Browsing Author: Ryan Naraine

Microsoft Knew of IE Zero-Day Flaw Since September

[img_assist|nid=2844|title=|desc=|link=none|align=right|width=100|height=100]Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.The flaw was in the Microsoft Security Response Center’s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update.

Read more...

Mozilla Ships Security Goodies in Firefox 3.6 Update

[img_assist|nid=2838|title=|desc=|link=none|align=right|width=100|height=100]Mozilla
has released the latest iteration of its flagship Firefox browser with
a few significant security goodies to keep malicious hacker at bay. The update, which is being shipped via the browser’s automatic
update mechanism, includes new features to patch third-party Firefox
plug-ins and lock out rogue add-ons.

Read more...

Microsoft Confirms Unpatched Windows Kernel Flaw

Categories: Vulnerabilities

One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.

Read more...

Emergency IE Patch Coming on January 21

[img_assist|nid=2806|title=|desc=|link=none|align=left|width=100|height=100]This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe.

Read more...

Critical Flaws Haunt Adobe Shockwave Player

Categories: Malware, Vulnerabilities

[img_assist|nid=2792|title=|desc=|link=none|align=left|width=100|height=100]Adobe’s run on the patching treadmill continued this week with a “critical” update to fix a pair of code execution holes in its Shockwave Player.

Read more...

Apple Patches 12 Serious Mac OS X Flaws

Categories: Vulnerabilities

[img_assist|nid=2783|title=|desc=|link=none|align=left|width=100|height=100]Apple’s first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities.The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site.

Read more...

Facebook Vulnerable to Clickjacking Attacks

Categories: Data Breaches

[img_assist|nid=2756|title=|desc=|link=none|align=left|width=100|height=100]Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday.Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users. Read the full story [CNet]

Read more...

Microsoft: Emergency IE Patch Coming

[img_assist|nid=2755|title=|desc=|link=none|align=right|width=100|height=100]Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.

Read more...

Microsoft Confirms IE Zero-Day Used in Google Attack

[img_assist|nid=2677|title=|desc=|link=none|align=right|width=100|height=100]Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement.

Read more...

German Government Warns Against Using IE Browser

In response to the security hole in several versions of
Internet Explorer (IE), the German Federal Office for Information
Security is recommending that Internet Explorer users should switch to an
alternative browser until a patch for IE has been made available.  Read the full story [The H Security]

Read more...