Dennis Fisher

The ongoing exploitation of the vulnerability in an ActiveX control used by Internet Explorer has created a dangerous situation, as there is no patch yet for the MSVidCtl.dll vulnerability. However, there are several steps you can take to protect yourself against attacks.

It looks like the distributed denial-of-service attack, once the favorite tactic of script kiddies and professional hackers alike, is coming back into favor. Attackers have been conducting an ongoing DDoS attack against the Federal Trade Commission’s main site, as well as some other government sites over the last few days.

By Stefan Tanase, Kaspersky Lab, Romania
In June, we saw an explosive rise in the number of Koobface modifications – the number of variants we detected jumped from 324 at the end of May to nearly 1000 by the end of June. And this weekend brought another flood, bringing us up to 1049 at the time of writing.

There is a widespread attack underway against an unpatched vulnerability in the Msvidctl DLL, with attackers using thousands of newly compromised Web sites to exploit victims’ PCs via drive-by downloads. The attacks are using Internet Explorer as the attack vector and are pushing a Trojan downloader onto compromised machines.

From The H Security
Symbian, found in many mobile phones, especially those from Nokia, is one of the most widely used mobile operating systems and has now been in use for more than ten years. It continues to be viewed as a very secure operating system, with special security functions and a certification system which help to ensure that only signed code can run with high privileges. Anti-virus vendors occasionally report new malware capable of running on the Symbian platform, but so far none have managed to spread widely. Read the full story [The H Security].

From IDG News Service (Sumner Lemon)
Apple is working to fix an iPhone vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the phone.
The attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said security researcher Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday. He didn’t provide a detailed description of the SMS vulnerability, citing an agreement with Apple. Read the full story [Yahoo News].

It’s been quite a week in the world of cryptography. For a field in which advancements are measured in the smallest of terms and major breakthroughs can take decades, the three big news stories involving cryptography in the last few days comprise an epochal event.