Brian Prince

Mozilla wants to make sure you are keeping your Adobe Flash plug-ins up-to-date. In Firefox 3.5.3 and Firefox 3.0.14 users will now be warned if they are using an older version of Adobe’s Flash Player plug-in. Older editions of the plug-ins can pose a security risk, as well as cause crashes or stability problems, warned […]

Hours after its latest Patch Tuesday release, Microsoft confirmed the presence of a serious zero-day bug in Windows Vista, Windows Server 2008 and release candidates of Windows 7. The vulnerability, which lies in Windows’ SMB (Server Message Block) 2, is due to the SMB implementation improperly parsing SMB negotiation requests. As of yesterday, Microsoft reported […]

Ten companies ranging from Yahoo to PayPal to Google are supporting plans to support pilot programs aimed at enabling users to log in to government Websites using OpenID and Information Card technologies. The initiative is meant to fit into President Obama’s memorandum to make it easy for individuals to register and participate in government Websites […]

It is no secret that the anti-virus market has been struggling to keep up with threats. For that reason, many security vendors have been moving away from a strictly signature-based approach in favor of other types of malware protection using techniques like whitelisting and behavioral-based detection. The latest example of this trend: Symantec’s Norton Internet […]

Microsoft released five critical security bulletins Sept. 8 to cover issues in Microsoft Windows that company officials said could allow hackers to remotely execute code. None of the vulnerabilities are known to be under attack at this time. Still, two of the bulletins address vulnerabilities that have been given the highest possible rating on Microsoft’s […]

It began with an e-mail sent to an employee at an energy company, and ended with a security breach that exposed critical systems to outside control. This is an-all-too common scenario, and just one example of the types of threats targeting not only critical infrastructure but organizations generally. The attack referred to above happened at […]

From Valentine’s Day to Independence Day, pretty much all the holidays this year have had at least one thing in common — the Waledac botnet. In a new paper (PDF) and a series of blog posts, Symantec researcher Gilou Tenebro offers a peek into what has made Waledac one of the most active botnets today. […]

Microsoft officials are reporting limited attacks targeting a zero-day vulnerability in the FTP service in Internet Information Services. The IIS vulnerability warning follows the release of new exploit code that can be used to create a DoS (denial of service) condition on Windows XP and Windows Server 2003 without requiring Write access. Also, a new […]

Why take one when you can have a baker’s dozen? Unfortunately, we are talking about infected files and not doughnuts. According to security company ESET, the average compromised machine is home to 13 infected files as well as malicious programs from three different malware families. ESET based its findings on scans of more than a […]

Microsoft is prepping five critical security bulletins for the Patch Tuesday release Sept. 8. All five are classified as remote code execution vulnerabilities in Microsoft Windows. The bulletins cover various editions of the operating system, ranging from Windows 2000 to Windows Server 2008. Though Microsoft offered few details regarding the bulletins, the company did say […]