Brian Prince

A security researcher has uncovered multiple vulnerabilities affecting PayPal, the most critical of which could have enabled attackers to access PayPal’s business and premier reports back-end system. The vulnerabilities were patched recently by PayPal after security researcher Nir Goldshlager of Avnet Technologies brought the vulnerabilities to the site’s attention. The most critical bug was a […]

The stereotype of the teenage hacker wreaking havoc from his mother’s basement has been replaced in recent years by the image of organized crime rings in Eastern Europe stealing financial information with banking Trojans. But a survey of teenagers in New York City by Tufin Technologies indicates that hacking is far from dead among young […]

New research from Google underscores the breadth of fake antivirus operations on the Web. An analysis of 240 million Web pages collected by Google’s malware detection infrastructure over a 13-month period discovered more than 11,000 domains involved in the distribution of rogue antivirus (AV). While that may be a small overall percentage, Google’s research found […]

The process of developing security metrics can be a head scratcher. With the volume of data enterprises create, how can organizations determine what’s worth measuring? I put the question to Marcus Sachs, executive director of National Security and Cyber Policy for Verizon, who sat on a panel at the recent RSA security conference in San […]

When Oracle announced it planned to acquire Sun Microsystems, concern about the fate of MySQL arose immediately. Roughly a year later, the deal is done, but questions still remain. Today, Oracle Chief Corporate Architect Edward Screven plans to answer some of those queries with a keynote at the O’Reilly MySQL Conference & Expo in Santa […]

Microsoft wasn’t the only company to issue security patches April 13. Oracle and Adobe Systems pushed out updates to their products as well. Oracle plugged 47 security holes in a massive update, the company’s second of the year. Sixteen of the Oracle vulnerabilities are tied to the Oracle Solaris (formerly under Sun Microsystems) product suite. […]

Microsoft issued patches April 13 to cover 25 security holes across Windows, Office and Exchange. Five of the 11 security bulletins issued were rated critical, and Microsoft is calling administrators’ attention to three in particular: MS10-026, MS10-027 and MS10-019. All three vulnerabilities can leave users open to remote code execution by attackers. They affect Microsoft […]

Hackers launched a multistage, targeted attack against the Apache Software Foundation’s infrastructure April 5 that compromised user passwords. According to the foundation, the hackers took advantage of an XSS (cross-site scripting) vulnerability using a shortened URL to target the server hosting issue-tracking software for the open-source group’s projects. The foundation uses a donated instance of […]

Users of the popular Facebook game “Farm Town” were hit with a rogue antivirus scam tied to malicious advertising. SlashKey, the developer behind “Farm Town,” issued a warning about the malware scam, which drew hundreds of comments to its user forum. According to findings posted here by researcher Sandi Hardmeier, the ad in question was […]

When the final version of Adobe Flash Player 10.1 hits desktops later this year, it will bring with it new functionality designed to allow users to automatically clear Flash cookies after a Web session. But while the feature may be lauded in the name of privacy, it may also force online banks to change how […]