Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit.

Shorten URL: . Click to copy to clipboard or post to Twitter

In this video, Niklas Wolff of the CSIS Security Group demonstrates an exploit for the recent integer overflow vulnerability in Adobe Reader (CVE-2010-2862), disclosed at Black Hat in July, that allows remote code execution.

Shorten URL: . Click to copy to clipboard or post to Twitter

Online bank fraud, for all of its obvious ploys and tired tactics, is still a remarkably effective way to make money. Too lazy or clueless to get a real job? Go phishing. Lots of people are doing it, and by some estimates, it's evolving into a nearly $1 billion business.

Shorten URL: . Click to copy to clipboard or post to Twitter

Scammers are offering prospective marks an application that supposedly shields them from exposure to survey scams. Naturally, you first have to fill in a survey to install the script, which is punted through Userscripts(dot)org. Read the full article. [The Register]

Shorten URL: . Click to copy to clipboard or post to Twitter

Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week. Read the full article. [KrebsonSecurity]

Shorten URL: . Click to copy to clipboard or post to Twitter

The recent admission by a top Department of Defense official that a classified network was compromised in 2008 through an infected USB drive has brought the spotlight back onto the myriad threats that these portable devices pose to corporate networks.

Shorten URL: . Click to copy to clipboard or post to Twitter

Google has removed malicious programs from its Google Code platform after Web firm zScaler said the company's servers were being used to serve malicious code.

Shorten URL: . Click to copy to clipboard or post to Twitter

There has never been more focus on security than there is right now, whether it's from software vendors looking to eliminate flaws in their products, from attackers looking to exploit those flaws or from customers who are sick of having their PCs compromised. And as the focus has intensified in recent months, researchers say that, for a variety of reasons, it has become increasingly difficult to find exploitable client-side bugs--particularly memory-corruption flaws--leading them to dig deeper and find more exotic bugs.

Shorten URL: . Click to copy to clipboard or post to Twitter

Microsoft has released some updated guidance on the recent DLL-hijacking bug, including a new FixIt tool that enables the workaround for the vulnerability that Microsoft shipped late last month.

Shorten URL: . Click to copy to clipboard or post to Twitter

According to the researcher who helped take down Mariposa, the operators who purchased the bot software from the man known as "Iserdo" and then built Mariposa, for some reason didn't opt for the feature, which he offered for 200 euros, even though it would have increased their potential profits. Read the full article. [Dark Reading]

Shorten URL: . Click to copy to clipboard or post to Twitter