Compliance, Privacy and Security News As It Happens, Every 30 Minutes - Regular Global News on Compliance and Privacy

Of the 135 people Fortune 500 employees targeted by social engineering hackers in a recent contest only five of them refused to give up any corporate information whatsoever. And guess what? All five were women.

Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test,

In 2008, antivirus firm Sophos processed about 20,000 "new" pieces of malware every day.

Spam hit an all-time high this year, with more unwanted messages pouring in from a smorgasbord of countries, thanks in part to globalization. Such are the findings of a recent and comprehensive report on all things security-related from IBM X-Force.

Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread "DLL load hijacking" attacks.

Also on Tuesday, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications.

Virtual appliances are great for the same reasons physical appliances took the IT world by storm: They make deployment a snap -- even instantaneous -- while at the same time reducing costs. It's a formula that made hardware-based appliances immensely popular for network security, backup, storage networking, file services, email, and many other single-focus solutions.

A botnet shutdown makes for a great story.

Google on Monday said that a recent report claiming it failed to patch a third of the serious bugs in its software had the facts wrong.

IBM's X-Force security company, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated "critical" or "high" in its online services.

Scammers are trying to take advantage of the fact that many users will soon have to update their version of the TweetDeck Twitter software.

On Monday, TweetDeck warned that some Twitter messages were advising people to upload an untrustworthy executable file, called tweetdeck-08302010-update.exe.

In security circles, the talk on mobile centers around mobile management, protecting access to and use of corporate information by smartphone users. This summer's iOS 4 has been a game-changer for most IT organizations, giving the Apple iPhone, iPad, and iPod Touch security capabilities equivalent to those of Windows Mobile and meeting the needs of most BlackBerry users, ending the main objection at many companies for allowing iOS devices in.

The Windows DLL library loading vulnerability is gaining hacker attention. Although no one can accurately predict the next "big one," malicious cyber fiends are likely to use this exploit method against innocent computer users.

Cisco has fixed a bug in its IOS (Internetwork Operating System) router software that contributed to a brief Internet blackout last week, thought to have affected about 1 percent of the Internet.

Anyone who was ever concerned by the concept of hacking conventions such as Black Hat -- which has evolved into a reputable venue for security defenders -- should

Earlier this week I wrote in Tech Watch about a whole new class of Windows zero-day vulnerabilities, warning that a wave of attacks would arrive soon.

A new version of the malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said Thursday.

"A new era has officially dawned; the era of x64 rootkits," said Prevx researcher Marco Giuliani in a post to the company's blog yesterday.

Individual hackers can hurt national computer systems. Attackers have the advantage over defenders. Attributing attacks to specific groups is difficult.

Looking to broaden access to its security practices for software development, Microsoft plans to shift the licensing for its Security Development Lifecycle (SDL) documentation to the more accessible Creative Commons License, the company said on Thursday.

SDL is Microsoft's blueprint for incorporating security into applications. It has been available under an exclusive Microsoft license.

Sun is the king of unpatched software vulnerabilities followed closely by Microsoft and Mozilla, according to the mid-year security report by IBM's X-Force.

Some of the world's most popular Windows programs are vulnerable to a major bug in how they load critical code libraries, according to sites tracking attack code.

Among the Windows applications that can be exploited using a systemic bug that many have dubbed "DLL load hijacking," are the Firefox, Chrome, Safari and Opera browsers; Microsoft's Word 2007; Adobe's Photoshop; Skype; and the uTorrent BitTorrent client.

Gripe Line reader Scott recently sent out a challenge to find out what's going on with all those pesky Adobe Reader updates.

"The frequency of these updates is getting quite ridiculous," he laments. "This is worse than Microsoft ever was before they started their monthly updates. Can someone please find out why they are sending out so many updates lately?"