Lisa Vaas

Microsoft has finally patched the critical URI-handling flaw that has been haunting Windows users since it was disclosed—and blamed on Firefox—in July. As it turned out, Firefox was only one of a slew of attack vectors for this flaw, which has been circulating in the wild via maliciously rigged PDF files and other exploits since […]

An undisclosed number of Seagates Maxtor Basics Personal Storage 3200 units have shipped with a virus that steals passwords to online games—including World of Warcraft—the company is warning customers. Seagate got the heads up from Kaspersky Labs, which identified the virus as Virus.Win32.AutoRun.ah. The virus deletes similar viruses and can disable virus detection software as […]

A 26-year-old security consultant named John Schiefer has admitted to illicitly installing code to assemble botnet armies of up to 250,000 infected computers that harvested user PayPal names, passwords and other personal and financial information. In this, the first prosecution of its kind in the nation, the Los Angeles man will plead guilty to four […]

Rogue anti-spyware software that pushes fraudulent PC scans has found its way onto DoubleClick and legitimate sites, including CNN, The Economist, The Huffington Post and the official site of the Philadelphia Phillies. DoubleClick officials told eWEEK that they have recently implemented a security monitoring system to catch and disable a new strain of malware that […]

Attackers have stolen passwords and accounts from 92 nonprofits by infiltrating systems at Convio, the leading online marketing company for nonprofits. Affected nonprofit organizations include the American Museum of Natural History, Working Assets, CARE and Free Press. According to a letter sent by Convio to one of the affected organizations, the e-mail addresses and member […]

Patch Tuesday will bring two security bulletins from Microsoft, one of which is critical and involves a remotely exploitable hole on Windows systems, the other of which is rated important and also affects Windows. eEyes Zero-Day Tracker, as of Nov. 9, is listing three active zero-day Windows and Internet Explorer vulnerabilities, all of which have […]

MySpace has been breached by an attacker whos planted malware and a fake codec on a number of musicians sites, most notably, that of Alicia Keys, a popular singer whose site was booby-trapped, cleaned up for a few hours and promptly rehacked. Exploit Prevention Labs Roger Thompson said in a Nov. 8 posting that MySpace […]

If you don’t do Network Access Control right, not only will your network still be full of holes, but you’ll wind up paying more than the company down the road that did it right and has shrunk unauthorized network access to zilch. Doing NAC wrong combines insult and injury in one ratty little package, according […]

WabiSabiLabi, the eBay of security vulnerabilities, confirmed that its founder and strategy director has been arrested in connection with an ongoing spying investigation and remains custody in Milan. Italian news media reported that Roberto Preatoni was arrested on Nov. 5 and charged with unauthorized access to computer systems and wiretapping. WabiSabiLabi, which was launched in […]

The notorious Russian Business Network has suddenly picked up from its St. Petersburg digs and diversified, spreading its unwholesome activity to new chunks of IP addresses, with RBN-like activity almost immediately appearing on newly registered blocks of Chinese and Taiwanese IP addresses, according to security company Trend Micro.The Internet presence for the RBN—a Russian ISP […]