Lisa Vaas

The Mac’s first Trojan won’t be its last: Security researchers at F-Secure have found that the gang behind the malware has been churning out slightly modified versions to evade anti-malware detection. That’s nothing new—the fake codec the Trojan is masquerading as is a variant of Trojan.DNSChanger, malware that’s been plaguing Windows users for some time. […]

Customers on a leaked Salesforce.com contact list have been receiving bogus e-mails that have progressively become more dangerous, culminating in the past few days in a new wave of phishing attempts that have included payloads that install viruses or key loggers, the company said in a Nov. 6 letter to customers. The contact list was […]

Quick on the heels of QuickTime being given the dubious honor of being named one of the year’s 12 scariest applications, Apple has posted security advisories for seven vulnerabilities in the media player, all of which could allow attackers to execute random code on vulnerable systems. QuickTime is a widely used plug-in for Web browsers […]

Microsoft is working with Macrovision to check out a flaw in a driver on Windows Server 2003 and Windows XP that’s being exploited in the wild, according to a Microsoft special security advisory released after business hours on Nov. 5. The danger is complete system takeover. The vulnerability is in the Macrovision secdrv.sys driver on […]

The list of applications that Apple’s new Mac OS X Leopard operating system cripples or kills is growing. Heise Security—which on Oct. 29 warned that Leopard’s firewall is deactivated upon installation—on Nov. 5 reported that maybe it’s a good thing it’s deactivated by default, given that the firewall is tripping up programs by digitally signing […]

Several pornography sites are loading a Trojan disguised as a video codec required to view content on Macs—the first Mac-targeted malware exploit to be spotted in the wild and validation of security researchers’ long-maintained prediction that, sooner or later, the rationale for Mac security smugness would rub off. “[Users infected by visiting questionable Web sites] […]

Since January 2005, there have been 167.7 million records containing sensitive personal information exposed by security breaches, according to a running total kept by the Privacy Rights Clearinghouse. The question is, How does this information get out there? Loss or theft of a physical object forms by far the largest hole in data security. According […]

They may be hiding beneath your bed or in the darkest corners of your business, but you know them when you smell them: applications so popular youd have to break users fingers to stop them from creeping into the network. Without further ado, the list of the years Top 12 popular applications with critical vulnerabilities, […]

Al Qaeda plans to launch an electronic Jihad on Nov. 11, attacking Western, Jewish, Israeli, Muslim apostate and Shiite Web sites, according to an unconfirmed report. The report comes from DEBKAfile, an Israeli an online military intelligence magazine, which said on Oct. 30 that their counter-terror sources had picked up a special Internet announcement in […]

Frustrated malware authors are duping people into decoding legitimate site CAPTCHA images for them with the help of a striptease. Trend Micro has identified the program as TROJ_CAPTCHAR.A, a striptease game wherein the player enters the letters hiding within a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) image. For each […]