More than a month after Microsoft patched the .ANI vulnerability, the geek favorite e-tailer Tom's Hardware has found the W32.ani Trojan lurking in one of its banner ads.
 read more ...

Would you trust eBay to keep your name, address and taxpayer identification number safe? What about uBid.com, or what about an obscure online broker you've never heard of? read more ...

Microsoft on Tuesday plans to release seven security bulletins, including a fix for a zero-day flaw in Windows that is already being used in cyberattacks.
 read more ...

WASHINGTON--Politicians on Thursday said the U.S. government must do more to counteract propagandizing by al Qaida and radical terrorist groups on the Internet.
 read more ...

Apple on Tuesday released a QuickTime update to fix a security flaw that was used to breach a MacBook Pro at a recent security conference.
 read more ...

The long-dormant giant of e-mail-based malware has come back to life in recent days. read more ...

Beware: Partner sites may not reach your own security standards, as Microsoft recently learned. read more ...

The economics of Denial Of Service blackmailing isn't working out, and botnet owners are shifting to other, less risky crimes. read more ...

Network security vendor Support Intelligence is naming names as part of a program to help clean up the Internet. read more ...

Microsoft has issued an "emergency" patch to fix a Critical remote code execution vulnerability in Windows cursor handling code plus six other vulnerabilities. The bugs affect every version of Windows since Windows 2000, including the latest version of Microsoft Vista. Mac, Linux, and Solaris users are immune.  read more ...

Microsoft said Sunday night that it is planning to make available this week a patch for a Windows flaw that has already been used in an attack. read more ...

Microsoft plans to release an emergency, out-of-cycle Windows update on Tuesday, April 3, 2006 to patch the animated cursor (.ani) vulnerability currently being used in widespread malware attacks. read more ...

If you're reading this with Internet Explorer on a Windows machine, don't. The Windows animated cursor zero-day attack that was coming through on IE 6 and 7 running on fully patched Windows XP SP2 is now also hitting Windows 2000, Server 2003 and Vista. As F-Secure advises, better to use some other combination.  read more ...

A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday’s discovery of Internet Explorer drive-by attacks. read more ...

By Paul Laudanski, CastleCops, Microsoft MVP Windows-Security
This article takes a look at the evolution and current state of the malicious software landscape and offers recommendations that can help users secure their computers and networks against such threats as botnets, phishing, and rootkits. read more ...

Daylight-saving time is springing forward three weeks earlier than usual this year, but consumers may be unaware that some of their gadgets won't automatically be making the transition.  read more ...

Firefox and Internet Explorer users beware: There are serious, unpatched flaws in both browsers that could allow the manipulation of authentication cookies and the hijacking of files from your Windows machine.  read more ...

This is just another example where we have the software charged with scanning and detecting malicious code being tricked by a package rigged to explode when inspected. read more ...

If you haven't changed the default password on your home router, let this recent threat serve as a reminder. read more ...

Apple issued four security updates Thursday to fix flaws in Mac OS X and iChat identified by the Month of Apple Bugs project. read more ...

A new, yet-to-be-patched security hole in Word is being used in targeted cyberattacks, Microsoft has warned. read more ...

Beware of e-mails bearing Valentine's Day greetings, or you may get a digital heartache. read more ...

Gary McKinnon, the U.K. citizen accused of breaking into and damaging NASA's computers, has begun an appeal against extradition to the U.S.  read more ...

In a Goliath vs. David story, Russian authorities are suing a Russian village school teacher for software piracy, reports the Associated Press. read more ...

What's happening over that cafe Wi-Fi - maybe even over the very unsecured network you run in your home? Probably nothing. But on some networks people are downloading child porn, soliting kids for sex, and engaging in criminal conspiracies. read more ...

The goal of the Trojan seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.  read more ...

The "Q406 Roll-up" is a security headache because the exploits are heavily encrypted, say experts. read more ...

McAfee's VirusScan Enterprise 8.5i is the culprit, and it affects Notes Client R6 and R7. read more ...

While false positives are less than one-half of 1%, that adds up to a lot when you find 114 million counterfeits.  read more ...

Experts are forecasting an increase in spam as a result of the "Storm" worm that sent out six separate waves containing hundreds of thousands of e-mails during the weekend, and continues to touch down on computers worldwide. read more ...

Microsoft plans to roll out a new release of its Windows Live OneCare managed security service to consumers in the United States and 16 other countries on Jan.30 –to coincide with the general release of Windows Vista.  read more ...

Opinion: The consensus is that the "Month of XXX Bugs" disclosures are just publicity stunts. read more ...

More than two months ago, I called on Microsoft to take out the botnets and their perpetrators. The call may have been answered.  read more ...

Opinion: Microsoft used the January 2007 security update to induce users to try Internet Explorer 7.0 whether they wanted to or not. But after discovering they had been involuntarily upgraded to the new browser, they next found that application incompatibility effectively cut them off from the Internet.  read more ...

MySpace.com has filed a lawsuit against Scott Richter, the so-called "Spam King" who allegedly sent out millions of unsolicited "bulletins" to MySpace members, the site announced Monday.  read more ...

Twenty-six computer tapes containing Internal Revenue Service taxpayer data have gone missing from City Hall in Kansas City, Mo.  read more ...

Faced with arguably its biggest security crisis since the 2003 network worm attacks, Microsoft is throwing its support behind a high-level powwow to discuss the escalating threat from zombie botnets and zero-day malware attacks. read more ...

To achieve a higher IT calling, avoid these transgressions at all costs. read more ...

As e-mails multiply, so do the problems, from the unabated increases in spam to increasing scrutiny by regulators. read more ...

ACLU and EFF lawyers put pressure on the government and telecommunication companies in the aftermath of the warrantless wiretapping controversy.  read more ...

HELSINKI (Reuters)—Computer virus writers started to use raging European storms on Friday to attack thousands of computers in an unusual real-time assault, head of research at Finnish data security firm F-Secure told Reuters. read more ...

"Storm Worm," one of the larger Trojan horse attacks in recent years, is baiting people with timely information about a deadly, real-life storm front, security researchers said Friday.  read more ...

The so-called "Storm Worm" swept into U.S. email systems on Friday, cutting a wider swath of American email systems than within Europe.  read more ...

LOS ANGELES (Reuters)—TJX Cos Inc., which operates the T.J. Maxx and Marshalls chains, said on Wednesday that the computer systems that process its customer transactions had been breached and customer information had been stolen. read more ...

Opinion: The really innovative cracking is happening on Web servers these days, and defensive research is moving in that direction too.  read more ...

The potentially massive data theft reported by discount retail conglomerate TJX Companies illustrates the continued efforts of hackers to rob businesses of their most valuable information.  read more ...

Microsoft has re-released an update issued in its January 2007 patch batch to correct a glitch in the way Excel 2000 processes information. read more ...

