Ryan Naraine

Java Zero-Day Attacks In The Wild

Just days after Google researcher Tavis Ormandy released details on a dangerous new Java vulnerability, malicious hackers have pounced and are exploiting the flaw in the wild to launch drive-by download attacks.


Malicious hackers have found a way to hijack WordPress database credentials and use that information to redirect thousands of blogs to Web sites laden with malware.The attacks, which started last Friday, occurred mostly on WordPress blogs hosted by Network Solutions but it appears that there are multiple security weaknesses in play.

Adobe today announced plans to ship a critical security patch next Tuesday (April 13, 2010) to fix multiple high-risk security holes in its Reader and Acrobat product lines.The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes.   The security fixes in this Reader/Acrobat patch batch will apply to Windows, Macintosh and UNIX users.

In a startling revelation, the open-source Mozilla project says that its flagship Firefox browser contains a root certificate authority that doesn’t seem to have a known owner.
It’s quite possible that this could be a legitimate root certificate that changed hands during a merger or some other transaction but the fact that Mozilla’s folks can’t seem to figure out the owner is disconcerting on many levels.