[img_assist|nid=4107|title=|desc=|link=none|align=right|width=100|height=100]Computer users in China and Korea were the hardest hit by the latest wave of zero-day malware attacks targeting a flaw in the Internet Explorer browser, according to data released by the Microsoft Malware Protection Center (MMPC).
[img_assist|nid=4098|title=|desc=|link=none|align=left|width=100|height=100]By Gunter Ollmann, DamballaLast night my attention was drawn to a couple of blog entries
relating to Google and the attacks they fell victim to earlier this
year. These attacks were eventually labeled as “Operation Aurora” by
McAfee (based upon the presence of the “aurora” keyword embedded within
some of the malware).
[img_assist|nid=4094|title=|desc=|link=none|align=right|width=100|height=100]The latest rivalry appears to be budding between the author of the Zeus Trojan— a crime kit used by a large number of cyber thieves — and “SpyEye,” a
relatively new kit on the block that is taking every opportunity to
jeer at, undercut and otherwise siphon market share from the mighty
Zeus. Read the full article. [Krebson Security]
[img_assist|nid=4092|title=|desc=|link=none|align=left|width=100|height=100]Microsoft uncovered more than 1,800 bugs in
Office 2010 by tapping into the unused computing horsepower of idling
PCs. Office developers
found the bugs by running millions of “fuzzing” tests, said Tom
Gallagher, senior security test lead with Microsoft’s Trustworthy
Computing group. Read the full article. [Computerworld]
[img_assist|nid=4081|title=|desc=|link=none|align=right|width=100|height=100]A security flaw within a popular photo sharing iPhone app known as Quip, has exposed thousands of shared photos, with repositories of them — including the naked ones — already circulating across the Web. Read the full article. [ZDNet]
[img_assist|nid=4080|title=|desc=|link=none|align=left|width=100|height=100]The percentage of Internet users in China with no security software was 4.4% last year,a up from 3.9% the previous year, according to recent survey results by the China Internet Network Information Center (CNNIC) and China’s National Computer Network Emergency Response Technical Team (CNCERT). Read the full article. [Comptuerworld]
[img_assist|nid=4079|title=|desc=|link=none|align=right|width=100|height=100]The techniques used by unloveable rogues who automate search engine
manipulation attacks themed around breaking news to sling scareware
have been unpicked by new research. Read the full article. [The Register]
[img_assist|nid=4075|title=|desc=|link=none|align=left|width=100|height=100]The developers at Mozilla soon will be adding a new privacy enhancement to the Firefox browser that will help prevent attackers and the operators of third-party Web sites from seeing which other sites a user has visited.
Computer-security researchers say new “smart” meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways. At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else’s power on and off. Read the full story [syracuse.com]
[img_assist|nid=4065|title=|desc=|link=none|align=left|width=100|height=100]SEE: Updated report with response from Adobe and FoxIt SoftwareA security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.