Brian Prince

A resurgence of malware activity in Russia has caught the eye of security vendors. Recently, researchers at Trend Micro have found a Russian server hosting some 400 pieces of malware that may be part of a forthcoming large-scale attack, while at least one other vendor reported that the country has quickly moved back up on […]

Apples answer to the early security threats to iPhone is apparently a lot more than just try to plug security holes—it also uncovers and erases any user modifications to the devices firmware, according to hackers. On iPhone Dev Wiki, a Web site developed by people involved in efforts to unlock the iPhone, when the security […]

A Texas-based startup is shipping a new all-in-one network security testing product. BreakingPoint Systems has released the BPS-1000, a network test system that permits multilayer emulation testing at multigigabit speeds. With the new release, BreakingPoint promises performance, stress, security and conformance testing in a single device. “We support Layer 2 bit blasting, routing, sessions, 20-plus […]

Researchers from SecureWorks have created two new tools to address security issues. They will be presenting the tools at the Black Hat convention, which runs July 28-Aug. 2 in Las Vegas. The first tool, known as CaffeineMonkey, was developed by SecureWorks Ben Feinstein and Daniel Peck. CaffeineMonkey helps IT pros detect Web sites hosting malicious […]

Core Security Technologies is unveiling an open-source tool called Core Grasp Aug. 2, which is aimed at protecting Web applications from attack. Researchers from CoreLabs will be presenting the tool, which was created with an eye towards preventing SQL-injection attacks for applications written in PHP, at the Black Hat conference in Las Vegas. By exploiting […]

Yahoo is urging users of Yahoo Widgets to upgrade to address a vulnerability hackers can exploit remotely to take control of a compromised system. According to researchers at the French Security Incident Response Team, the issue is caused by a buffer overflow error in the “YDPCTL.YDPControl.1” (YDPCTL.dll) ActiveX control when processing malformed arguments passed to […]

Researchers at Core Security Technologies have donned their black hats and are preparing a presentation about a new database attack vector that relies solely on the inherent characteristics of the indexing algorithms. The attack, which will be demonstrated Aug. 1 against the MySQL database engine at Black Hat USA in Las Vegas, affects database management […]

Core Security Technologies has released a new version of its flagship enterprise security assurance testing tool. With the tool, dubbed Core Impact v7, the Boston-based company is taking aim at social engineering attacks threatening end users and their applications. The new capabilities include an automated client-side RPT (rapid penetration test) methodology implemented with easy-to-use wizards […]

Sybase is adding to the encryption and manageability security of Adaptive Server Enterprise in a new version of the companys relational database management system. In ASE 15.0.2, announced July 30, customers can encrypt individual columns with a single command, and need not encrypt a full table or the entire database. “The reason to do encryption […]

Call it a case of who was on first first. Officials at CyberDefender and Crawler traded barbs recently over a press release issued July 27 about Crawlers Spyware Terminator 2.0 and Web Security Guard. In the release, Crawler officials stated that the real-time anti-spyware protection in Spyware Terminator coupled with Web Security Guards Internet threat […]