After having its command-and-control server shut down, the Madhi (Messiah) malware is back with improved features, warns Kaspersky Lab.

The US National Institute of Standards and Technology (NIST) has issued a scoring system for computer security managers to assess the severity of security risks caused by software misuse.

One of the three finalist entries for Microsoft’s first-ever BlueHat Prize for building new security defense technologies is now part of the software giant’s free Enhanced Mitigation Experience Toolkit (EMET).

Close to 15% of medical device recalls by the US Food and Drug Administration (FDA) between January 2009 and May 2011 involved software problems, which could pose privacy risks to patient data, according to a study funded by the US Department of Health…

Siemens has patched a number of security holes in its SIMATIC supervisory control and data acquisition (SCADA) systems, according to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

European Union (EU) regulators have a reached an “understanding” with Google over concerns about anti-competitive behavior on the part of the search engine giant.

The free open-source web application firewall known as ModSecurity – once just an Apache plug-in – now also plugs directly into IIS and Nginx web servers, and is particularly good for virtual patching.

Earlier in May it was found that Citadel was delivering the Reveton ransomware. Now Trusteer has discovered it delivering a children’s charity scam to Facebook users.

Mac security firm Intego was the first to sound the alarm yesterday, calling the newly discovered trojan Backdoor:OSX/Crisis. Today Sophos issues its own warning about OSX/Morcut.A – which seems to be the same malware.

The US Federal Trade Commission (FTC) is warning that unauthorized charges on wireless phone bills, known as “cramming”, are becoming an increasingly serious problem for US consumers.