Adrian Lamo, the hacker best known for illegal pranks aimed at companies like Yahoo, Microsoft and The New York Times, is free once again.  read more ...

The controversial practice gained more attention after the HP scandal broke. read more ...

Security companies have to be careful when disclosing vulnerabilities not to jump the gun, as one vendor did recently. read more ...

"Spring Forward, Fall Back" is the old saying about daylight savings time, but the rules for when you do this are changing, and there are implications for computer users.  read more ...

You've probably seen domain names designed to trick you before, but one company is the market leader in being victimized this way. read more ...

Two security companies released interesting research this past week on the phishing problem. read more ...

While many security suites have a basic level of detection, these standalone tools will do a search-and-destroy on the rootkits that may be hiding in your system.  read more ...

Google has patched a cross-site scripting vulnerability in one of its Web-hosting services.  read more ...

Knowing when to disclose personal information, recognizing phishing, and keeping up with current news are just some of the ways to protect yourself online. read more ...

Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch.  read more ...

A California man faces up to 101 years in federal prison after a jury found him guilty of sending out e-mail scams as well as related crimes. read more ...

Symantec first dismissed the threat, but worm attacks are hitting users of the company's corporate antivirus software and turning PCs into zombies. read more ...

The message claims to come from a professional hit man who supposedly has orders to murder the recipient, but will drop the contract if he is paid $80,000. read more ...

A serious remotely-exploitable vulnerability in the QuickTime client was identified this week.  read more ...

A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts. read more ...

It's got some bugs and it's mostly just another PayPal phish, but there's an interesting new hook in this week's Top Phish. read more ...

Another new development in phishing could seriously interfere with phish-detection filters. read more ...

Researchers are finding an increasing number of malware programs that appear to be designed specifically to steal valuable data from business users. read more ...

The change, a month sooner than usual, will require patches for many software products, including versions of Outlook and Exchange. read more ...

Mysterious European hacker LMH has launched the Month of Apple Bugs project to span January, 2007. read more ...

On Tuesday, January 9, Microsoft released one critical update for Windows and three updates, two of them critical, for Office. read more ...

Microsoft on Tuesday released fixes for vulnerabilities in its Windows and Office software, but left several known Word zero-day flaws without a patch. read more ...

A significant attack method using links to Web-based PDF files was revealed at a security conference recently. In a paper entitled "Subverting Ajax", Stafano Di Paola and Giorgio Fedon noted the implications of a documented Adobe Acrobat Reader feature. read more ...

When people who know better don't act responsibly, who do you trust? read more ...

A recently discovered security weakness in the widely used Acrobat Reader software could put Net users at more risk than previously thought, experts warned Thursday. read more ...

Code execution vulnerabilities are spotted—and patched—in two widely deployed desktop applications. The more serious of the two is a scripting bug in Adobe's ever-present Acrobat Plug-In. The vulnerabilities could allow hackers to plant malicious code on millions of computers, according to warnings from the U.S. government's computer emergency response team. read more ...

Microsoft's security response team has announced plans to release eight security bulletins Jan. 9 with patches for a slew of Windows and Office vulnerabilities. read more ...

A zero-day Apple QuickTime flaw for Mac OS X has officially kicked off the MoAB (Month of Apple Bugs). read more ...

The first publicly released vulnerability in Windows Vista was reported recently. You're probably not running Vista yet, but should you be concerned? read more ...

It's officially a cat-and-mouse race to exploit—and fix—security vulnerabilities affecting Apple Computer's Mac operating system.  read more ...

An easy-to-exploit security vulnerability in Apple Computer's QuickTime media player could put millions of Macintosh and Windows users at risk of code execution attacks. read more ...

This fascinating video explains how a desktop device using reservoirs of basic materials will be able to assemble almost anything from scratch. read more ...

An e-mail worm disguised as a New Year's greeting is making the rounds on the Internet. read more ...

The companies behind an encryption system for high-definition DVDs are looking into a hacker's claim that he has cracked the code protecting the new discs from piracy, a spokesman for one of the companies said.  read more ...

Here is how Microsoft went about putting free laptops into the hands of bloggers. read more ...

ZDNet blogger Richard Stiennon offers his take on the top 10 threats for 2007. Among the topics he discusses are Distributed Denial of Service (DDoS), DNS, Identity Theft, Wireless, and Windows Vista. Get more information about these topics. read more ...

The workaround freezes the Vista product activation clock at 30 days to fool the timer into not counting down. This lets users run unauthorized Vista installations indefinitely. read more ...

Updated: E-mail security firm Commtouch says 85 percent of today's spam comes from remote-controlled "zombie" computers. read more ...

Microsoft has publicly acknowledged the discovery of the first Windows Vista security flaw. But just how serious is it? Opinions seem to vary widely. read more ...

The Department of Homeland Security and Travel Security Agency say they inadvertently pooled sensitive information on U.S. air travelers that they had previously promised not to share. read more ...

Multinational companies got a nasty holiday surprise when an earthquake disrupted Internet service across the region, reminding everybody just how fragile their IT operations are when a major disruption in the telecommunications infrastructure occurs. read more ...

Who will find the first major security flaw in Windows Vista? Will it be released as zero-day? Is there an end in sight to the botnet menace? Is spam close to being canned? Just who are these criminals phishing for your credit card data? read more ...

Proof-of-concept exploit code for a security flaw affecting all versions of Windows (including Vista) has been released on a Russian hacker forum, forcing Microsoft to activate its emergency response process. read more ...

Nolan Bushnell, founder of Atari and Chuck E. Cheese, opened uWink restaurant to cater to women who want to play games.

 read more ...

It is the first Windows Vista exploit made public since the operating system was released to volume license customers Nov. 30. read more ...

Sensors monitored by Symantec's DeepSight threat management service have reported a significant spike in traffic related to TCP port 2967, which Symantec has traced to scans generated by the "Sagevo" worm. read more ...

Washington Mutual installed stringent measures to combat phishers at the bank. Here, WaMu's information security chief offers five tips to help deal with the problem. read more ...

Are you a Bank of America customer? The Sitekey feature is there for your safety, but you still have to be careful about it. read more ...

You meet a lot of strange people buying and selling online, and some of them are trying to steal from you or dupe you into committing crimes for them. See an example of this sort of thing in this week's Bonus Security Tip. read more ...

Opinion: Morgan Stanley is facing disciplinary action because it said key e-mail messages were destroyed in the 9/11 terrorist attacks, but reportedly did not disclose that the backup records were intact. read more ...

QuickBooks users regularly endanger themselves because the product requires them to give excessive privileges to users. But there's a way to run QuickBooks 2006 as a non- Administrator. read more ...

Wireless hacker pleads guilty when his Google searches are used as evidence against him. read more ...

