Skip the navigation

Malware and Vulnerabilities Topic Center

Get the latest news, advice and in-depth analysis on malware, including information on viruses, worms, Trojans and zero-day vulnerabilities

Malware and Vulnerabilities News

Update: Microsoft pulls crippling patch from Windows Update

Although Microsoft has pulled a patch from Windows Update that crippled some computers, it is still pushing a truncated version of the security update that contained the flawed fix.
Read more...

Microsoft urges customers to uninstall 'Blue Screen of Death' update

Microsoft is quietly recommending that customers uninstall one of last week's security updates after users reported that it crippled their computers with the infamous "Blue Screen of Death."

Grocery stores in multiple states hit by data breach

A data breach at Supervalu Inc., one of the largest grocery wholesalers and retailers in the U.S., could affect thousands of people who shopped at the company's stores in June and July.

Heartbleed software flaw exposes weaknesses in hardware design

Heartbleed may have been a software bug, but it highlighted glaring weaknesses in existing hardware architectures, which remain vulnerable to memory-bound attacks, a university researcher said this week.

Google broadens its malware sleuthing to sniff out deceptive downloads

Google is expanding its safe browsing technology to notify Web users of downloads that appear benign, but actually make unwanted changes to their computers.

The biggest iPhone security risk could be connecting one to a computer

Apple has done well to insulate its iOS mobile operating system from many security issues, but a forthcoming demonstration shows it's far from perfect.

BlackBerry patches vulnerabilities in BlackBerry OS, enterprise server software

BlackBerry's focus on strong security as a key differentiator for its devices does not mean that they're completely free of flaws. The company released security updates Tuesday for both the OS running on its smartphones and for its enterprise server software.

Snowden reveals automated NSA cyberwarfare program

The U.S. National Security Agency has a cyberwarfare program that hunts for foreign cyberattacks and is able to strike back without human intervention, according to NSA leaker Edward Snowden.

Users told to patch critical flaw in Adobe Reader and Acrobat

Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.

Malware no longer avoids virtual machines

Many malicious software programs used to make a quick exit on virtual machines, a tactic designed to avoid a security check. But that isn't the case anymore, according Symantec research.

Malware and Vulnerabilities In Depth

Kicking the stool out from under the cybercrime economy

Put simply, cybercrime, especially financial malware, has the potential to be quite the lucrative affair. That's only because the bad guys have the tools to make their work quick and easy, though. Cripple the automated processes presented by certain malware platforms, and suddenly the threats -- and the losses --aren't quite so serious.

Security Manager's Journal: Peering behind the firewall

The corporate firewall is like a dike keeping out a raging sea of malware. Where does it all come from?

Security Manager's Journal: A ransomware flop, thanks to security awareness

Only one person clicks on a bad link, and she had all her files properly backed up. Maybe employees aren't a security manager's nightmare after all.

Virtual servers still face real security threats

Don't let the word "virtual" in virtual servers fool you. You're the only one who knows it's virtual. From the perspective of the virtual server itself, the devices connected to it, applications running on it, end-users connecting to it, or security threats trying to compromise it, the server is very, very real. A new survey from Kaspersky Labs found that many IT professionals understand that securing virtual environments is important, but don't fully understand the threats or how to properly defend against them.

11 signs you've been hacked -- and how to fight back

Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned

Kenneth van Wyk: We can't just blame users

Yes, users sometimes do stupid things. Some always will. But developers need to do more to save users from themselves.

Heartbleed still matters, and we're all partly to blame

Extremely weak passwords make us vulnerable, but there are ways to create passwords you'll remember and yet are hard to crack. (Insider; registration required)

Security Manager's Journal: We manage our threats, but what about our vendors?

We've all learned that we're no safer than our least safe partner on our networks.

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.

Dark Wallet--Threat or No Threat?

The Fuss About Dark Wallet