Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit.

Shorten URL: . Click to copy to clipboard or post to Twitter

Social networking features, a rockin' new logo and GUI improvements aren't the only reason you should upgrade to iTunes 10, says Apple. The update to Apple's popular music player software, released on Wednesday, also fixes a bunch of gaping vulnerabilities that could make earlier versions susceptible to Web based attacks.

Shorten URL: . Click to copy to clipboard or post to Twitter

A prominent researcher will use an upcoming security conference in Buenos Aires to demonstrate  an exploit that allows hackers to bypass the Windows Service Isolation feature, despite Microsoft's efforts to close the security loophole.

Shorten URL: . Click to copy to clipboard or post to Twitter

Starting tomorrow, a little-known group of security researchers will kick off a month of bug disclosures that target unpatched vulnerabilities in software from Adobe, Microsoft, Mozilla, Apple and others. Read the full article. [Computerworld]

Shorten URL: . Click to copy to clipboard or post to Twitter

Compromised Twitter accounts have been used to post links to an exploit portal that poses as a download site for an update to TweetDeck, the popular micro-blogging client software package. Read the full article. [The Register]

Shorten URL: . Click to copy to clipboard or post to Twitter

Search giant Google cried foul after an IBM X-Force report labeled it the vendor with the highest percentage of unpatched, critical security holes, prompting a correction by IBM.

Shorten URL: . Click to copy to clipboard or post to Twitter

By Alex Rothacker

In our last column, we focused on privilege escalation attacks, and the impact that this category of  SQL injection attacks can have on the database - particularly where specific database vulnerabilities exist, and can be exploited through the manipulation of privileges. Let’s look more deeply at how organizations struggle with the issue of extensive privileges assigned directly to users - or indirectly through user groups. We’ll address what can happen when database users are over-credentialed, and what should be done to ensure you are aware of all activity that is occurring in your environment.

Shorten URL: . Click to copy to clipboard or post to Twitter

The buzz this morning isn't Google's Buzz, but its new Priority Inbox feature for the company's Web based Gmail messaging service. The new feature allows heavy e-mail users to filter out and prioritize important messages. But the search giant has already hit a snag in releasing it to the public.

Shorten URL: . Click to copy to clipboard or post to Twitter

The developers of the uTorrent file-sharing application have released an updated version that fixes a problem that could allow an attacker to load malicious code onto a user's computer. Read the full article. [IDG News Service]

Shorten URL: . Click to copy to clipboard or post to Twitter

In the wake of all of the stories about the Windows DLL hijacking bug, it appears that certain Linux distributions may be vulnerable to a similar problem related to the way that Linux handles a specific variable in some cases. The bug apparently was introduced via a Debian patch last year.

Shorten URL: . Click to copy to clipboard or post to Twitter