Sign up for our newsletter.

I agree to this site's Privacy Policy.

Security News

Microsoft's August Patch Brings 11 Security Fixes

Remote code execution and information disclosure risk are the main problems addressed with this patch cycle.

Analyst: Beware of the Google Gadgets

One fun thing about the interactive world of Web 2.0 is the online applications you can take advantage of, such as Google Gadgets.

Seven Critical Fixes Expected on Tuesday

Microsoft's Patch Tuesday security rollout next week will be expected to have 12 total fixes, with seven deemed "critical."

DNS May Be Patched, but Danger Still Lurks

We dodged a bullet last month -- the discovery of a fundamental flaw in the Domain Name System, Dan Kaminsky told a standing-room only (and some sitting on the floor) crowd at the Black Hat Briefings Wednesday.

Coreflood Trojan Stole 500G of Personal Financial Data

A cache of stolen data gathered from a botnet that has been quietly sweeping up information for years contained the user names and passwords for 8,485 bank accounts.

Black Hat Researchers Overcome Security Learning Curve

The Black Hat Briefings return to Caesars Palace this week with a new batch of hands-on security research for a crowd of 4,000 IT administrators, hackers, industry experts and government officials.

Security Woes Up, as PHP and OSS Make the List

A study finds most software vulnerabilities are reported by IBM, Microsoft and Apple, and Web apps are a leading point of attack.

Virtualization Showdown at Black Hat

Next week at the Black Hat conference in Las Vegas, security researcher Joanna Rutkowska promises to demonstrate how a malicious attacker, working remotely, could take control of the open-source Xen virtualization software.

Apple Reacts to Spoof Threats, Issues DNS Hotfix

The company issued patches for its OS and server products to address Domain Name Server vulnerabilities.

First Instance of New DNS Exploit Reported

Reports are coming in that an AT&T Domain Name System (DNS) server may have been compromised with malicious code that exploits a vulnerability reported earlier this month. This apparently is the first instance of the exploit in the wild.

WebLogic Security Hole Found

A recently uncovered flaw with the Oracle WebLogic server allows users to gain entry to the software's server without a user name or password.

DNS Problem Is 'Important' To Patch, Microsoft Says

The company issued a reminder to patch a Domain Name System flaw affecting some Windows products.

Most Malware Found on Trusted Web Pages, Report Says

Sites such as Facebook, LinkedIn and represent vectors for attack.

DNS Flaw Unfixed as Experts Argue Protocol

Speculation continues as to what the ultimate systemic Domain Name System (DNS) flaw could be.

Microsoft's DNS Fix Leads to More Problems

The blogosphere is awash with talk about the possible overall weakness of the Domain Name System (DNS) architecture.

Open Source Needs Better Security Focus, Study Says

The open source software community lags behind the commercial software sector in secure code development, according to a recent study of some commonly used open source packages.

Compliance, New Threats Drive Security Spending

Enterprise security is an expensive proposition, one that's likely to get even more expensive as organizations take further steps to protect themselves.

Microsoft's $60B Year-End Revenue Dogged by Search Costs

Microsoft's fiscal fourth-quarter and 2008 year-end financial results were announced in a Webcast on Thursday.

Government, Health Care Web Sites Attacked

A scan of Web servers by Internet security company Finjan Inc. has found more than 1,000 legitimate Web sites that had been compromised by a new wave of attacks in recent weeks.

Oracle Releases Critical Updates

Oracle databases 9i through 11g, Oracle Application Server, Oracle PeopleSoft Enterprise CRM among products patched.