Browsing Category: Vulnerabilities

The Ultimate Guide to Scareware Protection

Categories: Vulnerabilities

Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process. 
This end user-friendly guide aims to educate the Internet user on what scareware is, the risks posed by installing it, how it looks like, its delivery channels, and most importantly, how to recognize, avoid and report it to the security community taking into consideration the fact that 99% of the current releases rely on social engineering tactics.  Read the full story [zdnet.com]

Read more...

Mac OS X Mega-Update Fixes 33 Security Defects

Categories: Vulnerabilities

Apple today shipped another Mac OS X mega-update with fixes for at least 33 serious security problems affecting Mac OS X users.

The update includes patches for third party components like Adobe’s Flash Player plug-in, Clam AV, MySQL and PHP.  A separate update was released for Snow Leopard to fix the issue where a vulnerable version of Flash Player was included with the new operating system.  Read the full story [zdnet.com]

Read more...

Clampi Trojan Still Wreaking Havoc

Categories: Vulnerabilities

From The Washington Post (Brian Krebs)

Finding the notorious Clampi banking Trojan on a computer inside your network is a little like spotting a single termite crawling into a crack in the wall: Chances are, the unwelcome little intruder is part of a much larger infestation. At least, that’s the story told by two businesses which recently discovered Clampi infections, compromises that handed organized cyber gangs the access they needed to steal tens of thousands of dollars.Read the full story [Washington Post].

Read more...

iPhone, QuickTime Bitten by Serious Security Bugs

Categories: Vulnerabilities

Apple has released security patches to cover serious security vulnerabilities in its iPhone, iPod Touch and QuickTime products.
The most serious of the vulnerabilities could lead to remote code execution attacks that give malicious hackers an easy way to hijack computers and mobile devices.  Read the full story for details on these vulnerabilities [zdnet.com]

Read more...

Stage is Set for Vista Worm With SMB2 Flaw

Categories: Vulnerabilities

From The Last Watchdog (Byron Acohido)

A strong dose of déjà vu enshrouds the heightened security advisory Microsoft issued today about the newly-disclosed SMB2 zero-day vulnerability in the Windows Vista and Windows Server 2008 operating systems. It was one year ago today — September 2008 — that Chinese malware brokers were spotted selling a $37 tool kit that allowed anyone to exploit a newly-disclosed RPC-DCOM vulnerability in Windows XP and Windows Server 2000. Read the full story [The Last Watchdog].

Read more...

Patch Tuesday: Microsoft Plugs Windows Worm Holes

Categories: Vulnerabilities

Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.
The most serious of the vulnerabilities addresses could lead to remote code execution complete system takeover attacks.  The September batch of patches does not address the FTP in IIS vulnerability that is currently being exploited in the wild.

Read more...

Microsoft, Cisco Issue Patches for TCP DoS Flaw

Categories: Vulnerabilities

Vendors are finally releasing patches today for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco’s IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities on Tuesday.

Read more...

Firefox to Check for Adobe Flash Patch

Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plug-in is out of date, according to Mozilla Human Shield Johnathan Nightingale.
Once the browser is updated, Mozilla will present the user with a visual notice on its first-run Web site that the Flash Player plugin contains security and stability vulnerabilities.

Read more...