Mozilla has shipped a "highly critical" Firefox update to correct multiple security bugs that could cause cross-site scripting, information disclosure, denial-of-service and system access attacks.
...
Apple Computer was also busy on the patching front, shipping a fix for an obscure QuickTime for Java flaw that could cause lead to the disclosure of sensitive information. read more ...

Microsoft has claimed an important victory in its battle against software piracy. read more ...

The Mozilla Foundation has issued "critical" security updates to vulnerabilities discovered in the Firefox browser, Thunderbird e-mail client and SeaMonkey application suite. read more ...

The attack, which started early Tuesday morning Eastern time and continued Wednesday, affected four of ZoneEdit's 25 domain name servers.
 read more ...

News Analysis: Can the Russian anti-virus vendor innovate fast enough to stay relevant in a hypercompetitive security market? read more ...

A systems administrator who apparently feared imminent layoffs was arrested Tuesday in connection with installing "destructive computer code" on servers at his company, a major manager of prescription benefit plans. read more ...

Powered by GeoTrust and PhishTank, the release of a new tool expands Opera's commitment to secure browsing. read more ...

Sarasota County voters claim electronic voting machines malfunctioned in tight Nov. 7 congressional race read more ...

The company says it has developed a heat-resistant layer made of insulating metal oxide that would prevent a battery from overheating and possibly bursting into flames.  read more ...

Opinion: Botnets are doing more with less, and some say the next-generation software is just beginning to spread. Ask me again in March. read more ...

Adrian Kingsley-Hughes: Bill Gates recently told an audience of bloggers that DRM has "huge problems" and that "people should just buy a CD and rip it. You are legal then." Does this signal a change in how Microsoft views DRM? read more ...

Trend Micro has stumbled upon an auction style marketplace where zero-day exploits for Microsoft’s Vista operating system are going for $50,000. read more ...

A Google team has visited the Korean company that makes ThinkFree Office, a clone of Microsoft Office, for acquisition talks twice in recent days, according to Korean press reports. read more ...

The malware exploits a critical vulnerability in Symantec AntiVirus and Symantec Client Security, two of the vendor's business security products. read more ...

If a control server is shut down, the spammer can easily update the rest of the bots with the location of a new server as long as he controls at least one bot in the net. read more ...

Microsoft says IE7 users may see their PCs bog down as the filter evaluates multiframe pages for fraud indicators. read more ...

Researchers at Trend Micro infiltrate an underground exploit marketplace and find a Windows Vista zero-day attack for sale for $50,000. read more ...

The database hack highlights the need for more vigilant caretaking of information. read more ...

A new worm that uses a known security hole in Symantec's corporate antivirus tools to spread has hit the Net, experts warned Friday. read more ...

Yahoo said late Friday that it has fixed a bug in its newest version of Yahoo Messenger that changed a user's mail preferences without his or her consent. read more ...

eWEEK asked IT pros to share the best advice they ever received--the counsel that has led to personal and professional gains, as well as fewer headaches. read more ...

According to a research report by the LSE, a lack of qualified security workers is putting companies at risk as compliance demands become increasingly complex. read more ...

By loading a maliciously-crafted PDF file, an attacker could take control of computers running those versions of the software.  If you're running Adobe Acrobat and Acrobat Reader versions 7.0 through 7.0.8, it's time to get an update. Adobe has disclosed critical vulnerabilities in those versions. read more ...

A third security flaw in Microsoft Word has emerged, according to some security companies, and a researcher has published code for it that could be used to launch an attack. read more ...

Exploit code for yet another unpatched vulnerability in Microsoft Word has been posted on the Internet. read more ...

Researcher Stefan Esser has quit PHP, accusing the open-source group of hiding the slow response time to fixing vulnerabilities and refusing to patch known flaws for months. read more ...

MSTERDAM (Reuters)—Memory card and MP3 music player producer SanDisk said on Thursday a legal battle with MP3 patent holders is ongoing and shrugged off a statement from a patent pool firm claiming a judicial victory. read more ...

Microsoft has issued an update to Windows Vista that's intended to stop a piracy monster. The software maker said Thursday that the update is aimed at thwarting a technique that was letting some people use pirated versions of the operating system without going through the software's built-in product activation. Microsoft has dubbed the approach "frankenbuild" because it works by combining test versions of Vista with the final code to create a hybrid version. read more ...

Boeing has confirmed that a laptop stolen from an employee's car contained sensitive information on 382,000 workers and retirees. read more ...

When 10 backup tapes and disks were stolen from the back of a Providence Health & Services employee's minivan, thieves potentially gained access to the private information of 365,000 patients. Now, one year and $7 million later, the health care provider remains mired in the aftermath. read more ...

A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer "logic bomb" on company networks and betting its stock would go down. read more ...

How prepared is your information technology (IT) department or administrator to handle security incidents? Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much more costly than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy. read more ...

An unknown hacker has infiltrated a massive UCLA database with personal information on 800,000 people, in one of the worst computer breaches ever at a U.S. university.
 read more ...

Websense is reporting that a new form of cyber-extortion has emerged in recent days that exploits the promiscuous nature of cyber-cafes and PC-terminals.  By stealing email credentials from unsuspecting shared-terminal users, the attackers steal all the victim's emails and contacts and then sends a single message in the email account basically asking for ransom in a note written in Spanish. read more ...

Microsoft on Tuesday released seven security updates with patches for 11 security vulnerabilities, most of which affect the Windows operating system. read more ...

On patch day, Microsoft confirms a second, unrelated zero-day vulnerability in its widely used software program and warns that "extremely targeted" attacks are already under way. read more ...

Microsoft revealed last week that a vulnerability exists in Word, the Word Viewer, and Works that could allow for a compromise of the system through a malicious .DOC file. read more ...

Gartner vice president Paul E. Proctor wrote the book—literally—on intrusion detection. But a lot has changed since 2000, when he penned the Practical Intrusion Detection Handbook, a 359-page tome with tips on choosing vendors, setting up policies and justifying related costs. read more ...

Are laptops are an indispensable tool for high schoolers or merely an overpriced paperweight? That's the question that a Washington, D.C. area high school pondered before investing in services to make laptops more useful, reports The Washington Post.  read more ...

In another example of how schools fail to take extra precautions to avoid security breaches, a Greenville, NC, school has auctioned off old school computers which contained the Social Security numbers of more than 59,000 Greenville County students, reports The Greenville News. read more ...

They're one of the biggest security risks because of their knowledge and access. IT managers need to learn to identify and stop insider malcontents before they do some serious damage. read more ...

A second security vulnerability has been discovered in Microsoft Word in less than a week. The zero-day flaw, which is could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted Sunday night. Word 2007 is not affected, Microsoft said. read more ...

A really critical vulnerability in Microsoft Word 2000, 2002, 2003, Mac 2004, and Viewer will not make Microsoft's patch Tuesday this week and a newly found critical vulnerability in Windows Media Player playlists will also miss the boat.  The exploit code for both vulnerabilities are out in the wild and there have been attacks on the Word exploit seen in the wild.  Unfortunately we most likely won't see a patch until the January patch Tuesday which is nearly 5 weeks away and Microsoft rarely issues out of cycle patches unless there is an overwhelming amount of negative press such as the WMF issue in early January of this year. read more ...

