Brian Prince

Microsoft is downplaying a SQL Server security flaw that could be exploited by someone with administrative privileges to see users’ unencrypted passwords. The vulnerability was discovered last year by database security vendor Sentrigo when one of their researchers noticed that the unique string of their personal password was visible in memory in SQL Server. Since […]

Apple is pushing out an older, vulnerable version of Adobe Flash Player with its “Snow Leopard” operating system upgrade, according to Sophos. Snow Leopard, aka Mac OS X 10.6, hit the streets Aug. 28 with much fanfare about promised performance improvements. Apple also generated some buzz by including a malware scanner in the mix to […]

Security vendor Marshal8e6 is sporting a new name and a new bag of integrated products bringing its technology together with technology from recently acquired Avinti. The new name-M86 Security-is meant to reflect the company’s focus on Web and messaging security, and is the second name change for the firm in less than a year. In […]

Oracle pulled the covers off Oracle Database 11g Release 2 today, bringing a host of new features around performance and management. A year ago, just what would be included in 11g Release 2 was the subject of intense speculation at the Oracle OpenWorld conference in San Francisco. Now, roughly a month before the 2009 conference […]

In some ways, the virtualization security market may be in a good news, bad news situation. The good news: More tools are appearing that focus on securing virtual environments. The bad news: Many may not be making their way into the IT infrastructure. A survey by Nemertes Research found that only 10 percent of organizations […]

This Zeus doesn’t call Mount Olympus home, but has found a resting place on millions of PCs. The Zeus Trojan, otherwise known as ZBot, is widely available for purchase in the cyber-underground. Zeus was linked to a campaign that stole thousands of FTP credentials in an effort to compromise a number of high-profile Websites — […]

Microsoft officials are investigating reports of a zero-day bug affecting Microsoft Internet Information Services in response to the appearance of exploit code on the Internet. The exploit, which targets a FTP server remote stack overflow, was published Aug. 31 on Milw0rm.com. According to US-CERT, the vulnerability may allow a remote attacker to execute arbitrary code. […]

Who needs a digital voice recorder when you have malware? According to Symantec, source code for a new Trojan targeting users of Skype VOIP has appeared on the Internet. So far there is no evidence the malware is spreading, but with the source code now public, it is possible malware writers can begin leveraging this […]

Reputed hacker Albert Gonzalez, the Miami man tied by investigators to several major data breaches, has agreed to plead guilty to a variety of charges, according to reports. Under the plea agreement, Gonzalez, 28, will face a maximum of 25 years in prison. According to authorities, he is at the center of a ring of […]

Apple plans to release Mac OS X 10.6, aka Snow Leopard, on Aug. 28, and cyber-criminals have taken notice. A number of rogue sites have popped up offering free copies of the latest version of Apple’s operating system. Researchers at Trend Micro are reporting that accessing these malicious sites lands users with a DNS (Domain […]