Zero Day

The end result is a malicious Trojan with rootkit capabilities. The attack happens silently in the background and all the user sees is a blank WMP application playing a file.

Pete Lindstrom argues that ‘irresponsible’ disclosure of security holes in SCADA systems could put human lives at risk and calls on the security research community to start thinking about the vulnerability problem in different ways.

Microsoft pinpoints a Russian software developer who is being accused of creating, operating and growing the notorious Kelihos botnet.

HP Zero Day Initiatives revamps the annual hacker contest to put more zero-day vulnerabilities and exploits in play.

According to a blog post at DreamHost Status Blog, the company has detected a security breach at one of their database servers.

Security researchers from WebSense, have conducted an experiment, proving that Twitter is still a heaven for spammers looking to harvest freshly shared email addresses.

Researchers from AegisLab, have intercepted several new variants of the infamous RuFraud premium rate SMS trojan.

Security researchers from Symantec, have spotted a fake browser plugin-in currently circulating in the wild.

Stefan Tanase argues that the public outing of the Koobface hacker gang makes it even more difficult for law enforcement to act.

Mikko Hypponen talks about the three types of online attacks on our privacy and data — but only two are considered crimes.

A design issue could allow organizations with access to powerful computers to launch an attack against MD5 to escalate rights on fully patched computers running Windows 7 or Windows Server 2008.

Businesses are using Facebook and Twitter to engage with customers but are they paying attention to the dangerous privacy and security implications?

Security Enhanced (SE) Android is aimed at limiting the damage that can be done by flawed or malicious apps and at enforcing separation guarantees between apps.

Instead of entering a Google Account password on public computers that might be infected with keystroke loggers, Google is experimenting with a phone-based authentication scheme.

According to ESET’s most recently released ThreatSense Report, two of the most prevalent threats for the year of 2011 remain AutoRun infections, followed by Conficker infections.

The attackers may have swiped names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or cryptographically scrambled passwords.

A working attack tool for this vulnerability is publicly available so it’s important for affected users to heed all vendor warnings.

Ten years after the famous Trustworthy Computing memo, Microsoft principal cybersecurity architect Michael Howard shares memories from the Redmond security trenches.