One of the most notorious rootkits has just acquired a self-propagating mechanism that could allow it to spread to new victims, a security researcher has warned. A new version of the TDSS rootkit, which also goes by the names Alureon and TDL4, is able to infect new machines using two separate methods, Kaspersky Lab researcher …

A malware analyst has deconstructed a highly advanced piece of crimeware believed to be the work of the notorious Russian Business Network The step-by-step instructions for reverse engineering the stealthy ZeroAccess rootkit is a blow to its developers, who took great care to make sure it couldn't be forensically analyzed. The …

Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked …

A former NASA scientist who helped discover evidence of water on the moon has been arrested on charges he tried to sell Israel classified information about US military satellite systems. Stewart Nozette, 52, of Maryland, was arrested in a sting in which an FBI agent posed as an Israeli intelligence officer. According to …

A Pennsylvania organization that helps develop affordable housing learned a painful lesson about the hazards of online banking using the Windows operating system when a notorious trojan siphoned almost $480,000 from its account. News reports here and here say $479,247 vanished from a bank account belonging to the Cumberland …

Microsoft has released a general-purpose software tool for assessing the security of applications, part of a growing suite of free offerings designed to help third-party developers design safer programs. Microsoft Minifuzz is a lightweight file fuzzer, a type of tool that detects software bugs by throwing random data at an …

Comment Apple is once again playing security catch-up to the rest of the computing world, this time with an update for the Leopard version of its Mac operating system that patches critical holes in Java that were fixed on competing systems 29 days ago. The patch updates Leopard to Java versions 1.6.0_15, 1.5.0_20, and 1.4.2_22, which …

Apple Engineers missed a key opportunity to implement an industry-standard technology in their latest operating system that would have made it more resistant to hacking attacks, three researchers have said. Known as ASLR, or address space layout randomization, the measure picks a different memory location to load system …

Apple is dipping yet another toe into the anti-malware pond with a feature in the latest beta version of its forthcoming Snow Leopard operating system. The protection was quietly added earlier this month to Snow Leopard 10A432, the most recent build of the new version of Mac OS X that is due for release this Friday, according …

Federal authorities have charged a previously indicted hacker with breaching additional corporate computers and stealing data for at least 130 million credit and debit cards, the biggest identity theft case ever prosecuted in the United States. Albert "Segvec" Gonzalez and two unnamed Russians were indicted on Monday for …

Black Hat Update: Apple says it has patched the vulnerability described below. The full story is here Researchers have uncovered a bevy of vulnerabilities in smart phones made by multiple vendors, including one in Apple's iPhone that could allow an attacker to execute malicious code without requiring the victim to take any action at all …

On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick. The file posted on security mailing lists claimed to have …

Microsoft issued two emergency updates on Tuesday to fix critical security bugs that leave users of Internet Explorer and an untold number of third-party applications vulnerable to remote attacks that completely commandeer their computers. Most of the vulnerabilities are located in Microsoft's ATL, or Active Template Library, …

Researchers may have figured out how to bypass a common technique Microsoft and other software makers have used to fix hundreds of security vulnerabilities over the past decade, according to a brief video previewing a talk scheduled for later this week at the Black Hat security conference. The video, posted here by security …

Microsoft plans to issue two emergency patches next week that fix vulnerabilities in the Internet Explorer browser and Visual Studio developer suite that allow attackers to remotely execute malware. The patches, which will be delivered on Tuesday, will be only the third time Microsoft has issued an out-of-band security patch …

A breach at Network Solutions has exposed details for more than 500,000 credit and debit cards after hackers penetrated a system it used to deliver e-commerce services and planted software that diverted transactions to a rogue server, the hosting company said late Friday. The unauthorized software was in place from March 12 to …

Online criminals are targeting a previously unknown vulnerability in the latest versions of Adobe's ubiquitous Flash Player that allows them to take complete control of end users' computers, security researchers warn. Although the exploit can be triggered using malicious PDF files opened by Adobe's Reader application, a more …

A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made by Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it. The remote root vulnerability affects the most recent version of DD-WRT, a piece of firmware many …