Compliance, Privacy and Security News As It Happens, Every 30 Minutes - Regular Global News on Compliance and Privacy

Adobe Systems has released Adobe Reader and Acrobat 9.4.7 in order to patch two vulnerabilities that are being actively exploited in attacks against companies from the defense industry.

One of the security flaws, identified as CVE-2011-2462, was announced on Dec. 6 after Lockheed Martin's Computer Incident Response Team and members of the Defense Security Information Exchange reported it to Adobe.

Documents filed in response to a U.S. lawmaker's request show that Sprint is by far the biggest user of Carrier IQ's software, with more than 26 million handsets featuring the controversial mobile tracking tool.

Android devices are already the most-used mobile devices in the enterprise, accounting for 40 percent of the market, claims cloud security firm ZScaler, based on surveying the traffic through its cloud service. When I saw that data, I simply didn't believe it. Apple's iOS-based iPhone is the top mobile device in businesses these days, having surpassed the former leader, Research in Motion's BlackBerry, this year. At least that's what every other survey I've seen shows.

There are a lot of good IT pros who earnestly want to help their employer do well by providing and maintaining the technology systems that conduct so much of business today. Then there are those who are the company's enemies, whether they realize it or not.

iBahn, a provider of Internet services to some 3,000 hotels worldwide, denied on Thursday a news report that its network was breached by hackers.

Bloomberg wrote that a highly skilled group of hackers based in China, which U.S. investigators have called "Byzantine Foothold," attacked iBahn, citing unnamed sources, including one U.S intelligence official.

Microsoft today said it will silently upgrade Internet Explorer (IE) starting next month, arguing that taking the responsibility out of the hands of users will keep the Web safer.

The move is an acknowledgement by Microsoft that Google's model -- its Chrome browser has updated in the background without user involvement since it debuted more than three years ago -- is the right one.

Don't tell my daughter I was talking about her behind her back, OK? A couple of weeks ago, she spilled a drink on her MacBook Pro's keyboard. We've all done that. It happens. But as we discussed the damage, I assured her that, worst case, she could move her backed-up files to her new machine. Back up? Uh oh. Not only does she not back up, but the Wi-Fi network in her apartment is not secured and she uses the same weak passwords over and over.

A security testing firm today said a recent report that named Google's Chrome as the most secured browser was flawed -- and part of a campaign by Google to undermine Mozilla's Firefox.

The work done by Denver-based security consultancy Accuvant, which released a report last week naming Chrome as more secured than either Firefox or Microsoft's IE (Internet Explorer), was paid for by Google.

In 2011 the number of critical vulnerabilities in Microsoft software fell to its lowest level in six years. In addition, data from IBM shows fewer vulnerabilities overall are being exploited by security researchers and attackers.

Google has released Chrome 16, a new stable version of its Web browser that addresses 15 high- and medium-risk vulnerabilities.

Four of the security flaws patched in this release stem from errors in Chrome's built-in PDF parser, which is based on Foxit's PDF SDK (software development kit).

Microsoft Tuesday issued 13 security updates, one less than expected, that patched 19 vulnerabilities in Windows, Internet Explorer (IE), Office, and Windows Media Player.

The company punted on one bulletin it had planned to deliver today after SAP told it that the patch broke some of its software.

A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.

Dubbed the Nitro attacks, the gang's original industrial espionage efforts began sometime in July and lasted until September. The attackers' modus operandi involved sending emails that carried a variant of the Poison Ivy backdoor and were specifically crafted for each targeted company.

Microsoft has quietly launched a support website where experts charge $99 for one- or two-hour sessions designed to rid PCs of malware, speed up a machine, or solve problems with Windows or Office.

Answer Desk debuted with no fanfare from Microsoft, which has not deigned to mention the new service in a press release or promote it on the front page of its domain, or even, surprisingly, on its consumer-slanted Windows website.

A reported vulnerability in Windows Phone causes its messaging features to be disabled after the device is sent a specific SMS or chat message.

The bug was reported to the blog Winrumors by Khaled Salameh, wrote Tom Warren, who runs the Microsoft-focused website. Warren wrote that both are in the process of notifying Microsoft.

The FBI has denied a request for the release of information regarding its use of Carrier IQ's software, saying that releasing the information could interfere with ongoing law enforcement operations.

The response does not make it clear whether the agency is using Carrier IQ for investigative purposes, or whether the documents it has, are related to an investigation of the controversial software.

Over the past couple of years, DDoS attacks haven't just become more sophisticated -- they've gone mainstream to the point that attackers aren't shy about using them brazenly in the name of social and political activism.

Google has removed nearly two dozen malware-infected apps from its official Android Market in the last several days, a security company said Sunday.

So far this year, Google has yanked more than 100 malicious Android apps from its download distribution channel.

For the past 25 years, a war has waged between malicious programmers and the researchers trying to make computing safe for the enterprise. The battle has shown no signs of subsiding ? once a new countermeasure is deployed, the hackers find new ways to make IT worried.

The so-called framebusting mechanism implemented in browsers to help websites prevent clickjacking attacks doesn't live up to expectations, according to Google security engineer and Web security researcher Michal Zalewski, who released proof-of-concept code to demonstrate it.

Last week Microsoft released (or perhaps I should say re-released) a beta version of Windows Defender Offline, a seriously useful tool for r