LAS VEGAS -- Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

LAS VEGAS -- Microsoft today released a new tool to help IT administrators backport anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows.

LAS VEGAS -- Adobe's push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks.

A prominent security researcher is urging users of Apple’s Safari browser to immediately turn off the AutoFill feature to block hackers from stealing sensitive information.

According to Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, the AutoFill Web Forms feature can be hacked to steal data from the computer’s address book.

Cisco has shipped a critical bulletin to warn about a serious security hole in the Cisco Internet Streamer application, which is part of the Cisco Content Delivery System.

In an advisory, Cisco warned that exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs.

Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.

Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks.

The latest Firefox 3.6.7 update includes fixes for nine "critical" issues that could be exploited to launch remote code execution attacks.  Two of the 16 bugs are rated "high risk" while five carry a "moderate" severity rating.

The next major version of Adobe's PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.

The security feature, called "Protected Mode," is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe's security chief Brad Arkin.

Apple has shipped a critical iTunes update to fix a security vulnerability that exposes Windows users to malicious hacker attacks.

The latest iTunes 9.2.1 is available for Windows XP, Windows Vista and Windows 7.

Microsoft's problems with Token Kidnapping [.pdf] on the Windows platform aren't going away anytime soon.