Browsing Author: Ryan Naraine

Video: Take a Look Inside Adobe’s Bug Patching Program

In this video, courtesy of Kaspersky’s Lab Matters, Ryan Naraine talks with  David Lenoe, Head of the Product Security Incident Response Team, Adobe, about that company’s process for responding to security vulnerabilities in its products.

Read more...

Microsoft Readies ‘Critical’ Windows, IE Patches

Categories: Vulnerabilities

As part of this month’s Patch Tuesday schedule, Microsoft plans to ship a dozen bulletins with fixes for 22 vulnerabilities, some serious enough to allow hackers complete access to a vulnerable Windows machine.According to Microsoft’s advance notice, three of the 12 bulletins will carry be rated “critical,” the company’s highest severity rating.

Read more...

Facebook Kills Firesheep With New Secure Browsing Feature

Facing a wave of criticism for not offering a secured browsing option, Facebook has finally added a new feature to browse the popular social network on a secure connection (https).

Read more...

Twitter Worm Uses Google URL Shortener to Spread Scareware

Categories: Malware, Vulnerabilities

A fast-moving Twitter worm is in circulation, using Google’s goo.gl redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign.At 8:45 a.m EST today, this Twitter search shows thousands of Twitter messages continuing to spread the worm.

Read more...

MS Patch Tuesday Heads-Up: 17 Bulletins, 40 Vulnerabilities

Categories: Malware, Vulnerabilities

[img_assist|nid=7015|title=|desc=|link=none|align=left|width=75|height=75]Microsoft is planning another massive Patch Tuesday this month: 17 bulletins with fixes for 40 security vulnerabilities.

The December batch of patches will cover security holes in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange, according to an advance notice posted Thursday.

Read more...

Google Plugs ‘High Risk’ Chrome Holes, Adds PDF Viewer in Sandbox

Google has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.

The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google’s Jason Kersey.

Read more...

Attack Code Published for Adobe Shockwave Zero Day

[img_assist|nid=7182|title=|desc=|link=none|align=right|width=92|height=92]A security researcher has released an exploit for an unpatched security vulnerability in Adobe’s Shockwave Player, warning that the flaw could be targeted to launch drive-by malware download attacks.

Read more...

Linux Kernel Flaw Coughs Up Root Rights

Categories: Vulnerabilities

[img_assist|nid=7164|title=|desc=|link=none|align=left|width=100|height=100]The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system.The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included.

Read more...