Brian Prince

Database security firm Sentrigo has added vulnerability assessment to its arsenal. Dubbed DBscanner, the new tool includes more than 3,000 different checks for Oracle, Microsoft SQL Server, IBM DB2 and MySQL databases. According to Sentrigo, those checks run the gamut from password strength issues to possible misconfigurations in database servers. The product also has database […]

A mass-mailer worm caused agita for IT administrators and topped the past week’s security news. Dubbed the “Here you have” worm based on the subject line of a carrier e-mail that flooded inboxes around the world Sept. 9, the worm disrupted e-mail systems at a number of high-profile companies and institutions. Reminiscent of old-school attacks […]

Adobe Reader and Acrobat users on Windows machines now have a potential shield available to protect them from attackers targeting a zero-day vulnerability. Microsoft and Adobe Systems announced Sept. 10 that the latest edition of Microsoft’s Enhanced Mitigation Experience Toolkit can be used to block attacks. The announcement followed reports that an exploit currently in […]

The Online Trust Alliance has formed the Anti-Malvertising Taskforce to combat malicious ads on the Internet. The task force currently comprises more than two dozen business, advertising industry and government representatives, but the OTA is still recruiting members to join and participate. As part of its efforts, the group has created a working draft of […]

A hacker linked to the infamous $9 million RBS WorldPay ATM heist was given a six-year suspended sentence by Russian authorities for his role in the crime, according to reports. In exchange for providing information to authorities, Viktor Pleshchuk, 28, of St. Petersburg, Russia, “received a reduced sentence, which includes four years of probation,” Bloomberg […]

A cyber-jihadist group may be to blame for the “Here you have” worm that reportedly struck organizations ranging from NASA to Wells Fargo. According to Joe Stewart, director of malware research at SecureWorks, there are indications a group called the Brigades of Tariq ibn Ziyad is behind the attack, as well as another campaign that […]

New figures from Panda Security’s anti-malware laboratory underscore how much cyber-crooks are looking to use the reputations of legitimate companies to fool victims. According to Panda, 57,000 new Websites are created each week to exploit 375 high-profile brand names worldwide. The statistics are based on a three-month investigation by PandaLabs. Notably, eBay and Western Union-related […]

A federal judge has brought Microsoft one step closer to seizing control of 276 domains controlled by the Waledac botnet. A magistrate judge in the U.S. District Court of Eastern Virginia decided Sept. 3 to recommend that a default judgment be granted in Microsoft’s favor. The defendants in the case were given 14 days to […]

A mass-mailer worm flooded inboxes at a number of high-profile organizations today. Dubbed “Here you have” because of its e-mail subject line, the worm struck organizations such as NASA and the Walt Disney Co. In some ways, the worm is a throwback to attacks such as the Anna Kournikova virus, which security researchers at Symantec […]

NSS Labs is planning to open an online store for security exploits. Through the Exploit Hub, NSS Labs will allow researchers to buy and sell exploits. According to NSS Labs President Rick Moy, the initial set of buyers will be “known quantities” such as penetration-testing companies and security vendors. “The goal is to close the […]