A new targeted email attack is exploiting interest in the Iranian nuclear program to trick people into opening booby-trapped Word documents that exploit a known Flash Player vulnerability to install malware.
Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense said in a blog post on Monday.
A user has hacked into the official GitHub-hosted Ruby on Rails code repository and bug tracker on Sunday in order to show the Rails development team how serious a vulnerability was.
Concern about cyberterrorism was evident this week among security experts at the RSA security conference in San Francisco, who find that some people with extremist views have the technical knowledge that could be used to hack into systems.
Consumer desire for unnecessary features has encouraged the development of insecure and unreliable software products, said Tenable Network Security CSO Marcus Ranum, during a debate on Wednesday about software liability at the RSA security conference in San Francisco.
Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference on Wednesday.
The number of malware threats that receive instructions from attackers through DNS is expected to increase, and most companies are not currently scanning for such activity on their networks, security experts said at the RSA Conference 2012 on Tuesday.
Security firm Secunia expects a reaction from vendors as it plans to repackage security updates for hundreds of applications into its own proprietary installer and deliver them through the new version of Personal Software Inspector (PSI).
Malware authors are increasingly adopting flexible domain generation algorithms (DGAs) in order to evade detection and prevent their botnets from being shut down by security researchers or law enforcement agencies.
Organizations that look to protect themselves against attacks launched by the Anonymous hacktivist collective should make sure that their Web applications are secure before deploying anti-DDoS (distributed denial-of-service) solutions, says security firm Imperva in a new report.
A proposal drafted by Microsoft, Google and Netflix to add support for encrypted media playback in HTML5, has sparked a <a href="http://lists.w3.org/Archives/Public/public-html/2012Feb/0273.html">debate</a> on the W3C (World Wide Web Consortium) HTML public mailing list.
Avast Free Antivirus 7 is set to be released on Thursday and will have new features including cloud-based updates, remote assistance and file reputation.
Cybercriminals are using a modified version of the ZeuS computer Trojan that no longer relies on command and control (C&C) servers for receiving instructions, according to Symantec security researchers.
Exploit code targeting a newly identified vulnerability in Symantec's pcAnywhere computer remote control product has been published on the Internet, exposing its users to possible attacks that disrupt the software's functionality.
A team of researchers has devised a method to defeat NuCaptcha, one of the most popular video-based antispam tests on the Internet, and have proposed a solution to increase its resilience to attacks.