Ryan Naraine

Ripples from the latest management shake-up at Microsoft are being felt throughout the all-important STU (Security Technology Unit). Mike Nash, the corporate VP who guided Microsoft through some of its biggest security crises and led an aggressive effort to reshape the companys embarrassing image, is leaving his STU office and handing the keys to Windows […]

Microsoft has issued a pre-patch advisory with workarounds for a “highly critical” vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers. The advisory confirms the existence of a code execution hole that was discovered and publicly reported by Secunia Research of Copenhagen, Denmark. “When Internet Explorer displays a Web […]

Apple is getting a lecture on its security response process from the unlikeliest of places. In a classic flipping of the script, a Microsoft program manager who regularly serves as the public face of the software makers security response process rapped Apple for the way it handles security guidance to customers. In a series of […]

The StopBadware.org coalition, funded by Google, has listed the Kazaa file-sharing application at the top of a list of noxious software programs that present a threat to business and consumer users. The coalition, which counts Sun Microsystems and Lenovo among its sponsors, will recommend in its inaugural Badware Report that users stay away from Kazaa […]

Researchers at Websense Security Labs have stumbled upon a password-stealing Trojan that uses sophisticated DNS redirection techniques to dodge server shutdowns and hijack online banking data. The new phishing attack targets users of more than 100 financial institutions in the United States and Europe, including Bank of America, HSBC, Barclays Bank, Lloyds TSB. According to […]

Anti-virus powerhouse McAfee was left wiping egg from its face after shipping a virus definition update that incorrectly flagged hundreds of legitimate software programs as a low-risk virus outbreak. McAfee, of Santa Clara, Calif., released the erroneous .DAT file 4715 with definitions for a wide range of new malware threats. When the update was installed, […]

The explosion of criminal extortion activity on the Internet took another turn with the discovery of a new Trojan that encrypts files on an infected computer and then demands $300 in ransom for a decryption password. The Trojan, identified as Cryzip, uses cryptography to store the targets documents inside a password-protected Zip file and leaves […]

The U.S. arm of credit and debit card giant Visa International has issued an alert for flaws in cash-register software made by Fujitsu Transaction Solutions that could put sensitive cardholder information at risk. According to a report in The Wall Street Journal, the bug can cause the inadvertent storage of customer data—including secret PINs—within the […]

Spurred on by the ongoing cat-and-mouse game between malicious hackers and existing anti-rootkit scanners, a pair of security researchers have teamed up on a new tool that promises a solution to the threat from stealthy malware. The new tool, called RAIDE (Rootkit Analysis Identification Elimination), is the brainchild of Peter Silberman, a college student known […]

Independent security research outfit FrSIRT.com is putting its database of security exploits behind the paid curtain. FrSIRT, previously known as K-Otik, has shut down the public exploits section of its Web site and announced that all exploits and proof-of-concept code will be sold through its subscription-based VNS (Vulnerability Notification Service). The 3-year-old company, which operates […]