Browsing Author: Ryan Naraine

RSA 2010: Securosis Previews the Key Themes and Topics

Securosis analysts Rich Mogull, Adrian Lane and Mike Rothman tackle the key themes for this year’s RSA 2010 conference — virtualization/cloud security, advanced persistent threats/cybersecurity and compliance.

Read more...

FTC: P2P Networks Rife With Leaked ID Data

T[img_assist|nid=3395|title=|desc=|link=none|align=right|width=100|height=100]he Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other  peer-to-peer (p2p)  file sharing networks. The FTC put nearly 100 companies and agencies on notice that their employees appear to be regularly leaking large amounts of sensitive customer and employee data on popular peer-to-peer, or P2P, file-sharing networks.  Read the full story [The Last Watchdog]

Read more...

OpenOffice Zaps Six Security Bugs

Categories: Malware, Vulnerabilities

[img_assist|nid=3327|title=|desc=|link=none|align=right|width=100|height=100]OpenOffice.org has shipped a new version of the desktop productivity suite to patch six vulnerabilities that could expose users to malicious hacker attacks.The flaws fixed in OpenOffice.org 3.2 could be exploited via GIF, XPM files and Microsoft Word document processing, according to an advisory released by the open-source group.

Read more...

Adobe Plugs Critical PDF Code Execution Flaw

Categories: Malware, Vulnerabilities

[img_assist|nid=3290|title=|desc=|link=none|align=left|width=100|height=100]Adobe
today released an out-of-band security update to patch a pair of gaping
holes that expose hundreds of millions of computer users to remote code
execution attacks.
The vulnerabilities are rated “critical” and affect Adobe Reader and Adobe Acrobat on all platforms — Windows, Mac and Linux.

Read more...

CanSecWest Pwn2Own Hacker Contest Targets Smartphones

[img_assist|nid=3280|title=|desc=|link=none|align=left|width=123|height=84]The organizers of this year’s CanSecWest Pwn2Own have painted a big bulls-eye on mobile devices, offering up an whopping $60,000 in prizes to entice hackers to exploit vulnerabilities on iPhones, Android, Nokia and BlackBerry smartphones.

Read more...

Researchers Discover New ACH Banker Trojan

Categories: Data Breaches, Malware

[img_assist|nid=3208|title=|desc=|link=none|align=right|width=100|height=100]Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the U.S.The Trojan, dubbed “Bugat,” targets Automated Clearing House (ACH)
and wire transfer transactions by small- and mid-sized business in the U.S., much like the virulent Clampi Trojan that has stolen tens of millions of dollars.

Read more...

MS Patch Tuesday: 13 Bulletins, 26 Vulnerabilities

Categories: Malware, Vulnerabilities

[img_assist|nid=3181|title=|desc=|link=none|align=right|width=100|height=100]Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.

Read more...

Adobe Error Leaves Flash Flaw Unpatched for 16 Months

Categories: Malware, Vulnerabilities

[img_assist|nid=3176|title=|desc=|link=none|align=left|width=100|height=100]Adobe has acknowledged that an internal screw-up caused a potentially dangerous Flash Player flaw to remain unpatched for more than 16 months after it was first reported by an external security researcher.”It slipped through the cracks,” said Emmy Huang, a product manager for Flash Player. Adobe’s mea-culpa follows the public release of proof-of-concept code demonstrating a Flash Player browser plug-in crash.

Read more...

Will Google Browser Bug Bounty Entice Researchers?

[img_assist|nid=2971|title=|desc=|link=none|align=left|width=100|height=100]To entice security researchers to look for holes in the Chrome browser,
Google has announced it will pay $500 for dangerous security flaws found in the code. But
several experts say that’s not enough money to motivate skilled
vulnerability researchers. Read the full story [CNet]

Read more...

Oracle Ships Critical Out-of-Band Security Patch

[img_assist|nid=3119|title=|desc=|link=none|align=left|width=100|height=100]Oracle
has released an out-of-band patch to fix a gaping security hole in the
Oracle WebLogic Node Manager and, warning that an attacker could launch
remote attacks over a network without the need for a username and
password.

Read more...