Brian Prince

Core Security Technologies has issued an advisory for multiple vulnerabilities affecting HP’s popular OpenView systems and network management software. An engineer from CoreLabs, the company’s research arm, uncovered three vulnerabilities in HP OpenView NNM (Network Node Manager) that can be exploited remotely via buffer overflows to compromise mission-critical servers. Though two of the vulnerabilities are […]

HP is putting the spotlight on securing applications using Adobe Flash with a new code analysis tool. HP’s answer to Flash security is HP SWFScan, a free tool designed to help application developers defend against vulnerabilities before the hackers can get their hands on them. The tool works by decompiling applications developed with Flash to […]

The stock market may be struggling, but the market for purveyors of rogue anti-virus is going strong. In a report, researchers at Finjan offered a peek into the inner-workings of the market for rogue anti-virus. The company focused on a group of cyber-crooks running a rogueware affiliate network that hauled in an average of $10,800 […]

From Microsoft’s Internet Explorer 8 to Apple Safari, popular Internet browsers have taken a bit of a public beating the week of March 16. Even as hackers continue to focus most of their attention on Web applications, exploits targeting the browser always make juicy tidbits for black hats. In Cenzic’s Web Application Security Trends Report, […]

Security researchers have released proof of concept exploit code for an Intel chip flaw that could be abused to compromise computer systems with stealthy rootkits. The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorized access to SMRAM, a protected region of system memory where the system management […]

Microsoft is releasing an open-source tool to help application developers examine the causes behind program crashes. Microsoft plans to unveil the tool, called the !exploitable Crash Analyzer, on CodePlex March 20 at the CanSecWest conference in Vancouver, British Columbia. A Windows debugger extension, the heuristics-based tool is aimed at not only helping developers assess what […]

Imperva has built new analytic capabilities into its database activity monitoring tool to enable auditors to more easily analyze and correlate information. The new feature, contained within SecureSphere 6.2, is called Interactive Audit Analytics and allows auditors to piece together patterns and identity unauthorized operations and attacks. For example, if there are a number of […]

NitroSecurity has continued its strategy of buying its way into the event monitoring space with the purchase of U.K-based Chronicle Solutions. The plan is to integrate Chronicle’s application monitoring technology with NitroSecurity’s database activity monitoring and SIEM (security information event management) tools to offer enterprises better visibility into their environments as a means of preventing […]

The minds behind the Waledac botnet are using the physical location of victims’ machines in a scheme to lure them with false news reports. The e-mails, which have subject lines like “Why did it happen in your city?” claim that 18 people have been killed in an explosion and link to what appears to be […]

A startup is pushing a protocol based on Secure Sockets Layer encryption that enables Web applications to securely authenticate each other before mashing up. The company, SafeMashups, is taking on a problem others have tried to solve using proprietary cryptography. Rather than take that approach, SafeMashups is using its MashSSL protocol-based on the time-tested cryptography […]