Browsing Category: Vulnerabilities

MS to Patch 15 Serious Windows, Office Flaws

Categories: Vulnerabilities

Microsoft plans to release six security [img_assist|nid=1411|title=|desc=|link=none|align=left|width=115|height=115]bulletins next Tuesday
November 10 to fix at least 15 serious vulnerabilities that could
expose Windows users to malicious hacker attacks.
According to Microsoft’s advance notice
for this month’s Patch Tuesday, the updates will address gaping holes
in the Windows operating system and the Microsoft Office productivity
suite.  Read the notice from Redmond [microsoft.com]

Read more...

Facebook, MySpace Fix Subdomain Errors

Categories: Malware, Vulnerabilities

[img_assist|nid=1550|title=|desc=|link=none|align=right|width=115|height=115]Facebook and MySpace have fixed errors that could have allowed data to be given out from its subdomains. A Dutch developer, Yvo Schaap, discovered the flaw and wrote on his blog: “A “more invasive and hidden exploit could harvest all the user’s
personal photos, data and messages to a central server without any
trace, and there is no reason why this wouldn’t be happening already
with both Facebook and MySpace data.” Read the full article. [Computerworld]

Read more...

Why is Apple Meddling With My Windows AutoRun?

Categories: Vulnerabilities

Gue[img_assist|nid=1544|title=|desc=|link=none|align=left|width=115|height=115]st editorial by Costin RaiuIn every system designed by man, there is always a balance between features, usability and security. While designing pretty, easy to use and secure systems is possible, quite often this is not what the users get, or, worse, this is not what the users want.

Read more...

SSL Flaw Has Researchers Hustling to Fix

A flaw i[img_assist|nid=1533|title=|desc=|link=none|align=left|width=115|height=138]n the SSL protocol that could affect company networks, hosting environments and key machines has security researchers scrambling. The flaw, which requires a hack in to a network to launch, has devastating consequences and implications on database and mail servers. Discovered in August by PhoneFactor, the researchers have been working with ICASI to make an industry-wide fix, which is called “Project Mogul.” Researchers Chris Paget and HD Moore are helping to expose the flaw. Read the full article. [Computerworld]

Read more...

Security Fixes for Java, BlackBerry Desktop

Categories: Vulnerabilities

Sun Micros[img_assist|nid=1535|title=|desc=|link=none|align=right|width=115|height=115]ystems and Research In Motion have issued critical bug fixes for security issues with their products.  Both updates include fixes for critical security bugs that could be abused by attackers to run unauthorized software on a victim’s computer, although none of the flaws appear to have been publicly known before Tuesday. Read the full story [IDG News Service/Robert McMillan]

Read more...

Microsoft Patches Critical IE Patch from Last Month

Categories: Vulnerabilities

Micr[img_assist|nid=1508|title=|desc=|link=none|align=right|width=115|height=115]osoft has reissued a patch for a critical Internet Explorer update, MS09-54 from last month. The new patch targets four critical vulnerabilities, including the scrambling of Web page elements and spawned script errors. The problems affect most versions of IE (IE 5.01, IE 6, IE 7, IE 8, on all Windows operating systems, including Windows 7). Read the full article. [Computerworld]

Read more...

Adobe Patches Critical Shockwave Player Flaws

Categories: Vulnerabilities

Ad[img_assist|nid=1503|title=|desc=|link=none|align=left|width=115|height=115]obe today released a patch to fix several serious security flaws in its Shockwave Player software.
The update, which is rated “critical,” addresses a total of five
documented vulnerabilities.  The most serious flaw could allow remote
code execution attacks against Windows and Mac users.

Read more...

Microsoft: Vista Infected 62% Less Often Than XP

Categories: Malware, Vulnerabilities

Windows Vista is dramatically more secure than Windows XP, according Microsoft’s latest Security Intelligence Report. The infection rate of Windows Vista SP1 was 61.9 percent less than Windows XP SP3, the company said.[img_assist|nid=1495|title=|desc=|link=none|align=right|width=115|height=115]The report covers the first half of 2009 and is the seventh such twice-yearly report the company has issued.  The study found that for all Microsoft operating systems that the most current service pack is always the least infected, based on infections per 1,000 computers running each OS. Windows 7 was not included in the report. Read the full report [Network World]

Read more...

Researchers Find Trojan Using Facebook

Categories: Vulnerabilities

R[img_assist|nid=1459|title=|desc=|link=none|align=left|width=115|height=115]esearchers at Symantec have discovered a trojan that uses Facebook to communicate with a control and command server. Dubbed “whitewell” this malware spreads via email, contacts the mobile version of Facebook and uses its Notes section to perform actions based on the Notes titles. Andrea Lelli wrote on the Symantec Security Response blog that Web server urls can be embedded in the Notes and be controlled. Other commands recognized in the title have executable links or can have the trojan wait. The trojan is not using flaws or exploits, but “standard Facebook functionality” in a targeted attack. Read the full article. [eWEEK]

Read more...