Dennis Fisher

Security researchers have found the Mariposa bot client pre-installed on a mobile phone handset distributed in Europe, and say that the malware looks to have been installed on the phone’s memory card.

SAN FRANCISCO–Despite years of efforts by software security teams at major vendors to harden the operating systems and browsers that are the most common targets of attackers, exploitation of new as well as older vulnerabilities is still simpler than many people might think.

Some of the malware families that were part of the Operation Aurora attacks that targeted dozens of major U.S. companies are being installed through fake antivirus and scareware attacks, researchers say.

Cryptographers are expecting several of the major cryptographic systems in use today to be broken in the near future.

Adobe has been in the security spotlight for some time now, and in an effort to give our readers a better perspective on the company’s efforts to improve the security of its products, Threatpost had a live chat with Brad Arkin, director of product security and privacy at Adobe, on Feb. 24.

Dennis Fisher and Ryan Naraine talk with Microsoft’s T.J. Campana about the company’s work to disrupt and take down the Waledac botnet and the other work being done by Microsoft’s Digital Crimes Unit.

SQL injection has become perhaps the most widely used technique for compromising Web applications, thanks to both its relative simplicity and high success rate. It’s not often that outsiders get a look at the way these attacks work, but a well-known researcher is providing just that.