Hackers who posted a barebones proof-of-concept attack for a critical Windows vulnerability may have obtained some of the code from Microsoft or one of its antivirus partners, the bug's finder said today.

Digital Certificate Authority (CA) Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network, an action that prompted the Mozilla community to debate whether the CA's root certificate should be removed from Firefox.

An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance.

Point-of-sale payment processing devices for credit and debit cards are proving to be rich targets for cybercriminals due to lax security controls, particularly among small businesses, according to a report from Trustwave.

Security distributor, Tudor, has signed a distribution deal with Trustwave.

Visa Inc. last week sent a fraud alert to banks and payment processors warning them to look out for a "large batch settlement fraud scheme" involving a merchant account in East Europe.

As the new year gets underway, more of the big fish in the security pond are gobbling up smaller ones known for their expertise in specialized fields.

Managed security provider Trustwave has bought up independent network access control vendor Mirage Networks and will add NAC to the list of services Trustwave provides.

Managed security services have been growing in popularity over the past several years, and the latest task enterprises are looking to offload to an outside provider is security information management.