Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.

Changing the passwords on your online accounts might not sound like a fun weekend activity, but that’s what I did last weekend. Why? Because on Sunday I found out that one of my email addresses was in the list of Yahoo! logins whose passwords were exposed by sloppy handling of a credential file (an incident

Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.

If a service leaks your credentials, your options are limited, but changing all your passwords to something harder to guess/break is never a bad idea.

There are always people who want to piggy-back on the achievements of others. After ESET warned the public against ACAD/Medre.A in two blogs here and here  and issued a free standalone cleaner for remediation, there was always the possibility that drawing attention to the issue would result in the topic being misused for other purposes.

Are you one of the 50 million users of Instagram, the photo-sharing service bought by Facebook in April for $1 billion? If so you need to look out for an Instagram update to fix a vulnerability that has just been published by Spanish security researcher Sebastián Guerrero. This vulnerability, which Guerrero has dubbed the "Friendship

The Java exploit for CVE-2012-1723 is already included in the latest update of the BlackHole exploit kit.

Small businesses have their hands full these days in light of a down economy, tightening budgets and the steepening pace of business, but with nation-state hacks front and center in the threatscape, should you worry about those too, or are you (and your customers) safe? Nation-state hacks bring to mind images of large defense contractors,

First the panic, then the accusations of hype. Can we really estimate the impact of DNSchanger yet?

Some brief answers to questions about the server shutdown that will affect tens/hundreds of thousands of DNSChanger victims on 9th July.