Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit.

Shorten URL: . Click to copy to clipboard or post to Twitter

Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome.

Shorten URL: . Click to copy to clipboard or post to Twitter

In this video, Niklas Wolff of the CSIS Security Group demonstrates an exploit for the recent integer overflow vulnerability in Adobe Reader (CVE-2010-2862), disclosed at Black Hat in July, that allows remote code execution.

Shorten URL: . Click to copy to clipboard or post to Twitter

Online bank fraud, for all of its obvious ploys and tired tactics, is still a remarkably effective way to make money. Too lazy or clueless to get a real job? Go phishing. Lots of people are doing it, and by some estimates, it's evolving into a nearly $1 billion business.

Shorten URL: . Click to copy to clipboard or post to Twitter

The recent admission by a top Department of Defense official that a classified network was compromised in 2008 through an infected USB drive has brought the spotlight back onto the myriad threats that these portable devices pose to corporate networks.

Shorten URL: . Click to copy to clipboard or post to Twitter

There has never been more focus on security than there is right now, whether it's from software vendors looking to eliminate flaws in their products, from attackers looking to exploit those flaws or from customers who are sick of having their PCs compromised. And as the focus has intensified in recent months, researchers say that, for a variety of reasons, it has become increasingly difficult to find exploitable client-side bugs--particularly memory-corruption flaws--leading them to dig deeper and find more exotic bugs.

Shorten URL: . Click to copy to clipboard or post to Twitter

Microsoft has released some updated guidance on the recent DLL-hijacking bug, including a new FixIt tool that enables the workaround for the vulnerability that Microsoft shipped late last month.

Shorten URL: . Click to copy to clipboard or post to Twitter

It looks like the group behind the Gumblar mass Web-site infections is beginning to get serious about making some money from all of the servers that the attacks have compromised in the last 18 months. The group has begun using some of its compromised servers in spam operations that are pushing the usual array of male ego-boosters: Viagra and fake watches.

Shorten URL: . Click to copy to clipboard or post to Twitter

In this video from the OWASP AppSec Research conference, Tom Brennan of WhiteHat Security discusses the current trends in vulnerabilities in Web applications and what's driving them.

Shorten URL: . Click to copy to clipboard or post to Twitter

A Spanish security researcher has discovered a new vulnerability in Apple's QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The flaw apparently results from a parameter from an older version of QuickTime that was left in the code by mistake.

Shorten URL: . Click to copy to clipboard or post to Twitter