Malware targeting point-of-sale (POS) systems has been a major trend for the last six months. With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems.
Virus Bulletin's Technical Director John Hawes takes a look....
Claims are made that the Aurora hackers weren't just Chinese-sponsored hackers bent on messing with Tibetan activists.
Rather it was a Chinese counterintelligence operation that sought to discover if the US had uncovered the identity of clandestine agents operating within its borders.
The latest entrant into the scary-infrastructure category comes from a technology that feels like it should be warm and fuzzy and definitely should not contribute to your personal and financial details getting ripped off.
Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
LulzSec are about to be sentenced, which will tell us what the judge thinks.
But why not tell us what you think, right here, right now?
Just about every security company publishes some sort of prevalence data - those little bar charts and top tens showing the most important and widespread threats. The raw data behind these easy-to-consume representations can be very useful to security experts and testers.
Four members of the notorious LulzSec hacking gang, who attacked websites belonging to the likes of the CIA, the NHS and the Serious Organised Crime Agency (SOCA), are due to be sentenced by the UK authorities.
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Microsoft's Patch Tuesday for May 2013 will be published in the coming week.
Paul Ducklin points out what to prepare for...
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware.
Paul Ducklin takes a quick look at the attack...
Vulnerability researchers at Core Security recently turned their attention on internet-enabled cameras, finding lots of holes.
And when security holes arise from features, not bugs, you really do feel like shouting aloud, "What WERE they thinking?"
Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.
Who could possibly be interested in targeting their computers?
Award-winning security blogger Brian Krebs is loved by everyone on the internet... apart from the criminals.
Find out what they're saying about him in their latest version of the Redkit exploit kit.