Ryan Naraine

For years, Adobe Systems has occupied a quiet corner of the personal-computer industry. Photographers and designers use its software to clean up photos and set up Web sites. Workers everywhere trade electronic documents formatted with Adobe’s programs, often without knowing the company behind the software.  Now Adobe is attracting the unwanted attention of hackers — and security experts are concerned the company isn’t doing enough to repel assaults. Read the full story [BusinessWeek] 

Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS.

Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections.

Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky has written an in-depth article describing the scareware (fake anti-virus) epidemic.  The article touches on the common distribution techniques, the tricks used to scare users into paying fraudsters for a removal tool and the way code generators are being used to create these malicious programs.  It also provides some infection statistics and some practical protection advice.  Read the full article [viruslist.com]

On the heels of last week’s release of exploit code for a crippling denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2, Microsoft has issued a security advisory to confirm the issue and offer pre-patch mitigations.The flaw, in the Microsoft Server Message Block (SMB) Protocol which affects SMBv1 and SMBv2, could cause a system to stop functioning or become unreliable, Microsoft said, describing the published exploit code as “detailed.”

Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control
have now developed a scheme for protecting implantable medical devices
against wireless attacks. The approach relies on using ultrasound waves
to determine the exact distance between a medical device and the
wireless reader attempting to communicate with it.  Read the full story [Technology Review]

Heads up to all Microsoft Windows users: If you’re running Windows
2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.

Security researchers say it’s only a matter of time — days not weeks
— before malicious hackers start exploiting one of the vulnerabilities
via booby-trapped Web pages or Office (Word or PowerPoint) documents.