Browsing Author: Ryan Naraine

Mozilla Admits Malware Sneaked into Firefox Add-ons

Categories: Malware, Vulnerabilities

[img_assist|nid=3101|title=|desc=|link=none|align=right|width=100|height=100]Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.The browser add-ons, described my Mozilla as “experimental,”  contained a Trojan horse that executed when Firefox started and infected the host computer.

Read more...

Microsoft to Patch 26 Windows, Office Vulnerabilities

Categories: Malware, Vulnerabilities

[img_assist|nid=3087|title=|desc=|link=none|align=left|width=100|height=100]Microsoft’s February batch of security patches will be a biggie — 13 bulletins with fixes for a whopping 26 vulnerabilities.

According to an advance notice from the Redmond, Wash. software
vendor, five of the 13 bulletins will be rated “critical” because of
the risk of remote code execution attacks.

Read more...

Microsoft Confirms New IE Data Leakage Flaw

Categories: Malware, Vulnerabilities

[img_assist|nid=3068|title=|desc=|link=none|align=left|width=100|height=100]Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files
with an already known filename and location.The vulnerability was first discussed at this week’s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security
Technologies.   Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature.

Read more...

Oracle Hacker Gets the Last Word

[img_assist|nid=3049|title=|desc=|link=none|align=right|width=100|height=100]Database security expert David Litchfield
has unveiled a critical,
unpatched vulnerability in Oracle’s 11G database software that allows a hacker to take control of an
Oracle database and access or modify information at any security level. Two sections of code within the company’s database
application — one that allows data to be moved between servers and
another that allows management of Oracle’s implementation of java — are
left open to any user, rather than only to privileged administrators.
Those vulnerable subroutines each have their own simple flaws that
allow the user to gain complete access to the database’s contents.  Read the full story [Forbes]

Read more...

Apple Plugs Critical iPhone Security Holes

[img_assist|nid=3033|title=|desc=|link=none|align=left|width=100|height=100]Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks. The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files.

Read more...

Top 5 Social Networking Business Threats

Social networking sites are ideal havens for online criminal activities as they provide a combination of two key factors: a huge number of users and a high-level of trust among these users, cautioned a security specialist. ZDNet Asia spoke to industry experts who highlight the top five security threats enterprises should be mindful about when using social networking sites. Read the full story [ZDNet]

Read more...

Google Joins The ‘Kill-IE6′ Campaign

Categories: Malware, Vulnerabilities

[img_assist|nid=2992|title=|desc=|link=none|align=left|width=100|height=100]Google has announced that Google Docs will drop support for Microsoft’s nearly nine-year-old Internet Explorer 6 (IE6) browser starting on March 1.Ironically, if Google had taken its anti-IE6 advice to heart before hackers broke into its corporate network last year, it might not now be mulling whether to abandon the Chinese search market. Read the full story [ComputerWorld]

Read more...

Researcher to Reveal More Internet Explorer Problems

Categories: Vulnerabilities

[img_assist|nid=2921|title=|desc=|link=none|align=left|width=100|height=100]Microsoft’s Internet Explorer (IE) could inadvertently allow a hacker to read files on a person’s computer, another problem for the company just days after a serious vulnerability received an emergency patch.  Read the full story [IDG News Service]

Read more...

Researcher Warns of Twitter Security Flaw

[img_assist|nid=2860|title=|desc=|link=none|align=right|width=112|height=84]A flaw in Twitter’s website has
left the login credentials of its users vulnerable to hackers,
according to a security researcher who has asked the social
media company to fix the problem.  Read the full story [Reuters]

Read more...

Critical Security Holes in RealPlayer

Categories: Malware, Vulnerabilities

[img_assist|nid=2852|title=|desc=|link=none|align=left|width=100|height=100]RealNetworks has released patches to cover a total of 11 vulnerabilities in several versions of
RealPlayer for Windows, Mac, and Linux.   The flaws, which could lead to code execution attacks, also affect several versions of the
Helix Player for Linux. Read the full advisory [RealNetworks]

Read more...