Brian Prince

Researchers at Security Explorations have uncovered a new critical zero-day flaw affecting all-supported versions of Oracle Java. The bug discovery was announced Sept. 26 on the Full Disclosure security mailing list, though technical details of the vulnerability remain under wraps. According to Security Explorations CEO Adam Gowdiak, however, the flaw impacts Java Standard Edition versions […]

A compromised copy of the MySQL tool phpMyAdmin containing a backdoor was being served to users from a SourceForge mirror based in Korea. SourceForge is a popular repository for open-source software. In a blog post, SourceForge explained how the malicious copy of phpMyAdmin–an administration tool for the MySQL open-source database–was downloaded roughly 400 times before […]

Time and time again, social engineering has shown itself to be one of the most effective tactics attackers use to defeat enterprise security. In a new research paper, security firm FireEye has identified the most common social engineering techniques used in spear-phishing attacks targeting enterprises. In an analysis of the threat landscape last month, Symantec […]

The Federal Energy Regulatory Commission (FERC) has created an office to address both physical and cyber-threats to energy facilities. The new Office of Energy Infrastructure Security (OEIS) will be inside FERC and be used to help the commission identify, communicate and address potential risks to facilities under FERC jurisdiction, such as oil, electric and gas […]

Microsoft released an emergency security update that squashes a zero-day bug in Internet Explorer that is being targeted by attackers. Early this week, the company released a Fix It tool to provide a temporary solution for users until a patch was ready. The zero-day impacts Internet Explorer (IE) versions 6, 7, 8 and 9. “Today […]

Microsoft has released a Fix It tool to address a zero-day flaw in Internet Explorer (IE) that has been the target of a number of hacking attacks. The Fix It tool provides a temporary solution for the situation while users wait for an emergency out-of-band patch Microsoft said will be made available Sept. 21. The […]

A new edition of the notorious TDSS malware has been spotted using a domain generation algorithm (DGA) in communications with its command-and-control (C&C) as it spreads throughout enterprises. Also known as TDL4, TDSS works by infecting master boot records, which has made it difficult for security programs to destroy. At one point, security researchers reported, […]

The PCI Security Standards Council (PCI SSC) is unveiling a set of best practices for mobile payment acceptance security. The standards, announced Sept. 13, follow predictions by analysts that the global mobile payment market will continue to grow. According to Gartner, worldwide mobile payment transaction values will surpass $171.5 billion in 2012, a roughly 62 […]

Microsoft is working with Adobe Systems to patch vulnerabilities in Adobe Flash Player affecting Windows 8, apparently changing course and choosing to push out a fix before the operating system hits stores next month. In Windows 8, Microsoft has opted to embed Flash Player in Internet Explorer 10 (IE 10). Last week, the company said […]

GoDaddy officials are looking for the cause of an outage that brought down the Internet domain name registrar and Website hosting giant for four hours Monday, taking millions of sites offline. It is not clear whether the outage was due to an attack. However, someone going by the Twitter name “AnonymousOwn3r” took credit for taking […]