LAS VEGAS -- Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

LAS VEGAS--Security technology and practice have advanced quite a bit in the past few years, but one thing that has become clear is that whatever gains have been made are just not keeping pace with the innovation of attackers. The advances being made by malware authors and crimeware gangs are keeping them well ahead of the curve and will continue to do so for the foreseeable future, researchers say.

A researcher has uncovered a sophisticated check counterfeiting ring that uses compromised computers to steal and print millions of dollars worth of bogus invoices and then recruit money mules to cash them. Read the full article. [The Register]

LAS VEGAS -- Microsoft today released a new tool to help IT administrators backport anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows.

LAS VEGAS -- Adobe's push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks.

LAS VEGAS--Apple has released a major update to its Safari browser that includes a number of security fixes, most importantly a patch for the AutoFill vulnerability disclosed recently.

Slovenian police will hold a press conference on Friday to discuss the arrest of three men in connection the massive Mariposa botnet that was disabled late last year. Read the full article. [IDG News Service]

Isolated strains of mainstream malware that took advantage of how the zero-day Windows flaw first exploited by the sophisticated Stuxnet worm began appearing late last week. The same approach has since been applied by the dodgy sorts behind Zeus, a family of sophisticated toolkits frequently used to steal bank login credentials and the like from compromised systems. Read the full article. [The Register]

By Alex Rothacker

Privilege escalation attacks consist of exploiting a bug or design flaw in a software application to gain access to resources which normally are protected from an application or user. The result is that the application allows actions with privileges beyond an acceptable level for the specific user.  

Google has released version 5.0.375.125 of Chrome, a security update that addresses three "high" risk vulnerabilities in its WebKit-based browser. According to the developers, two of the high risk issues could lead to memory corruption while SVG handling or rendering code. Read the full article. [The H Security]