Brian Prince

Microsoft is planning to release 13 security bulletins Feb. 9 as part of this month’s Patch Tuesday. Five of the 13 bulletins are rated critical, seven are rated important and one is rated moderate. All but two of the bulletins address security issues in Windows, with the other two dealing with issues in Microsoft Office. […]

According to media reports, Google and the National Security Agency are planning to partner to improve cyber-security at the company in the wake of an attack that struck Google in December. The Washington Post reported that the NSA is working on an agreement with Google to help analyze the attack so the company can improve […]

Google, China and the Anatomy of the Aurora Attack by Brian Prince Internet Explorer Becomes a Target The vulnerability leveraged in this attack is a memory corruption issue that can be exploited to allow an attacker to remotely execute code. The attackers in Aurora focused their efforts on IE 6, though proof-of-concept code was developed […]

Apple has closed five security holes impacting the iPhone and iPod Touch that left users open to attack. Of the five vulnerabilities fixed by the latest iPhone OS update (3.1.3), four can be exploited to execute code. Two of the vulnerabilities are buffer overflow issues. One exists in the CoreAudio component’s handling of mp4 audio […]

Microsoft is investigating claims of an Internet Explorer vulnerability that could allow an attacker to access victims’ files. While Microsoft said it is not aware of any attacks targeting the vulnerability, the company warned Feb. 3 that if a user is not running IE in Protected Mode or is running IE on a Windows XP […]

PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaboration, and is used to help secure trusted electronic transactions across individuals, servers and mobile devices. […]

Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reason, the company decided to push […]

Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector-Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September. The exploit used in the attacks only affected IE 6, which […]

Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest social networking site. The statistics, which were included […]

Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user’s knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave’s SpiderLabs, will present their findings at ShmooCon, held Feb. 5 to 7 in Washington. […]