Cybercriminals are taking a page from the software-as-a-service playbook: they're now selling exploit kits complete with hosting services, with customers paying for the length of time the exploits are actively infecting computers.
Oracle's MySQL.com customer website was apparently compromised over the weekend by a pair of hackers who publicly posted usernames, and in some cases passwords, of the site's users.
A Russian security company plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher.
A flurry of software vulnerabilities found in a variety of industrial control systems has prompted vendors to begin developing patches, following a warning by the U.S. government's Computer Emergency Readiness Team (CERT).
An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks.
The Black Hat Europe conference in Barcelona next week will feature a keynote on cyberwar from Bruce Schneier, and presentations on security flaws in Apple's Mac OS X and SAP's business software.
Google's latest update for its Android mobile OS appears to already have been subverted by hackers, according to the security vendor Symantec.
A new round of antivirus testing found some products fail to detect malware that tries to infect a computer via a different attack vector, such as through a local network fileshare or a USB drive.
The battle against groups of hacked computers known as botnets is suffering from a lack of coordination, resulting in a cybercrime industry worth more than US$10 billion worldwide annually, according to a report from a European Union security agency.
Google will build new safeguards into Android Market, its application store for the Android mobile OS, following an attack that infected thousands of phones and forced the company to wipe the malware remotely from phones, it said late Saturday.
Four men who ran what U.K. police say was the largest English-language criminal forum for selling stolen credit card numbers and the tools to steal data were imprisoned for a combined total of more than 15 years, according to the Metropolitan Police.
More than 50 applications containing malware have been discovered in Google's application market for its Android mobile OS, a sign that hackers are hard at work trying to compromise mobile devices.
A version of the Zeus malware that intercepts one-time passcodes sent by SMS (Short Message Service) is targeting customers of the financial institution ING in Poland.
<strong>DON'T shortchange remediation.</strong> Surprisingly, organizations will perform vulnerability scans, or hire someone to conduct a scan, get a report and then not follow through. They may cherry-pick one or two critical items and neglect the rest. The result is that the organization has spent time and money without doing much for its security.
Google is developing a set of extensions for Java that should aid in better securing Java programs against buffer overflow attacks.