[Sponsored]
Thu Aug 13 13:31:37 PDT 2009
Brazilian ID thieves using Twitter as botnet command channel
Ryan Naraine: Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation. The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots — sending new links for the infected computers to contact and new commands and executables to download and run. Here’s a [...]
Thu Aug 13 13:31:37 PDT 2009
Apple drops (another) Mac OS X security patch
Ryan Naraine: Less than a week after fixing 19 Mac OS X security vulnerabilities, Apple is on the patch treadmill again. The company released Security Update 2009-004 to fix a solitary BIND vulnerability that could lead to denial of service attacks.? Apple warns: A logic issue in the handling of dynamic DNS update messages may cause an assertion to [...]
Wed Aug 12 14:18:57 PDT 2009
Advanced Mac OS X rootkit tools released
Ryan Naraine: Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines. The tools were first discussed at this year’s Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to [...]
Wed Aug 12 13:42:10 PDT 2009
eBay warns of developer password-theft flaw
Ryan Naraine: If you are a member of the eBay Developer Program, you might want to change your password immediately. According to a warning from eBay’s Kumar Kandaswamy, a vulnerability in the service allows malicious hackers to gain information to developer accounts.? The company is strongly encouraging its user base to change passwords to the developer.ebay.com portal.?? The [...]
Wed Aug 12 09:42:21 PDT 2009
Apple plugs code execution, phishing holes in Safari browser
Ryan Naraine: Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks. The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks. Here’s a snapshot of the [...]
Wed Aug 12 06:39:04 PDT 2009
New Mac OS X DNS changer spreads through social engineering
Dancho Danchev: TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family. The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim. More info on OSX_JAHLAV.D: The Trojan contains [...]
Tue Aug 11 13:50:47 PDT 2009
Microsoft: Exploits likely for 'critical' Windows vulnerabilities
Ryan Naraine: Microsoft today dropped a mega patch bundle with fixes for several “critical” vulnerabilities affecting the Windows platform and warned that “consistent, reliable exploit code” was likely to be released within 30 days. The Redmond, Wash. software maker released nine bulletins — five rated critical — to provide cover for a total of 19 documented security vulnerabilities.?? [...]
Tue Aug 11 13:01:50 PDT 2009
Campaign Monitor hacked, accounts used for spamming
Dancho Danchev: E-mail marketing software developer Campaign Monitor warned users today of a server compromise that took place during the weekend. The compromise allowed the attackers to gain access to customer accounts, which they abused by importing their own lists of harvested emails in order to launch spam campaigns using the clean IP reputation of their servers. No [...]
Tue Aug 11 10:30:20 PDT 2009
Password-reset flaw haunts WordPress admins
Ryan Naraine: Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation. Proof-of-concept code demonstrating the problem [...]
Tue Aug 11 08:17:19 PDT 2009
No comments:
Post a Comment