Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit.

Shorten URL: . Click to copy to clipboard or post to Twitter

Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome.

Shorten URL: . Click to copy to clipboard or post to Twitter

Social networking features, a rockin' new logo and GUI improvements aren't the only reason you should upgrade to iTunes 10, says Apple. The update to Apple's popular music player software, released on Wednesday, also fixes a bunch of gaping vulnerabilities that could make earlier versions susceptible to Web based attacks.

Shorten URL: . Click to copy to clipboard or post to Twitter

In this video, Niklas Wolff of the CSIS Security Group demonstrates an exploit for the recent integer overflow vulnerability in Adobe Reader (CVE-2010-2862), disclosed at Black Hat in July, that allows remote code execution.

Shorten URL: . Click to copy to clipboard or post to Twitter

Online bank fraud, for all of its obvious ploys and tired tactics, is still a remarkably effective way to make money. Too lazy or clueless to get a real job? Go phishing. Lots of people are doing it, and by some estimates, it's evolving into a nearly $1 billion business.

Shorten URL: . Click to copy to clipboard or post to Twitter

A prominent researcher will use an upcoming security conference in Buenos Aires to demonstrate  an exploit that allows hackers to bypass the Windows Service Isolation feature, despite Microsoft's efforts to close the security loophole.

Shorten URL: . Click to copy to clipboard or post to Twitter

The recent admission by a top Department of Defense official that a classified network was compromised in 2008 through an infected USB drive has brought the spotlight back onto the myriad threats that these portable devices pose to corporate networks.

Shorten URL: . Click to copy to clipboard or post to Twitter

Google has removed malicious programs from its Google Code platform after Web firm zScaler said the company's servers were being used to serve malicious code.

Shorten URL: . Click to copy to clipboard or post to Twitter

There has never been more focus on security than there is right now, whether it's from software vendors looking to eliminate flaws in their products, from attackers looking to exploit those flaws or from customers who are sick of having their PCs compromised. And as the focus has intensified in recent months, researchers say that, for a variety of reasons, it has become increasingly difficult to find exploitable client-side bugs--particularly memory-corruption flaws--leading them to dig deeper and find more exotic bugs.

Shorten URL: . Click to copy to clipboard or post to Twitter

Microsoft has released some updated guidance on the recent DLL-hijacking bug, including a new FixIt tool that enables the workaround for the vulnerability that Microsoft shipped late last month.

Shorten URL: . Click to copy to clipboard or post to Twitter