Stories about: iDefense

As promised, Microsoft today patched six vulnerabilities in Internet Explorer (IE) and Visual Studio with the first "out-of-cycle" update since it plugged a hole last October that the Conficker worm later used to run rampant.

Apple on Monday patched 10 critical vulnerabilities in QuickTime, including one that was hinted at in a Mac hacking book three months ago.

As expected, Microsoft today patched a six week-old critical vulnerability in PowerPoint, the presentation maker that's part of the popular Office suite, using a single security update.

The hackers who launched cyberattacks against the former Soviet republic of Georgia two months ago probably had links to the Russian government, even though no hard evidence has been uncovered of official involvement, a report by an all-volunteer group of experts said Friday.

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.

Information Security can sometimes be a funny field to work in. Some days it seems as if anybody with their hands on unpublished exploit code can sell it for all they're worth, and others it seems that they are set to become the target of law enforcement and the companies the code affects. It does help if you don't work for one of the companies that is set to be affected by the exploits you are trying to sell and aren't trying to bootstrap a competing company in the process.

Microsoft issued four critical updates Tuesday that quashed 12 bugs in Office, the company's business suite, including a flaw in Excel that has been exploited by attackers for more than two months.

A rootkit that hides from Windows on the hard drive's boot sector is infecting PCs, security researchers said Wednesday. Once installed, the cloaking software is undetectable by most current antivirus programs.

The man who launched both of the security industry's major bug bounty programs Thursday defended the idea of paying for vulnerabilities, but also said he has responded to critics by putting a tighter lid on bug details to make sure they don't fall into the wrong hands.

The Windows animation bug (ANI) caused widespread concern because exploits against it became widely available before Microsoft could release a patch. But like other zero-day threats before it, there are measures companies can take to at least try to mitigate the risk from unpatched vulnerabilities, security experts said.