Brian Prince

Researchers with McAfee Labs have observed a significant spike in URLs leading to Koobface malware. Well known for targeting users of social networks such as Facebook since it first appeared on the scene in 2008, Koobface sends false messages and comments to the victim’s friends and redirects them to a malicious Website. From there, it […]

When insider data breaches hit, they hit hard. Just recently, a former senior database administrator for GEXA Energy was sentenced to a year in prison for illegally accessing, copying and damaging a customer database two months after he was fired. The act cost the company $100,000 in damages and former DBA Steven Jinwoo Kim his […]

Microsoft is investigating reports of a Windows security vulnerability being exploited by a Trojan some say is targeting industrial companies. The malware exploits a vulnerability in Windows’ handling of “lnk” shortcut files. According to VirusBlokAda (PDF), a security vendor based in Belarus, the Trojan propagates through USB devices and uses rootkit functionality to hide itself. […]

The United States is still No. 1 — in spam. According to Sophos, the United States is the source of 15.2 percent of all global spam messages in the second quarter of 2010, up from 13.1 percent in the first three months of the year. In second place is India with 7.7 percent. Brazil, the […]

A presentation on Chinese state-sponsored hacking has been pulled from the Black Hat security conference due to pressure from the Taiwanese government. The talk, titled “The Chinese Cyber Army: An Archaeological Study from 2001 to 2010,” was to be held by Wayne Huang, CTO of Web application security firm Armorize Technologies. Advertised by Black Hat […]

A cyber-security progress report from the White House July 14 shed some light on the government’s cyber-security efforts and what officials have planned for the future. President Obama released the results of a 60-day cyber-security review in May 2009 and declared cyber-security a national security priority. Since that time, the president has established the position […]

IBM pulled the covers off an upgraded appliance July 15 that combines intrusion prevention with data and Web application security. IBM IPS 4.1 offers a unified platform for managing network security capabilities ranging from automated virtual patch technology to client-side application protection. Through integration with IBM Security AppScan, the appliance can automatically produce custom policies […]

New research has found attackers are abusing Adobe System’s ActionScript programming language to dodge anti-malware defenses. ActionScript is the programming language of the Adobe Flash platform. In a recap of the threat landscape for the first six months of 2010, M86 Security reported observing attackers combining JavaScript with ActionScript in a bid to obfuscate malicious […]

Mozilla has removed a malicious, password-stealing Firefox add-on from its servers and added it to its block list. The add-on, Mozilla Sniffer, had been in Firefox’s library of add-ons since June 6, and had been downloaded nearly 1,800 times. “It was discovered that this add-on contains code that intercepts log-in data submitted to any Website, […]

Oracle pushed out 59 security patches July 13, including 13 for its database portfolio. Six of the 13 database vulnerabilities are for the Oracle Database server. Four of these can be exploited remotely over a network without authentication, Oracle advised. Both of the vulnerabilities in the TimesTen In-Memory Database can be exploited remotely without authentication […]