Organized gangs have adopted "KGB-style" tactics to hire high-flying computer students to commit Internet crime, a report said on Friday. read more ...

'Tis the season to be jolly--especially if you're an online crook. This holiday season, more people are getting tricked by holiday "phishing" scams on the Internet. Unsuspecting shoppers are being lured to phony Web sites and tricked into divulging their credit-card information. Your best line of defense? Knowing how to spot these online scams. read more ...

As part of its monthly patch cycle, Microsoft plans to release on Tuesday six security bulletins, at least two of them deemed "critical." read more ...

Two antispyware watchdogs are urging federal regulators to take action against a music search Web site that they say is a front for malicious software. read more ...

A worm is spreading on MySpace through a malicious QuickTime file which uses Apple QuickTime's Javascript support to exploit a vulnerability in MySpace revealed recently to change links in the user's profile to links to porn and phishing sites. read more ...

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks. read more ...

There's a 16 percent chance your wireless 911 call won't go through. And if it does go through, there's one chance in eight that the 911 center will know where you are.
 read more ...

Verizon Communications announced on Dec.5 the launching of Verizon Online Backup, a broadband product that will allow small and midsize businesses to protect company and customer information. read more ...

Identity thieves are manipulating a feature in Apple Computer's embedded QuickTime player to launch phishing attacks on the popular MySpace.com social networking portal. read more ...

The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers. read more ...

Does your teen have a personal Web page on a social networking site like MSN Spaces or MySpace? These pages are often viewable to anyone--including predators and con artists. See ways that you can help your teen use these sites more safely. read more ...

Are you thinking about donating online to a charity this holiday season? Learn how to avoid e-mail and other holiday-related scams on the Web. read more ...

Microsoft's freshly minted Internet Explorer 7 browser is vulnerable to a window injection vulnerability that has haunted earlier versions of IE since Dec. 2004, according to a warning from Secunia. read more ...

FRAUDULENT SPAM E-MAIL CLAIMING TO BE FROM FBI DIRECTOR MUELLER

We have become aware of a bogus spam e-mail claiming to be from FBI Director Robert Mueller III. This scam appears to be a typical Nigerian scam; however, the attempt to defraud victims comes in two separate e-mails. The same e-mail address is used to deliver both phases of the spam.

 read more ...

Veteran malware researcher Joe Stewart was fairly sure he'd seen it all until he started poking at the SpamThru Trojan—a piece of malware designed to send spam from an infected computer.

The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and sophistication that rivals some commercial software.

 read more ...

This is a bug in the Microsoft XML Core Services that could allow remote code execution.  This re-release of the patch effects Windows 2000 Service Pack 4 systems. read more ...

Just hours after Microsoft released the final version of Internet Explorer 7, a security intelligence company warned users of the new browser's first official bug. read more ...

Botnets have become a big underground business, and the security industry has few answers. eWEEK delves into the uphill challenge in front of vendors by going to one company's research facility to study live botnets in action. read more ...

Microsoft was unable to offer immediate access to its monthly collection of security patches as a result of a procedural issue in distributing the content to users Oct. 10. read more ...

Providing employees with 30-in. computer monitors can boost worker productivity at companies where 17-in. or 19-in. monitors are typically used, according to a French consultant hired for a study sponsored by Apple. read more ...

A U.S. District Court judge ordered anti-spam organization Spamhaus to pay $11.7 million in damages against an e-mail marketing company. The U.K.-based Spamhaus said the U.S. court had no jurisdiction, and ignored it. Now, anti-spam advocates worry that the judge might order ICANN to eliminate the Spamhaus domain. read more ...

Microsoft released 10 individual security patches on Oct. 10, addressing a handful of critical problems in Office programs along with several equally serious issues in its Windows operating system. read more ...

Internet Gold developed a service to help small businesses fight off intrusive software. Could its efforts be a guide for corporate CIOs? read more ...

Thousands of government computers may be under the control of cybercriminals. Software bots—malicious code that turns PCs and servers into remotely controlled "zombies"—have dug into the computers of federal and state agencies, security experts say. Once infected, those computers can be used to distribute spam, launch denial of service attacks, and even direct sensitive information into the wrong hands. read more ...

Microsoft reported on Oct. 5 that it will release a total of 10 updates for its Windows operating system and Office productivity suite as part of its monthly security bulletin for October. read more ...

In the years before the tech bubble burst, IT was king: there was a huge demand for professionals with technical prowess and an overwhelming shortage of able bodies.

Techies could pick their job and name their salary. They could wear jeans and t-shirts to meetings and nobody would raise an eyebrow. They could roll their eyes when an employee had the gauche to not know where to put their Ethernet card.

 read more ...

As the established large e-commerce sites pour millions of dollars into security and enterprise-league hardened point-of-sale systems, cyber-crooks have been giving more attention to much smaller and less well-protected merchants. read more ...

WASHINGTON (Reuters)—The U.S. Commerce Department said on Friday it would retain oversight for three more years of the company that manages Internet domain names, renewing an agreement that was scheduled to expire this weekend.
 read more ...

In-the-wild exploits against the latest unpatched Windows vulnerability have started circulating, using Internet Explorer as the attack vector to load identity theft Trojans and rootkits on infected machines. read more ...

The emergence of a high-profile group of security professionals promising third-party software fixes during zero-day attacks has rekindled a debate on the merits—and risks—associated with deploying unsupported product updates. read more ...

On Friday, Sony said it would initiate a widespread global recall of its own battery packs, affecting most if not all of its customers. read more ...

Hewlett-Packard has purchased specialty PC maker VoodooPC, according to a blog post made by Rahul Sood, the president and chief technical officer of the company. read more ...

Microsoft issued a patch for a critical Internet Explorer vulnerability that's been exploited for more than a week. It's only the second time this year that the company has broken from its regular security update schedule.
 read more ...

What it does: For about a week a zero-day attack against fully-patched installations of Internet Explorer has been in use on the Internet, although attacks became much more widespread late last week. read more ...

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.  read more ...

Some Internet attackers cruise streets with a wireless computer or other radio-enabled device to locate and break into home wireless networks. Their goal? To steal your personal information or even send out spam e-mail in your name, a practice known as wardriving. Use these tips to help protect your wireless network. read more ...

It's fun to download photos, video clips, and ring tones to your cell phone or other mobile device. But these types of downloads can put you at risk for a mobile virus. Learn some general rules to help protect your mobile device. read more ...

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft's Internet Explorer browser.

 read more ...

A British security researcher has figured out a way to manipulate legitimate features in Adobe PDF files to open doors for computer attacks. read more ...

