By Jason Miller

Microsoft has released 13 new security bulletins in the October 2009 version of Patch Tuesday.  Eight bulletins have a severity rating of Critical. The remaining five security bulletins have a severity rating of Important. For the first time, Windows 7 and Windows 2008 R2 are affected by security bulletins. The sheer volume of bulletins and subsequent patches this month will likely give administrator fits.   More »

The massive phishing scam broken up by federal authorities this week is only a hint at what many say is an insidious and growing problem on the Internet. The bust, dubbed Operation Phish Phry, was described by the FBI as the largest ever cyber-crime investigation and they held it up as a shining example of international cooperation in the realm of cybersecurity.

But as important and impressive as it was, the arrests barely scratch the surface of the phishing problem, according to several who have been tracking the issue for years.  Read the full story [IDG News Service/Jaikumar Vijayan]   More »

From ZDNet (Larry Dignan)

Adobe’s announcements that a full version of Flash is coming to every smartphone not named Apple iPhone leave me conflicted. Full-blown Flash can be a boon to the mobile Web, but has the potential to become one huge security headache. Read the full story [zdnet.com]   More »

By Rich Mogull (Securosis)

Mr. Carr,

I read your interview with Bill Brenner in CSO magazine today, and I sympathize with your situation. I completely agree that the current system of standards and audits contained in the Payment Card Industry Data Security Standard is flawed and unreliable as a breach-prevention mechanism. The truth is that our current transaction systems were never designed for our current threat environment, and I applaud your push to advance the processing system and transaction security. PCI is merely an attempt to extend the life of the current system, and while it is improving the state of security within the industry, no best practices standard can ever fully repair such a profoundly defective transaction mechanism as credit card numbers and magnetic stripe data.   More »

By Eric Schultze

Microsoft has released nine bulletins today, five of them Critical, four of them Important. The bulletins cover a gamut of affected products - almost everything in your enterprise will need to be patched today with the exception of Internet Explorer. No IE patches this month! The majority of bulletin releases these days relate to client-side vulnerabilities – visit an evil website, open an evil document, or read an evil email and you’ll get hacked. These vulns are of greatest concern on the desktop where end users are filling time between Mafia Wars power-ups and Facebook updates by visiting websites that may be hosting content of questionable repute. This month, there are five bulletins addressing these types of issues.   More »