Browsing Author: Ryan Naraine

Apple Patches Pwn2Own Flaw That Hacked Safari

[img_assist|nid=4341|title=|desc=|link=none|align=left|width=100|height=100]Apple today shipped a patch to fix the drive-by download vulnerability used by Charlie Miller (left) to hack a fully patched MacBook via the Safari browser.

Read more...

Java Zero-Day Attacks In The Wild

Categories: Malware, Vulnerabilities

[img_assist|nid=4326|title=|desc=|link=none|align=left|width=100|height=100]Just days after Google researcher Tavis Ormandy released details on a dangerous new Java vulnerability, malicious hackers have pounced and are exploiting the flaw in the wild to launch drive-by download attacks.

Read more...

Microsoft Plugs Critical Drive-By Download Holes

Categories: Malware, Vulnerabilities

[img_assist|nid=4220|title=|desc=|link=none|align=right|width=100|height=100]Microsoft today released 11 security bulletins with fixes for a total of 25 security vulnerabilities, including several flaws that expose users to browse-and-you’re-hacked (malicious drive-by download) attacks.

Read more...

Apache Foundation Hit by Targeted XSS Attack

[img_assist|nid=4280|title=|desc=|link=none|align=right|width=100|height=100]Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

Read more...

WordPress Hack Linked to Database Password Hijack

[img_assist|nid=4265|title=|desc=|link=none|align=right|width=100|height=100]Malicious hackers have found a way to hijack WordPress database credentials and use that information to redirect thousands of blogs to Web sites laden with malware.The attacks, which started last Friday, occurred mostly on WordPress blogs hosted by Network Solutions but it appears that there are multiple security weaknesses in play.

Read more...

Researchers Get Funding for New Secure Operating System

[img_assist|nid=4264|title=|desc=|link=none|align=right|width=100|height=100]Researchers at the University of Illinois at Chicago have received a $1.15 million grant from the National Science Foundation to build a new computer operating system based on virtual machines and the concept of isolation.

Read more...

Adobe Patches, Auto-Updater Coming on April 13

[img_assist|nid=4226|title=|desc=|link=none|align=right|width=100|height=100]Adobe today announced plans to ship a critical security patch next Tuesday (April 13, 2010) to fix multiple high-risk security holes in its Reader and Acrobat product lines.The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes.   The security fixes in this Reader/Acrobat patch batch will apply to Windows, Macintosh and UNIX users.

Read more...

MS Patch Tuesday Heads-up: 11 Bulletins, 25 Vulnerabilities

[img_assist|nid=4220|title=|desc=|link=none|align=left|width=100|height=100]Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix multiple vulnerabilities that expose Windows users to remote code execution attacks.

Read more...

Mozilla Warns of Unknown Root Certificate Authority in Firefox

[img_assist|nid=4171|title=|desc=|link=none|align=right|width=100|height=100]In a startling revelation, the open-source Mozilla project says that its flagship Firefox browser contains a root certificate authority that doesn’t seem to have a known owner.
It’s quite possible that this could be a legitimate root certificate that changed hands during a merger or some other transaction but the fact that Mozilla’s folks can’t seem to figure out the owner is disconcerting on many levels.

Read more...