More than a month after Microsoft patched the .ANI vulnerability, the geek favorite e-tailer Tom's Hardware has found the W32.ani Trojan lurking in one of its banner ads.
 read more ...

Would you trust eBay to keep your name, address and taxpayer identification number safe? What about uBid.com, or what about an obscure online broker you've never heard of? read more ...

Microsoft on Tuesday plans to release seven security bulletins, including a fix for a zero-day flaw in Windows that is already being used in cyberattacks.
 read more ...

WASHINGTON--Politicians on Thursday said the U.S. government must do more to counteract propagandizing by al Qaida and radical terrorist groups on the Internet.
 read more ...

Apple on Tuesday released a QuickTime update to fix a security flaw that was used to breach a MacBook Pro at a recent security conference.
 read more ...

The long-dormant giant of e-mail-based malware has come back to life in recent days. read more ...

Beware: Partner sites may not reach your own security standards, as Microsoft recently learned. read more ...

The economics of Denial Of Service blackmailing isn't working out, and botnet owners are shifting to other, less risky crimes. read more ...

Network security vendor Support Intelligence is naming names as part of a program to help clean up the Internet. read more ...

Microsoft has issued an "emergency" patch to fix a Critical remote code execution vulnerability in Windows cursor handling code plus six other vulnerabilities. The bugs affect every version of Windows since Windows 2000, including the latest version of Microsoft Vista. Mac, Linux, and Solaris users are immune.  read more ...

Microsoft said Sunday night that it is planning to make available this week a patch for a Windows flaw that has already been used in an attack. read more ...

Microsoft plans to release an emergency, out-of-cycle Windows update on Tuesday, April 3, 2006 to patch the animated cursor (.ani) vulnerability currently being used in widespread malware attacks. read more ...

If you're reading this with Internet Explorer on a Windows machine, don't. The Windows animated cursor zero-day attack that was coming through on IE 6 and 7 running on fully patched Windows XP SP2 is now also hitting Windows 2000, Server 2003 and Vista. As F-Secure advises, better to use some other combination.  read more ...

A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday’s discovery of Internet Explorer drive-by attacks. read more ...

By Paul Laudanski, CastleCops, Microsoft MVP Windows-Security
This article takes a look at the evolution and current state of the malicious software landscape and offers recommendations that can help users secure their computers and networks against such threats as botnets, phishing, and rootkits. read more ...

Daylight-saving time is springing forward three weeks earlier than usual this year, but consumers may be unaware that some of their gadgets won't automatically be making the transition.  read more ...

Firefox and Internet Explorer users beware: There are serious, unpatched flaws in both browsers that could allow the manipulation of authentication cookies and the hijacking of files from your Windows machine.  read more ...

This is just another example where we have the software charged with scanning and detecting malicious code being tricked by a package rigged to explode when inspected. read more ...

If you haven't changed the default password on your home router, let this recent threat serve as a reminder. read more ...

Apple issued four security updates Thursday to fix flaws in Mac OS X and iChat identified by the Month of Apple Bugs project. read more ...

A new, yet-to-be-patched security hole in Word is being used in targeted cyberattacks, Microsoft has warned. read more ...

Beware of e-mails bearing Valentine's Day greetings, or you may get a digital heartache. read more ...

Gary McKinnon, the U.K. citizen accused of breaking into and damaging NASA's computers, has begun an appeal against extradition to the U.S.  read more ...

In a Goliath vs. David story, Russian authorities are suing a Russian village school teacher for software piracy, reports the Associated Press. read more ...

What's happening over that cafe Wi-Fi - maybe even over the very unsecured network you run in your home? Probably nothing. But on some networks people are downloading child porn, soliting kids for sex, and engaging in criminal conspiracies. read more ...

The goal of the Trojan seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.  read more ...

The "Q406 Roll-up" is a security headache because the exploits are heavily encrypted, say experts. read more ...

McAfee's VirusScan Enterprise 8.5i is the culprit, and it affects Notes Client R6 and R7. read more ...

While false positives are less than one-half of 1%, that adds up to a lot when you find 114 million counterfeits.  read more ...

Experts are forecasting an increase in spam as a result of the "Storm" worm that sent out six separate waves containing hundreds of thousands of e-mails during the weekend, and continues to touch down on computers worldwide. read more ...

Microsoft plans to roll out a new release of its Windows Live OneCare managed security service to consumers in the United States and 16 other countries on Jan.30 –to coincide with the general release of Windows Vista.  read more ...

Opinion: The consensus is that the "Month of XXX Bugs" disclosures are just publicity stunts. read more ...

More than two months ago, I called on Microsoft to take out the botnets and their perpetrators. The call may have been answered.  read more ...

Opinion: Microsoft used the January 2007 security update to induce users to try Internet Explorer 7.0 whether they wanted to or not. But after discovering they had been involuntarily upgraded to the new browser, they next found that application incompatibility effectively cut them off from the Internet.  read more ...

MySpace.com has filed a lawsuit against Scott Richter, the so-called "Spam King" who allegedly sent out millions of unsolicited "bulletins" to MySpace members, the site announced Monday.  read more ...

Twenty-six computer tapes containing Internal Revenue Service taxpayer data have gone missing from City Hall in Kansas City, Mo.  read more ...

Faced with arguably its biggest security crisis since the 2003 network worm attacks, Microsoft is throwing its support behind a high-level powwow to discuss the escalating threat from zombie botnets and zero-day malware attacks. read more ...

To achieve a higher IT calling, avoid these transgressions at all costs. read more ...

As e-mails multiply, so do the problems, from the unabated increases in spam to increasing scrutiny by regulators. read more ...

ACLU and EFF lawyers put pressure on the government and telecommunication companies in the aftermath of the warrantless wiretapping controversy.  read more ...

HELSINKI (Reuters)—Computer virus writers started to use raging European storms on Friday to attack thousands of computers in an unusual real-time assault, head of research at Finnish data security firm F-Secure told Reuters. read more ...

"Storm Worm," one of the larger Trojan horse attacks in recent years, is baiting people with timely information about a deadly, real-life storm front, security researchers said Friday.  read more ...

The so-called "Storm Worm" swept into U.S. email systems on Friday, cutting a wider swath of American email systems than within Europe.  read more ...

LOS ANGELES (Reuters)—TJX Cos Inc., which operates the T.J. Maxx and Marshalls chains, said on Wednesday that the computer systems that process its customer transactions had been breached and customer information had been stolen. read more ...

Opinion: The really innovative cracking is happening on Web servers these days, and defensive research is moving in that direction too.  read more ...

The potentially massive data theft reported by discount retail conglomerate TJX Companies illustrates the continued efforts of hackers to rob businesses of their most valuable information.  read more ...

Microsoft has re-released an update issued in its January 2007 patch batch to correct a glitch in the way Excel 2000 processes information. read more ...

