Latest Articles

[img_assist|nid=3793|title=|desc=|link=none|align=right|width=100|height=100]A bogus application that lures Facebook users by falsely offering to
show who has been viewing their profile has been exposed as a scam. A researcher warns he
has already identified 25 different copies of the same rogue app but
using different monikers such as peeppeep-pro, profile-check-online and
stalk-my-profile. Read the full article. [The Register]

Read more...

[img_assist|nid=3766|title=|desc=|link=none|align=left|width=100|height=100]The latest version of the Zeus do-it-yourself crimeware kit goes to
great lengths to thwart would-be pirates by introducing a
hardware-based product activation scheme similar to what’s found in
Microsoft Windows. Read the full article. [The Register]

Read more...

Categories: Malware, Vulnerabilities

[img_assist|nid=3789|title=|desc=|link=none|align=left|width=100|height=100]Microsoft has released a one-click “fix-it” workaround to help Internet Explorer users block malware attacks against an unpatched browser vulnerability.The Fix-It workaround, available here, effectively disables peer factory in the iepeers.dll binary in affected versions of Internet Explorer.  

Read more...

Categories: Malware

[img_assist|nid=3785|title=|desc=|link=none|align=right|width=117|height=83]A lot of people in the security industry are paid to think like attackers: pen testers, security consultants, software security experts. But some of these people have never met an actual black hat, so much of their work is necessarily based on what they think attackers might do in a given situation.

Read more...

Categories: Vulnerabilities

By Andrew Storms[img_assist|nid=2543|title=|desc=|link=none|align=left|width=100|height=100]Every month, like clockwork, Microsoft releases security bulletins and every month people ask me if it’s small or a big release. While the exact details of the patches are generally treated as news, the expected workload each month really shouldn’t be a guessing game because Microsoft’s patch releases are predictably cyclical.

Read more...

[img_assist|nid=3773|title=|desc=|link=none|align=left|width=100|height=100]The Public Interest Registry will add an extra layer of security known
as DNS Security Extensions (DNSSEC) to the .org domain
in June — a move that will protect millions of non-profit
organizations and their donors from hacking attacks known as cache
poisoning. Read the full article. [Network World]

Read more...

[img_assist|nid=3771|title=|desc=|link=none|align=right|width=100|height=100]The March issue of Information Security magazine is out this week. The cover story is a look at how security information management systems need to evolve, in particular by integrating identity management with SIM in order to tie policy violations to user activity. Also, expert Andrew Jaquith writes about how to measure meaningful information security metrics. Finally, editor Marcia Savage takes on the HITECH Act’s impact on HIPAA and how health care organizations must up their security game. Download the issue here [PDF]

Read more...

[img_assist|nid=3767|title=|desc=|link=none|align=left|width=124|height=73]Humza Zaman, a co-conspirator in the hack of TJX and other companies,
was sentenced Thursday in Boston to 46 months in prison and fined
$75,000 for his role in the conspiracy. The sentence matches what
prosecutors were seeking. Read the full article. [Wired]

Read more...