Brian Prince

Trojan Tied to RSA SecureID Breach Linked to Multiple Cyber-Campaigns

Dell SecureWorks has connected malware used in the RSA SecureID breach to attack campaigns going back several years that have targeted companies in countries around the globe. Using a Remote Access Trojan (RAT) known as “Comfoo,” the attackers have been traced to at least 64 campaigns, according to Joe Stewart, director of malware research at […]

BlackBerry, Mozilla Team Up to Develop Free Web Security Testing Tool

Security experts at BlackBerry and Mozilla have teamed up to develop a testing tool aimed at discovering and fixing software vulnerabilities in Web browsers. The two companies are working together to develop “Peach,” a free testing tool, to improve Web browsers security. Peach was created by Michael Eddington of Déjà vu Security in 2004 and […]

First Ponzi Scheme Involving Bitcoins Results in Texas Man’s Arrest

A Texas man and his company has been charged by the U.S. Securities and Exchange Commission (SEC) for defrauding investors in a Ponzi scheme involving bitcoins, a virtual currency used online. Federal investigators said this was the first Ponzi scheme they have uncovered that involves bitcoins, but as in all Ponzi schemes the accused promised […]

Black Hat: Don’t Blindly Trust Vulnerability Data

Numbers never lie—except when they are used to draw false conclusions. And if those false conclusions are part of an IT security strategy, then nothing good can happen. Just ask Brian Martin and Steve Christey, members of the CVE (Common Vulnerabilities and Exposures) Editorial Board, who at the upcoming Black Hat USA conference (July 27 […]

Researcher Proposes Using Machine Learning to Improve Network Defense

Getting the most out of mountains of log data can be trying to say the least. In a conference where many are focused on defeating security, independent researcher Alexandre Pinto wants to find ways to make defending enterprise networks both smarter and easier. At the upcoming Black Hat conference in Las Vegas, Pinto plans to […]

Microsoft, Adobe Patch Critical Vulnerabilities in Security Updates

Microsoft and Adobe Systems released a series of critical security updates for their customers to close down security holes before hackers sneak in. As part of Patch Tuesday, Microsoft issued patches for 34 vulnerabilities across its product lines. Six of the seven bulletins this month are rated “Critical,” while the remaining bulletin is considered “Important.” […]

Microsoft Plans Critical Windows Security Patches

Microsoft is planning to patch several critical vulnerabilities next week for Patch Tuesday, including a Windows vulnerability that recently sparked a debate regarding responsible disclosure. All totaled, the company will be releasing seven security bulletins July 9, including six that are rated “critical” and affect Internet Explorer, Windows, the .NET Framework, Silverlight and GDI+. “IT […]

Facebook Patches Mobile Text Vulnerability, Rewards Flaw Discoverer

Facebook has fixed a vulnerability that a U.K. security researcher discovered could have been used to hijack user accounts via Facebook’s Mobile Texts feature. The researcher, who goes by the nickname ‘fin1te,’ was rewarded with $20,000 via Facebook’s bug bounty program for finding the flaw and reporting it to social network last month. “Facebook gives […]

Opera Data Breach Exposes Legions of Windows Users to Malware Attack

Browser vendor Opera Software disclosed June 26 that its network had been successfully attacked, enabling hackers to gain access to an expired Opera code-signing certificate. The certificate has been used to sign malware, according to Opera, which added that user data was not affected in the attack. “On June 19th we uncovered, halted and contained […]

Google Adds Malware, Phishing Data to Transparency Report

Google has added statistics about malware and phishing attacks to the company’s Transparency Report as a means of educating users about threats on the Web. “Two of the biggest threats online are malicious software (known as malware) that can take control of your computer, and phishing scams that try to trick you into sharing passwords […]