Adrian Lamo, the hacker best known for illegal pranks aimed at companies like Yahoo, Microsoft and The New York Times, is free once again.  read more ...

The controversial practice gained more attention after the HP scandal broke. read more ...

Security companies have to be careful when disclosing vulnerabilities not to jump the gun, as one vendor did recently. read more ...

"Spring Forward, Fall Back" is the old saying about daylight savings time, but the rules for when you do this are changing, and there are implications for computer users.  read more ...

You've probably seen domain names designed to trick you before, but one company is the market leader in being victimized this way. read more ...

Two security companies released interesting research this past week on the phishing problem. read more ...

While many security suites have a basic level of detection, these standalone tools will do a search-and-destroy on the rootkits that may be hiding in your system.  read more ...

Google has patched a cross-site scripting vulnerability in one of its Web-hosting services.  read more ...

Knowing when to disclose personal information, recognizing phishing, and keeping up with current news are just some of the ways to protect yourself online. read more ...

Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch.  read more ...

A California man faces up to 101 years in federal prison after a jury found him guilty of sending out e-mail scams as well as related crimes. read more ...

Symantec first dismissed the threat, but worm attacks are hitting users of the company's corporate antivirus software and turning PCs into zombies. read more ...

The message claims to come from a professional hit man who supposedly has orders to murder the recipient, but will drop the contract if he is paid $80,000. read more ...

A serious remotely-exploitable vulnerability in the QuickTime client was identified this week.  read more ...

A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts. read more ...

It's got some bugs and it's mostly just another PayPal phish, but there's an interesting new hook in this week's Top Phish. read more ...

Another new development in phishing could seriously interfere with phish-detection filters. read more ...

Researchers are finding an increasing number of malware programs that appear to be designed specifically to steal valuable data from business users. read more ...

The change, a month sooner than usual, will require patches for many software products, including versions of Outlook and Exchange. read more ...

Mysterious European hacker LMH has launched the Month of Apple Bugs project to span January, 2007. read more ...

On Tuesday, January 9, Microsoft released one critical update for Windows and three updates, two of them critical, for Office. read more ...

Microsoft on Tuesday released fixes for vulnerabilities in its Windows and Office software, but left several known Word zero-day flaws without a patch. read more ...

A significant attack method using links to Web-based PDF files was revealed at a security conference recently. In a paper entitled "Subverting Ajax", Stafano Di Paola and Giorgio Fedon noted the implications of a documented Adobe Acrobat Reader feature. read more ...

When people who know better don't act responsibly, who do you trust? read more ...

A recently discovered security weakness in the widely used Acrobat Reader software could put Net users at more risk than previously thought, experts warned Thursday. read more ...

Code execution vulnerabilities are spotted—and patched—in two widely deployed desktop applications. The more serious of the two is a scripting bug in Adobe's ever-present Acrobat Plug-In. The vulnerabilities could allow hackers to plant malicious code on millions of computers, according to warnings from the U.S. government's computer emergency response team. read more ...

Microsoft's security response team has announced plans to release eight security bulletins Jan. 9 with patches for a slew of Windows and Office vulnerabilities. read more ...

A zero-day Apple QuickTime flaw for Mac OS X has officially kicked off the MoAB (Month of Apple Bugs). read more ...

The first publicly released vulnerability in Windows Vista was reported recently. You're probably not running Vista yet, but should you be concerned? read more ...

It's officially a cat-and-mouse race to exploit—and fix—security vulnerabilities affecting Apple Computer's Mac operating system.  read more ...

An easy-to-exploit security vulnerability in Apple Computer's QuickTime media player could put millions of Macintosh and Windows users at risk of code execution attacks. read more ...

This fascinating video explains how a desktop device using reservoirs of basic materials will be able to assemble almost anything from scratch. read more ...

An e-mail worm disguised as a New Year's greeting is making the rounds on the Internet. read more ...

The companies behind an encryption system for high-definition DVDs are looking into a hacker's claim that he has cracked the code protecting the new discs from piracy, a spokesman for one of the companies said.  read more ...

Here is how Microsoft went about putting free laptops into the hands of bloggers. read more ...

ZDNet blogger Richard Stiennon offers his take on the top 10 threats for 2007. Among the topics he discusses are Distributed Denial of Service (DDoS), DNS, Identity Theft, Wireless, and Windows Vista. Get more information about these topics. read more ...

The workaround freezes the Vista product activation clock at 30 days to fool the timer into not counting down. This lets users run unauthorized Vista installations indefinitely. read more ...

Updated: E-mail security firm Commtouch says 85 percent of today's spam comes from remote-controlled "zombie" computers. read more ...

Microsoft has publicly acknowledged the discovery of the first Windows Vista security flaw. But just how serious is it? Opinions seem to vary widely. read more ...

The Department of Homeland Security and Travel Security Agency say they inadvertently pooled sensitive information on U.S. air travelers that they had previously promised not to share. read more ...

Multinational companies got a nasty holiday surprise when an earthquake disrupted Internet service across the region, reminding everybody just how fragile their IT operations are when a major disruption in the telecommunications infrastructure occurs. read more ...

Who will find the first major security flaw in Windows Vista? Will it be released as zero-day? Is there an end in sight to the botnet menace? Is spam close to being canned? Just who are these criminals phishing for your credit card data? read more ...

Proof-of-concept exploit code for a security flaw affecting all versions of Windows (including Vista) has been released on a Russian hacker forum, forcing Microsoft to activate its emergency response process. read more ...

Nolan Bushnell, founder of Atari and Chuck E. Cheese, opened uWink restaurant to cater to women who want to play games.

 read more ...

It is the first Windows Vista exploit made public since the operating system was released to volume license customers Nov. 30. read more ...

Sensors monitored by Symantec's DeepSight threat management service have reported a significant spike in traffic related to TCP port 2967, which Symantec has traced to scans generated by the "Sagevo" worm. read more ...

Washington Mutual installed stringent measures to combat phishers at the bank. Here, WaMu's information security chief offers five tips to help deal with the problem. read more ...

Are you a Bank of America customer? The Sitekey feature is there for your safety, but you still have to be careful about it. read more ...

You meet a lot of strange people buying and selling online, and some of them are trying to steal from you or dupe you into committing crimes for them. See an example of this sort of thing in this week's Bonus Security Tip. read more ...

Opinion: Morgan Stanley is facing disciplinary action because it said key e-mail messages were destroyed in the 9/11 terrorist attacks, but reportedly did not disclose that the backup records were intact. read more ...

QuickBooks users regularly endanger themselves because the product requires them to give excessive privileges to users. But there's a way to run QuickBooks 2006 as a non- Administrator. read more ...

Wireless hacker pleads guilty when his Google searches are used as evidence against him. read more ...

