Brian Prince

Microsoft announced Feb. 11 that it will update Windows 7 with the ability to detect more than 70 activation exploits used by software pirates to beat Windows’ activation technology. The update is for Windows Activation Technologies (WAT), formerly known as Windows Genuine Advantage, and is slated to be posted to Microsoft’s download site next week. […]

You might expect an enterprise to be the first to notice its records had been breached. But as a report from Trustwave illustrates, that is rarely the case. According to a study of more than 200 data breaches that occurred in 2009, Trustwave found that just 9 percent were uncovered by the organization that was […]

A researcher at SecureWorks has uncovered a new Trojan swiping credentials of customers of roughly 15 large and medium-sized banks in the United States. SecureWorks has dubbed the malware the Bugat Trojan. The malware has similar functionality to other banking Trojans such as Clampi and Zeus, and was seen being distributed by a Zeus botnet. […]

Social networking brings with it its own set of privacy and security challenges. With Google making its own foray into the space with the launch of Google Buzz, security experts say users will have to find the right balance between privacy and openness. Like Facebook, Buzz allows users to post updates, videos and photos. Buzz […]

Microsoft issued 13 security bulletins for February’s Patch Tuesday, patching a total of 26 vulnerabilities in a massive update Feb. 9. Five of the 13 bulletins are rated critical-MS10-006, MS10-007, MS10-008, MS10-009 and MS10-013. Qualys CTO Wolfgang Kandek put MS10-006 and MS10-013 at the top of his list of patches to be deployed. The first […]

As security vendors have added cloud-based services to their portfolios, there have been ongoing discussions about how best to combine these services with on-premises security products. While many vendors offer both delivery models, Websense took it a step further Feb. 9 with a new platform that integrates data loss prevention, secure Web gateway and e-mail […]

Oracle has released an emergency patch for a security flaw in WebLogic Server in response to the discovery of a vulnerability that leaves users open to attack. The vulnerability lies in the Node Manager component of WebLogic Server, and could be exploited by attackers to remotely gain access to a vulnerable system. According to Vupen […]

China announced it has arrested three people in connection with operating a hacker training school that distributed malware and hacking tools to its members in online forums. According to Xinhua, China ‘s state-run newspaper, three people were arrested in connection with making the tools available online through a business known as Black Hawk Safety Net. […]

Mozilla has removed a pair of malware-laced Firefox add-ons from its site believed to have infected some 4,600 users. According to Mozilla’s Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojans targeting Windows users. The add-ons were considered “experimental,” meaning they had yet to survive a public […]

Two security researchers unveiled a new attack at Black Hat DC that targets the connection between Web applications and databases. Independent researcher Jose Palazon and Chema Alonso of security vendor Informatica64 presented their finding, which they called a CSPP (connection string parameter pollution) attack, at the Black Hat DC conference held Jan. 31 to Feb. […]