Google plugs 'high risk' WebKit holes in Chrome
Ryan Naraine: Google has shipped a Chrome browser update to fix two serious security issues in WebKit. According to Google Chrome program manager Mark Larson, the most serious of the two flaws could allow hackers to execute harmful code in the browser’s sandbox.? It is rated “high severity.” From Google’s advisory: A memory corruption issue exists in WebKit’s handling [...]
Thu Jun 11 07:50:24 PDT 2009
Mac OS X malware posing as fake video codec discovered
Dancho Danchev: Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object found at a bogus Macintosh PortTube site. The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack [...]
Thu Jun 11 01:15:27 PDT 2009
Overall spam volume unaffected by 3FN/Pricewert's ISP shutdown
Dancho Danchev: Following last week’s shutdown of 3FN/Pricewert’s operations by the FTC, wishful thinkers expected a major decline in the overall spam volume, with botnet masters once again caught off guard just like it happened in November, 2008 with McColo’s shutdown. However, according to numerous vendors that doesn’t seem to be the case.? The short-lived 15% drop in [...]
Wed Jun 10 13:37:23 PDT 2009
Adobe patches 13 critical Reader, Acrobat vulnerabilities
Ryan Naraine: Adobe has issued its first ever scheduled quarterly update for its Reader/Acrobat product line, a mega-patch covering 13 documented security vulnerabilities. The patches address “critical vulnerabilities” in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions.? “These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected [...]
Tue Jun 09 15:07:43 PDT 2009
Microsoft patches 31 Windows, IE, Office security holes
Ryan Naraine: Microsoft’s batch of patches this month is a big one: 10 bulletins covering a total of 31 documented vulnerabilities affecting the Windows OS, the Internet Explorer browser and the Microsoft Office productivity suite (Word, Works and Excel). Five of the 10 bulletins are rated “critical,” Microsoft’s highest severity rating.? Among the patches this month are fixes [...]
Tue Jun 09 11:08:52 PDT 2009
Cybercriminals hijack Twitter trending topics to serve malware
Dancho Danchev: A currently ongoing malware serving campaign across Twitter, is continuing to abuse the momentum offered by Twitter’s trending topics in order to trick users into visiting bogus exclusive video sites and infect them with malware. The campaign, spreading since last week, is relying on a growing number of automatically registered bogus Twitter accounts, which combine trending [...]
Tue Jun 09 10:47:02 PDT 2009
Apple Safari jumbo patch: 50+ vulnerabilities fixed
Ryan Naraine: Apple has shipped a whopper of a Safari browser update to fix more than 50 vulnerabilities, some rated extremely critical. The latest fixes, available in the new Safari 4.0, corrects a wide range of code execution and denial-of-service vulnerabilities and even comes with a fix for the vexing “clickjacking” issues plaguing modern Web browsers. [ SEE: Webcam [...]
Mon Jun 08 13:17:43 PDT 2009
[Sponsored]
Mon Jun 08 13:17:43 PDT 2009
Malware poses as fake Yellowsn0w iPhone unlocker
Dancho Danchev: Researchers from Malware-database.net are reporting on a newly discovered malware posing as a bogus iPhone unlocker, promising a working Firmware 2.2.1 yellowsn0w exploit as a social engineering tactic. The (now down) — Wordpress blog yellowsn0w221.wordpress.com was promoting Yellowsn0w-iPhone-Unlock-3G-2-2-1-final.exe at the following IP 74.52.118.244 which is now returning a reported attack site image, presumably in an attempt [...]
Mon Jun 08 11:48:48 PDT 2009
Microsoft study debunks profitability of the underground economy
Dancho Danchev: Cybercrime, what cybercrime and millions of dollars in profits?! A newly released paper presented by Cormac Herley and Dinei Florencio at this year’s? Workshop on the Economics of Information Security 2009 entitled “Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy” debunks the often taken for granted profitability of the underground [...]
Fri Jun 05 14:44:07 PDT 2009
Adobe piggybacks on Microsoft Patch Tuesday
Ryan Naraine: Adobe’s first ever quarterly patch for the Reader and Acrobat product lines is set for June 9, the same day Microsoft is scheduled to deliver its batch of security updates. As previously announced, Adobe plans to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday, June [...]
Fri Jun 05 09:28:30 PDT 2009
No comments:
Post a Comment