Mozilla has shipped a "highly critical" Firefox update to correct multiple security bugs that could cause cross-site scripting, information disclosure, denial-of-service and system access attacks.
...
Apple Computer was also busy on the patching front, shipping a fix for an obscure QuickTime for Java flaw that could cause lead to the disclosure of sensitive information. read more ...

Microsoft has claimed an important victory in its battle against software piracy. read more ...

The Mozilla Foundation has issued "critical" security updates to vulnerabilities discovered in the Firefox browser, Thunderbird e-mail client and SeaMonkey application suite. read more ...

The attack, which started early Tuesday morning Eastern time and continued Wednesday, affected four of ZoneEdit's 25 domain name servers.
 read more ...

News Analysis: Can the Russian anti-virus vendor innovate fast enough to stay relevant in a hypercompetitive security market? read more ...

A systems administrator who apparently feared imminent layoffs was arrested Tuesday in connection with installing "destructive computer code" on servers at his company, a major manager of prescription benefit plans. read more ...

Powered by GeoTrust and PhishTank, the release of a new tool expands Opera's commitment to secure browsing. read more ...

Sarasota County voters claim electronic voting machines malfunctioned in tight Nov. 7 congressional race read more ...

The company says it has developed a heat-resistant layer made of insulating metal oxide that would prevent a battery from overheating and possibly bursting into flames.  read more ...

Opinion: Botnets are doing more with less, and some say the next-generation software is just beginning to spread. Ask me again in March. read more ...

Adrian Kingsley-Hughes: Bill Gates recently told an audience of bloggers that DRM has "huge problems" and that "people should just buy a CD and rip it. You are legal then." Does this signal a change in how Microsoft views DRM? read more ...

Trend Micro has stumbled upon an auction style marketplace where zero-day exploits for Microsoft’s Vista operating system are going for $50,000. read more ...

A Google team has visited the Korean company that makes ThinkFree Office, a clone of Microsoft Office, for acquisition talks twice in recent days, according to Korean press reports. read more ...

The malware exploits a critical vulnerability in Symantec AntiVirus and Symantec Client Security, two of the vendor's business security products. read more ...

If a control server is shut down, the spammer can easily update the rest of the bots with the location of a new server as long as he controls at least one bot in the net. read more ...

Microsoft says IE7 users may see their PCs bog down as the filter evaluates multiframe pages for fraud indicators. read more ...

Researchers at Trend Micro infiltrate an underground exploit marketplace and find a Windows Vista zero-day attack for sale for $50,000. read more ...

The database hack highlights the need for more vigilant caretaking of information. read more ...

A new worm that uses a known security hole in Symantec's corporate antivirus tools to spread has hit the Net, experts warned Friday. read more ...

Yahoo said late Friday that it has fixed a bug in its newest version of Yahoo Messenger that changed a user's mail preferences without his or her consent. read more ...

eWEEK asked IT pros to share the best advice they ever received--the counsel that has led to personal and professional gains, as well as fewer headaches. read more ...

According to a research report by the LSE, a lack of qualified security workers is putting companies at risk as compliance demands become increasingly complex. read more ...

By loading a maliciously-crafted PDF file, an attacker could take control of computers running those versions of the software.  If you're running Adobe Acrobat and Acrobat Reader versions 7.0 through 7.0.8, it's time to get an update. Adobe has disclosed critical vulnerabilities in those versions. read more ...

A third security flaw in Microsoft Word has emerged, according to some security companies, and a researcher has published code for it that could be used to launch an attack. read more ...

Exploit code for yet another unpatched vulnerability in Microsoft Word has been posted on the Internet. read more ...

Researcher Stefan Esser has quit PHP, accusing the open-source group of hiding the slow response time to fixing vulnerabilities and refusing to patch known flaws for months. read more ...

MSTERDAM (Reuters)—Memory card and MP3 music player producer SanDisk said on Thursday a legal battle with MP3 patent holders is ongoing and shrugged off a statement from a patent pool firm claiming a judicial victory. read more ...

Microsoft has issued an update to Windows Vista that's intended to stop a piracy monster. The software maker said Thursday that the update is aimed at thwarting a technique that was letting some people use pirated versions of the operating system without going through the software's built-in product activation. Microsoft has dubbed the approach "frankenbuild" because it works by combining test versions of Vista with the final code to create a hybrid version. read more ...

Boeing has confirmed that a laptop stolen from an employee's car contained sensitive information on 382,000 workers and retirees. read more ...

When 10 backup tapes and disks were stolen from the back of a Providence Health & Services employee's minivan, thieves potentially gained access to the private information of 365,000 patients. Now, one year and $7 million later, the health care provider remains mired in the aftermath. read more ...

A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer "logic bomb" on company networks and betting its stock would go down. read more ...

How prepared is your information technology (IT) department or administrator to handle security incidents? Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much more costly than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy. read more ...

An unknown hacker has infiltrated a massive UCLA database with personal information on 800,000 people, in one of the worst computer breaches ever at a U.S. university.
 read more ...

Websense is reporting that a new form of cyber-extortion has emerged in recent days that exploits the promiscuous nature of cyber-cafes and PC-terminals.  By stealing email credentials from unsuspecting shared-terminal users, the attackers steal all the victim's emails and contacts and then sends a single message in the email account basically asking for ransom in a note written in Spanish. read more ...

Microsoft on Tuesday released seven security updates with patches for 11 security vulnerabilities, most of which affect the Windows operating system. read more ...

On patch day, Microsoft confirms a second, unrelated zero-day vulnerability in its widely used software program and warns that "extremely targeted" attacks are already under way. read more ...

Microsoft revealed last week that a vulnerability exists in Word, the Word Viewer, and Works that could allow for a compromise of the system through a malicious .DOC file. read more ...

Gartner vice president Paul E. Proctor wrote the book—literally—on intrusion detection. But a lot has changed since 2000, when he penned the Practical Intrusion Detection Handbook, a 359-page tome with tips on choosing vendors, setting up policies and justifying related costs. read more ...

Are laptops are an indispensable tool for high schoolers or merely an overpriced paperweight? That's the question that a Washington, D.C. area high school pondered before investing in services to make laptops more useful, reports The Washington Post.  read more ...

In another example of how schools fail to take extra precautions to avoid security breaches, a Greenville, NC, school has auctioned off old school computers which contained the Social Security numbers of more than 59,000 Greenville County students, reports The Greenville News. read more ...

They're one of the biggest security risks because of their knowledge and access. IT managers need to learn to identify and stop insider malcontents before they do some serious damage. read more ...

A second security vulnerability has been discovered in Microsoft Word in less than a week. The zero-day flaw, which is could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted Sunday night. Word 2007 is not affected, Microsoft said. read more ...

A really critical vulnerability in Microsoft Word 2000, 2002, 2003, Mac 2004, and Viewer will not make Microsoft's patch Tuesday this week and a newly found critical vulnerability in Windows Media Player playlists will also miss the boat.  The exploit code for both vulnerabilities are out in the wild and there have been attacks on the Word exploit seen in the wild.  Unfortunately we most likely won't see a patch until the January patch Tuesday which is nearly 5 weeks away and Microsoft rarely issues out of cycle patches unless there is an overwhelming amount of negative press such as the WMF issue in early January of this year. read more ...

Organized gangs have adopted "KGB-style" tactics to hire high-flying computer students to commit Internet crime, a report said on Friday. read more ...

'Tis the season to be jolly--especially if you're an online crook. This holiday season, more people are getting tricked by holiday "phishing" scams on the Internet. Unsuspecting shoppers are being lured to phony Web sites and tricked into divulging their credit-card information. Your best line of defense? Knowing how to spot these online scams. read more ...

As part of its monthly patch cycle, Microsoft plans to release on Tuesday six security bulletins, at least two of them deemed "critical." read more ...

Two antispyware watchdogs are urging federal regulators to take action against a music search Web site that they say is a front for malicious software. read more ...

A worm is spreading on MySpace through a malicious QuickTime file which uses Apple QuickTime's Javascript support to exploit a vulnerability in MySpace revealed recently to change links in the user's profile to links to porn and phishing sites. read more ...

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks. read more ...

There's a 16 percent chance your wireless 911 call won't go through. And if it does go through, there's one chance in eight that the 911 center will know where you are.
 read more ...

Verizon Communications announced on Dec.5 the launching of Verizon Online Backup, a broadband product that will allow small and midsize businesses to protect company and customer information. read more ...

Identity thieves are manipulating a feature in Apple Computer's embedded QuickTime player to launch phishing attacks on the popular MySpace.com social networking portal. read more ...

The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers. read more ...

Does your teen have a personal Web page on a social networking site like MSN Spaces or MySpace? These pages are often viewable to anyone--including predators and con artists. See ways that you can help your teen use these sites more safely. read more ...

Are you thinking about donating online to a charity this holiday season? Learn how to avoid e-mail and other holiday-related scams on the Web. read more ...

Microsoft's freshly minted Internet Explorer 7 browser is vulnerable to a window injection vulnerability that has haunted earlier versions of IE since Dec. 2004, according to a warning from Secunia. read more ...

FRAUDULENT SPAM E-MAIL CLAIMING TO BE FROM FBI DIRECTOR MUELLER

We have become aware of a bogus spam e-mail claiming to be from FBI Director Robert Mueller III. This scam appears to be a typical Nigerian scam; however, the attempt to defraud victims comes in two separate e-mails. The same e-mail address is used to deliver both phases of the spam.

 read more ...

Veteran malware researcher Joe Stewart was fairly sure he'd seen it all until he started poking at the SpamThru Trojan—a piece of malware designed to send spam from an infected computer.

The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and sophistication that rivals some commercial software.

 read more ...

This is a bug in the Microsoft XML Core Services that could allow remote code execution.  This re-release of the patch effects Windows 2000 Service Pack 4 systems. read more ...

Just hours after Microsoft released the final version of Internet Explorer 7, a security intelligence company warned users of the new browser's first official bug. read more ...

Botnets have become a big underground business, and the security industry has few answers. eWEEK delves into the uphill challenge in front of vendors by going to one company's research facility to study live botnets in action. read more ...

Microsoft was unable to offer immediate access to its monthly collection of security patches as a result of a procedural issue in distributing the content to users Oct. 10. read more ...

Providing employees with 30-in. computer monitors can boost worker productivity at companies where 17-in. or 19-in. monitors are typically used, according to a French consultant hired for a study sponsored by Apple. read more ...

A U.S. District Court judge ordered anti-spam organization Spamhaus to pay $11.7 million in damages against an e-mail marketing company. The U.K.-based Spamhaus said the U.S. court had no jurisdiction, and ignored it. Now, anti-spam advocates worry that the judge might order ICANN to eliminate the Spamhaus domain. read more ...

Microsoft released 10 individual security patches on Oct. 10, addressing a handful of critical problems in Office programs along with several equally serious issues in its Windows operating system. read more ...

Internet Gold developed a service to help small businesses fight off intrusive software. Could its efforts be a guide for corporate CIOs? read more ...

Thousands of government computers may be under the control of cybercriminals. Software bots—malicious code that turns PCs and servers into remotely controlled "zombies"—have dug into the computers of federal and state agencies, security experts say. Once infected, those computers can be used to distribute spam, launch denial of service attacks, and even direct sensitive information into the wrong hands. read more ...

Microsoft reported on Oct. 5 that it will release a total of 10 updates for its Windows operating system and Office productivity suite as part of its monthly security bulletin for October. read more ...

In the years before the tech bubble burst, IT was king: there was a huge demand for professionals with technical prowess and an overwhelming shortage of able bodies.

Techies could pick their job and name their salary. They could wear jeans and t-shirts to meetings and nobody would raise an eyebrow. They could roll their eyes when an employee had the gauche to not know where to put their Ethernet card.

 read more ...

As the established large e-commerce sites pour millions of dollars into security and enterprise-league hardened point-of-sale systems, cyber-crooks have been giving more attention to much smaller and less well-protected merchants. read more ...

WASHINGTON (Reuters)—The U.S. Commerce Department said on Friday it would retain oversight for three more years of the company that manages Internet domain names, renewing an agreement that was scheduled to expire this weekend.
 read more ...

In-the-wild exploits against the latest unpatched Windows vulnerability have started circulating, using Internet Explorer as the attack vector to load identity theft Trojans and rootkits on infected machines. read more ...

The emergence of a high-profile group of security professionals promising third-party software fixes during zero-day attacks has rekindled a debate on the merits—and risks—associated with deploying unsupported product updates. read more ...

On Friday, Sony said it would initiate a widespread global recall of its own battery packs, affecting most if not all of its customers. read more ...

Hewlett-Packard has purchased specialty PC maker VoodooPC, according to a blog post made by Rahul Sood, the president and chief technical officer of the company. read more ...

Microsoft issued a patch for a critical Internet Explorer vulnerability that's been exploited for more than a week. It's only the second time this year that the company has broken from its regular security update schedule.
 read more ...

What it does: For about a week a zero-day attack against fully-patched installations of Internet Explorer has been in use on the Internet, although attacks became much more widespread late last week. read more ...

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.  read more ...

Some Internet attackers cruise streets with a wireless computer or other radio-enabled device to locate and break into home wireless networks. Their goal? To steal your personal information or even send out spam e-mail in your name, a practice known as wardriving. Use these tips to help protect your wireless network. read more ...

It's fun to download photos, video clips, and ring tones to your cell phone or other mobile device. But these types of downloads can put you at risk for a mobile virus. Learn some general rules to help protect your mobile device. read more ...

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsoft's Internet Explorer browser.

 read more ...

A British security researcher has figured out a way to manipulate legitimate features in Adobe PDF files to open doors for computer attacks. read more ...