Brian Prince

As it turns out, application security has a language barrier of sorts. While security flaws affect applications written in every programming language, a new report shows that apps created using particular languages are more likely to have certain types of vulnerabilities than others. In its State of Software Security report, application security firm Veracode found […]

Microsoft patched 14 security vulnerabilities in its Patch Tuesday update on April 9, including critical bugs affecting Windows and Internet Explorer. To address the vulnerabilities, Microsoft released a total of nine security bulletins this month, including two bulletins ranked “critical.” Both of the critical bulletins, which affect Internet Explorer and Windows Remote Desktop Client, address […]

Microsoft is set to release “critical” bulletins impacting Internet Explorer and Windows next week as part of Patch Tuesday. All totaled, Microsoft will release nine security bulletins, only two of which are “critical” and deal with remote code execution issues. The seven other bulletins are rated “important” and address vulnerabilities in Microsoft Office, Windows Defender, […]

Federal authorities have issued a warning to emergency services call centers to be wary of telephony denial-of-service (TDoS) attacks. TDoS attacks attempt to flood telephone networks with calls to overwhelm them, much the same way attackers will route Internet traffic to overwhelm a computer network. In a security alert from the FBI and Department of […]

Bad system configurations are exposing countless pieces of data housed in Amazon Simple Storage Service (S3) “buckets” and leaving them open to prying eyes. Amazon S3 is an online storage service offered by Amazon. The number of database objects users can store is unlimited. The objects are stored in buckets and users retrieve them with […]

Researchers at Symantec have detected a new variant of the Tidserv (TDL) malware that takes advantage of the Chromium Embedded Framework (CEF) to enhance its attack. CEF is an open-source framework for embedding a Web browser control based on Google Chrome. This enables developers to create applications that have Web browser windows. According to Symantec, […]

Apple has turned to two-step verification to improve the security defenses against account hijacking for Apple iTunes and App Store. The feature—which was announced March 21—works by sending a SMS message with a four-digit verification code in it sent from Apple that users have to enter from a “trusted device” in order to access their […]

Botnet takedowns and the occasional arrest have made the cost of doing business a bit higher for cyber-criminals. However, there is some good news for the cyber-underground: The cost of actually running their businesses is relatively cheap. According to research into the botnet market by security firm Fortinet, getting a “botnet up and running costs […]

Google will pay a security researcher $40,000 for a partial exploit of its Chrome OS. The researcher, who goes by the alias “Pinkie Pie,” targeted the operating system at the Pwnium 3 hacking competition March 7 at the CanSecWest conference in Vancouver, Canada. CanSecWest also hosts the annual Pwn2Own competition operated by Hewlett-Packard TippingPoint’s DVLabs. […]

U.S. federal authorities have accused a Thomson Reuters social media editor of conspiring with hacktivists in the Anonymous collective to break into the Tribune Co. computer system. Matthew Keys, 26, of Secaucus, N.J., was charged March 14 in California with one count each of conspiracy to transmit information to damage a protected computer, transmitting information […]