms feature that can be hacked to steal data from the computerâs address book.

The tool, called Enhanced Mitigation Experience Toolkit (EMET) works by applying security mitigation technologies to arbitrary applications to block against exploitation through common attack vectors.

The United Arab Emirates (UAE) has described RIM’s device as a threat posing “serious social, judicial and national security repercussions” due to the country’s inability to successfully eavesdrop on users, and the fact that transmitted data is stored offshore. Does the BlackBerry really pose a threat to national security?

Adobe will give anti-virus, intrusion prevention/detection and corporate network security vendors a headstart to add signatures and filters to protect against security flaws in its widely deployed product suites.

Microsoft’s Matt Thomlinson argues that community-based defense is important to fight cybercrime and stay ahead of malicious hacker attacks.

Google has shipped a new version of its Chrome browser to fix three high-risk security holes that expose web surfers to malicious hacker attacks.

Michal Zalewski: Indefinite vulnerability secrecy hurts us all by removing all real incentives for improvement, and giving very little real security in return.

A Microsoft security official dismissed any suggestion that the company would start buying rights to security flaws, arguing that its current system of crediting hackers in security bulletins is working very well.

A prominent security researcher is urging users of Apple’s Safari browser to immediately turn off the AutoFill feature to block hackers from stealing sensitive information.

An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks.

Microsoft has released a “fix-it” tool as a stop-gap to block ongoing zero-day attacks against a new code execution flaw in Windows Shell.

The CoreTex Competitions Team is launching a contest at this year’s DEFCON conference. The goal: To hide and find backdoors in software products.

Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.

Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks.

Apple has shipped a critical iTunes update to fix a security vulnerability that exposes Windows users to malicious hacker attacks.

The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks