The Veteran Affairs Department's inspector general has launched a criminal investigation into a physician assistant's alleged downloading of veterans' clinical data at its Atlanta medical center.

The assistant allegedly recorded two sets of patient data on to a personal laptop for research purposes. One set included three years' worth of patient data and another held 18 years of medical information.  Read the full story [nextgov]

Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code.

The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.

Malicious hackers have pounced on a newly patched Adobe PDF Reader vulnerability to plant Trojan downloaders on tardy Windows users.

According to researchers in Microsoft's malware protection center, the vulnerability (CVE-2010-0188) was patched less than a month ago, proving that malicious hackers are quick to find fresh targets for malware.

A zero-day (unpatched) vulnerability in Microsoft’s Internet Explorer is being exploited in the wild, the company warned in an advisory issued today.

On the same day it issued software fixes as part of its Patch Tuesday schedule, Microsoft released a pre-patch advisory to warn of the risk of remote code execution attacks against users of IE 6 and IE 7.

The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.

Microsoft has announced plans to ship two security bulletins next week to fix a total of eight vulnerabilities affecting Windows and Office products.

Both bulletins are rated "important" because of the risk compromising the confidentiality, integrity or availability of user data.

At the RSA conference in San Francisco, a panel of leading cryptographers reveal some of the lessons they have learned while making seemingly imprudent decisions. By going against the grain, new objectives can be made and boundaries overcome.

A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users.

The informal proposal, made Tuesday by Microsoft Vice President of Trustworthy Computing Scott Charney, was short on specifics, such as who would be responsible for monitoring and isolating malware-riddled machines. But he laid out his case for keeping them away from the general populace, comparing such a move to laws that have gone into effect over the past 20 years banning cigarette smoking in public.  Read the full story [The Register]

Apple has hired former Microsoft and Mozilla security specialist Window Snyder to help secure its Mac ecosystem.

Snyder, who last worked as Mozilla's security chief, confirmed she is joining Apple as senior product manager for security.

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft's Windows operating system.

The exploit, released by Google security researcher "SkyLined," uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms.