Saturday, August 15, 2009

Your Alerts from ZDNet

Manage my alerts
Zero Day
Alerts for from | Aug 15, 2009 2:48:44 PM


Thu Aug 13 13:31:37 PDT 2009

Brazilian ID thieves using Twitter as botnet command channel

Ryan Naraine: Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation. The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots — sending new links for the infected computers to contact and new commands and executables to download and run. Here’s a [...]

Thu Aug 13 13:31:37 PDT 2009

Apple drops (another) Mac OS X security patch

Ryan Naraine: Less than a week after fixing 19 Mac OS X security vulnerabilities, Apple is on the patch treadmill again. The company released Security Update 2009-004 to fix a solitary BIND vulnerability that could lead to denial of service attacks.? Apple warns: A logic issue in the handling of dynamic DNS update messages may cause an assertion to [...]

Wed Aug 12 14:18:57 PDT 2009

Advanced Mac OS X rootkit tools released

Ryan Naraine: Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines. The tools were first discussed at this year’s Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to [...]

Wed Aug 12 13:42:10 PDT 2009

eBay warns of developer password-theft flaw

Ryan Naraine: If you are a member of the eBay Developer Program, you might want to change your password immediately. According to a warning from eBay’s Kumar Kandaswamy, a vulnerability in the service allows malicious hackers to gain information to developer accounts.? The company is strongly encouraging its user base to change passwords to the portal.?? The [...]

Wed Aug 12 09:42:21 PDT 2009

Apple plugs code execution, phishing holes in Safari browser

Ryan Naraine: Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks. The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks. Here’s a snapshot of the [...]

Wed Aug 12 06:39:04 PDT 2009

New Mac OS X DNS changer spreads through social engineering

Dancho Danchev: TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family. The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim. More info on OSX_JAHLAV.D: The Trojan contains [...]

Tue Aug 11 13:50:47 PDT 2009

Microsoft: Exploits likely for 'critical' Windows vulnerabilities

Ryan Naraine: Microsoft today dropped a mega patch bundle with fixes for several “critical” vulnerabilities affecting the Windows platform and warned that “consistent, reliable exploit code” was likely to be released within 30 days. The Redmond, Wash. software maker released nine bulletins — five rated critical — to provide cover for a total of 19 documented security vulnerabilities.?? [...]

Tue Aug 11 13:01:50 PDT 2009

Campaign Monitor hacked, accounts used for spamming

Dancho Danchev: E-mail marketing software developer Campaign Monitor warned users today of a server compromise that took place during the weekend. The compromise allowed the attackers to gain access to customer accounts, which they abused by importing their own lists of harvested emails in order to launch spam campaigns using the clean IP reputation of their servers. No [...]

Tue Aug 11 10:30:20 PDT 2009

Password-reset flaw haunts WordPress admins

Ryan Naraine: Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation. Proof-of-concept code demonstrating the problem [...]

Tue Aug 11 08:17:19 PDT 2009

Zero Day Threats RSS
Zero Day Threats
Tracking the hackers


On-Demand Video: CDW Services Overview

See how CDW can help you achieve your IT goals -- no matter the size or scope of your project -- with its best-in-class products and services.

Whitepaper | Category: Presentations


Send us your feedback here.

Sign up for more free newsletters from ZDNet! | To manage your account settings or to remove yourself from all ZDNet communications, please visit our Subscription Center.

The e-mail address for your subscription is
Unsubscribe from this e-mail | Advertise | Privacy Policy

© 2008 CBS Interactive Inc. All rights reserved.
ZDNet is a registered service mark of CBS Interactive Inc.

CBS Interactive Inc.
235 Second Street
San Francisco, CA 94105

No comments:

Post a Comment