Brian Prince

Adobe Systems released a massive security update for Flash Player to fix nearly 20 vulnerabilities, while Google Chrome got a security boost of its own. Included in the Adobe update is a fix for CVE-2010-3654, a bug the company warned about last week and has come under attack. If exploited, the vulnerability can cause the […]

Microsoft has patches planned next week for 11 security vulnerabilities in Microsoft Office and Forefront Unified Access Gateway. November’s Patch Tuesday release is much smaller than the 16-bulletin, 49 vulnerability-strong update released last month. This time, there are just three bulletins, two of which are rated “Important” and a third is rated “Critical.” The critical […]

The European Union wants to overhaul its privacy laws and tighten Web users’ control over their information on social networking and other sites. The push for new rules follows continued concerns about online privacy due spotlighted by recent controversies, such as the situation with Google Street View. On Nov. 3, the U.K.’s Information Commissioner ruled […]

App testing firm Coverity uncovered 88 high-risk defects in the source code for the Android kernel used in HTC’s Droid Incredible. The data was collected for the “2010 Coverity Scan Open Source Integrity Report.” Although Coverity refrained from revealing the specific defects, the company counts issues such as memory corruptions, memory illegal accesses and resource […]

Security researchers have uncovered a new Internet Explorer zero-day being used in malware attacks. The situation was uncovered by Symantec after researchers observed a limited spam campaign seeking to trick users into clicking on a link. The spam had the subject line “re: hotel reservations,” and posed as a message about a hotel room. Once […]

Sentrigo is looking to bring database security to the cloud by making its Hedgehog Enterprise and vPatch products available on Amazon Elastic Compute Cloud (Amazon EC2). The move is meant to help organizations deal with the compliance issues posed by storing data in the cloud by providing database activity monitoring, intrusion prevention and virtual patching. […]

Google has agreed to settle a class-action lawsuit brought by Gmail users claiming Google Buzz violated their privacy. As part of the settlement, Google said it will create an $8.5 million fund, with the majority of the money going to organizations focused on Internet privacy education and policy. In addition, Google pledged to do more […]

Smartphone security mostly still means having the ability to remotely manage devices. Still, malware targeting smartphones does exist, and the prospect that attackers will get more actively involved in exploiting is real. With that in mind, security researchers Collin Mulliner and Jean-Pierre Seifert discussed how attackers could build a smartphone (PDF) botnet that would be […]

Adobe Systems plans to release a patch by Thursday to address a critical vulnerability in Adobe Flash Player that the company warned users about last week. The update will be for Flash Player 10x for Windows, Macs, Linux and Solaris, but the bug actually covers larger ground. The authplay.dll component that ships with Adobe Reader […]

Google is extending its vulnerability reward program to cover its Web properties, including YouTube and Orkut. The program will pay researchers a maximum of $3,133.70 for finding bugs in Google’s Web applications and reporting them directly to the company. Google announced the program Nov. 1, building upon a program it started earlier this year to […]