Dennis Fisher

In the second part of his discussion on DDoS attacks at the Kaspersky Lab Security Analyst Summit in Cyprus, Jose Nazario of Arbor Networks delves into some of the statistics he has compiled on these attacks.

Researchers have found evidence that attackers are exploiting the vulnerability in the Windows Help and Support Center that was at the center of so much controversy last week.

The mass SQL injection attack that has been ongoing for a week or so now is designed mainly to steal credentials for online games and is quite well planned and organized, experts say.

Software security has become one of the more widely discussed and debated topics in the security industry in the last few years, as many software vendors and enterprises both large and small have begun to to focus considerable attention on improving the processes they have in place for producing software. But far less light has been shone on the security of the software supply chain, an increasingly thorny problem in today’s environment.

Had you gone to sleep in 2004 and woken up three days ago, you’d be forgiven for thinking you’d only slept a few hours instead of a few years. This week saw the inglorious return of not just the full disclosure debate, but also of the heated rhetoric that usually accompanies it. Had you awoken to a mix of Maroon 5 and Hoobastank on your iPod, the illusion would’ve been complete. Read on for the full week in review.

There’s a large-scale attack underway that is targeting Web servers running Microsoft’s IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there’s no clear indication of who’s behind the campaign right now.

The exploit that is being used in the attacks against the latest zero-day vulnerability in Adobe Flash is a modified version of a harmless SWF file that is only one byte different from the original file. Researchers have seen the exploit being used in active attacks against the vulnerability in Flash, which Adobe is set to patch tomorrow.