We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
TJX Companies said 45.7 million accounts were compromised over nearly a two-year period, in an update of an investigation into a data breach of customer records. The scope of the breach, which was initially disclosed in January, is far wider than previously believed.
The massive data breach at $16 billion retailer TJX involved someone apparently armed with the chain's encryption key, but it might not have been needed as the cyber-thief was accessing data during the card-approval process before it was encrypted. These are among the latest details in what is almost certainly the worst retail data breach ever.
A new tool too dangerous to give away can turn any PC
The number of compromised computers that are part of a centrally controlled bot net has tripled in the past two weeks, according to data gathered by the Shadowserver Foundation, a bot-net takedown group. The weekly tally of bot-infected PCs tracked by the group rose to nearly 1.2 million this week, up from less than 400,000 infected machines two weeks ago. The surge reversed a sudden drop in infected systems--from 500,000 to less than 400,000--last December.
When my friend told me that they had scored one of these apartments in this new complex, my ears perked. I had read about this particular complex while researching apartments for another friend of mine. This apartment complex was modeled after a fine resort, and one of their biggest bragging points was... physical security. INSANE physical security.
Security firm SecureWorks announced on Tuesday that the firm had uncovered a previously unknown Trojan horse and its associated data cache, both which showed the increasing sophistication among data thieves.
E-mail hosting company Servers Australia was the victim of a hack attack on Friday which spammed its customers with offensive e-mails by assuming the company's domain name. A company source said the company is "almost 100% sure" the attack exploited a flaw in its Kayako security appliances which allowed the attacker to spam its users.
A researcher has demonstrated several methods that sophisticated rootkits can use to hide from even the most reliable detection method currently available -- hardware-based products that read a system's RAM. Joanna Rutkowska is a researcher with security firm Coseinc Advanced Malware Labs. She recently outlined several ways of getting around the User Account Control (UAC) feature introduced in Windows Vista. Several researchers have identified problems with UAC.
A security expert is warning database administrators about a continued loophole in database communication protocols that would allow an attacker to bypass access controls and gain access to critical files.
eBay users are being targeted by an advanced Trojan that attempts to redirect traffic so it can silently bid on a car from the auction site's car site, Symantec is warning. It is the latest security headache for eBay, which has faced an onslaught of complaints from some users who say fraud on the site has increased to unacceptable levels over the past few months.
A security expert has cracked one of the U.K.'s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.
I saw some discussion recently about using JSON for secured data, and I'm not sure that everyone understands the risks. I believe that JSON is unsafe for anything but public data unless you are using unpredictable URLs.
A little birdy floated me a copy of Joanna
An organized crime network is distributing malware that takes advantage of rootkits and a state-of-the-art HTML injection to phish consumers as they browse the web, according to a new report from VeriSign's iDefense labs.
Researchers at the Internet Storm Center say at least a few hackers have gone old school. Kevin Liston, a handler at the Internet Storm Center, wrote in an online diary Friday that there are a handful of viruses roaming around the Internet targeting USB removable media -- think thumb drives and other storage devices. Win32.Agent.WJ and VBS.Solow.E are just two of them.
Security researcher Joanna Rutkowska has demonstrated several methods that sophisticated rootkits can use to hide from even the most reliable detection method currently available - hardware-based products that read a system's RAM.
Researchers at the Internet Storm Center say at least a few hackers have gone old school. Kevin Liston, a handler at the Internet Storm Center, wrote in an online diary Friday that there are a handful of viruses roaming around the Internet targeting USB removable media think thumb drives and other storage devices. Win32.Agent.WJ and VBS.Solow.E are just two of them.
A new attack technique increases the risk of commonly found bugs in Oracle's database software, a security researcher has warned. It was previously thought that an attacker needed high-level privileges on the database to exploit so-called PL SQL injection vulnerabilities. With a new attack technique, that's no longer true, David Litchfield, a database security expert with NGS Software, said on Thursday at the Black Hat DC event here.
Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop -- it's a learning tool for security students.
The flashable memory on graphics cards and other add-on hardware could easily be used to hide malicious code on computer systems, yet still run the software at boot time, a researcher told attendees at the Black Hat DC conference on Wednesday.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
