Zero Day
Hackers pounce on just-patched Windows Media vulnerability
The end result is a malicious Trojan with rootkit capabilities. The attack happens silently in the background and all the user sees is a blank WMP application playing a file.
How SCADA highlights the futility of finding security vulnerabilities
Pete Lindstrom argues that ‘irresponsible’ disclosure of security holes in SCADA systems could put human lives at risk and calls on the security research community to start thinking about the vulnerability problem in different ways.
Microsoft: 'Kelihos' botnet master worked for AV vendor
Microsoft pinpoints a Russian software developer who is being accused of creating, operating and growing the notorious Kelihos botnet.
CanSecWest Pwn2Own hacker challenge gets a $105,000 makeover
HP Zero Day Initiatives revamps the annual hacker contest to put more zero-day vulnerabilities and exploits in play.
DreamHost hacked, mass password-reset issued
According to a blog post at DreamHost Status Blog, the company has detected a security breach at one of their database servers.
Research: Spammers actively harvesting emails from Twitter in real-time
Security researchers from WebSense, have conducted an experiment, proving that Twitter is still a heaven for spammers looking to harvest freshly shared email addresses.
New variants of premium rate SMS trojan 'RuFraud' detected in the wild
Researchers from AegisLab, have intercepted several new variants of the infamous RuFraud premium rate SMS trojan.
Researchers spot scammers using fake browser plug-ins
Security researchers from Symantec, have spotted a fake browser plugin-in currently circulating in the wild.
Was Koobface exposé the right move?
Stefan Tanase argues that the public outing of the Koobface hacker gang makes it even more difficult for law enforcement to act.
TED video: Three types of online attacks
Mikko Hypponen talks about the three types of online attacks on our privacy and data — but only two are considered crimes.
Ready-made Microsoft Windows zero-day?
A design issue could allow organizations with access to powerful computers to launch an attack against MD5 to escalate rights on fully patched computers running Windows 7 or Windows Server 2008.
Despite risks, business social networking usage exploding
Businesses are using Facebook and Twitter to engage with customers but are they paying attention to the dangerous privacy and security implications?
NSA releases security-enhanced Android OS
Security Enhanced (SE) Android is aimed at limiting the damage that can be done by flawed or malicious apps and at enforcing separation guarantees between apps.
Google testing login authentication via QR codes
Instead of entering a Google Account password on public computers that might be infected with keystroke loggers, Google is experimenting with a phone-based authentication scheme.
Report: Conficker and AutoRun infections proliferating
According to ESET’s most recently released ThreatSense Report, two of the most prevalent threats for the year of 2011 remain AutoRun infections, followed by Conficker infections.
Zappos hacked, 24 million affected
The attackers may have swiped names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or cryptographically scrambled passwords.
Attack tool published for WiFi setup flaw; Cisco issues warning
A working attack tool for this vulnerability is publicly available so it’s important for affected users to heed all vendor warnings.
10 years since the Bill Gates security memo: A personal journey
Ten years after the famous Trustworthy Computing memo, Microsoft principal cybersecurity architect Michael Howard shares memories from the Redmond security trenches.
