Brian Prince

Researchers are warning organizations to address a recently-patched authentication bypass vulnerability affecting MySQL databases. Calling the issue “tragically comedic,” Rapid7’s HD Moore explained that the flaw allows for any password to be accepted even if it not the right one. “This flaw was rooted in an assumption that the memcmp() function would always return a […]

An unsuccessful spear-phishing attempt against a company specializing in assessing industrial control systems is tied to a larger campaign believed to be emanating from China, security researchers say. Last week, it was revealed that an employee of Digital Bond had received an email from an account meant to impersonate CEO Dale Peterson. The message linked […]

A zero-day flaw in versions of Microsoft’s XML Core Services (MSXML) is being actively exploited in the wild. The vulnerability, which was discovered by Google, exists when MSXML attempts to access an object in memory that has not been initialized, and affects all supported versions of Windows as well as Microsoft Office 2003 and 2007. […]

Microsoft patched more than two-dozen security vulnerabilities across several of its products. The patches were included in seven bulletins, three of which were rated “critical” and touch issues related to Internet Explorer, .NET Framework and the Remote Desktop Protocol (RDP). The other four bulletins are rated “important,” though like the critical ones they have all […]

Researchers at Kaspersky Lab have found what they believe is a direct link between Flame and the Stuxnet malware that was discovered targeting uranium centrifuges at Iran’s nuclear facilities. According to Kaspersky, the main module in Flame contains code similar to what was found in an early iteration of Stuxnet. The discovery is significant, as […]

LinkedIn and eHarmony have contacted law enforcement authorities to help investigate the posting of a treasure trove of user passwords online. LinkedIn even brought in the FBI to help with the investigation of how millions of user passwords were leaked. Earlier this week, the news circulated that a file with some 6.45 million SHA-1 hashed […]

Google is warning Gmail users that the company believes that they may be targeted in state-sponsored attacks. Though Google did not mention the Chinese government by name, China has been a frequent target of such allegations since Google blamed the country’s government for the Aurora attacks. Tuesday, Eric Grosse, Google’s vice president of security engineering, […]

LinkedIn is investigating reports that millions of user passwords have been breached and posted on a Russian hacker forum. The post allegedly contains a file that lists roughly 6.45 million SHA-1 hashed but unsalted passwords of LinkedIn users. Usernames were not included. “We can confirm that some of the passwords that were compromised correspond to […]

Security researchers have released new details showing that the Flame malware abused Microsoft’s Windows Update mechanism to infect other computers through a man-in-the-middle attack. “When a machine tries to connect to Microsoft€™s Windows Update, it redirects the connection through an infected machine and it sends a fake, malicious Windows Update to the client,” blogged Alexander […]

Microsoft issued an update June 3 to address a certificate issue exploited in the Flame malware attacks. Flame, which was publicized by security researchers last week, is a cyber-espionage toolkit that incorporates a wide range of functionality, including intercepting Web traffic, recording audio and taking screenshots. According to Microsoft, components of Flame use were signed […]