Latest Articles

Patch coming for MS PowerPoint zero-day flaw

Categories: Vulnerabilities

Exactly one month after malicious hackers started using rigged PowerPoint files to launch targeted attacks, Microsoft announced plans to ship a “critical” bulletin affecting its flagship presentation program.
The PowerPoint update is the only bulletin scheduled for this month’s Patch Tuesday on May 12, 2009 .  It is rated “critical” (remote code execution) for all supported versions of Microsoft Powerpoint 2000 through 2007.

Read more...

Cybercriminals use fake search engines to spread malware

Categories: Malware

From CNet (Elinor Mills)

Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.

Previously, attackers resorted to sending e-mails with malicious code in attachments and with links to malicious Web sites and took measures to push those Web sites higher in search engine rankings. Now, they’re also creating fake search engines that are showing up in Google search results. Read the full story [cnet.com]

Read more...

It’s time to revamp the automatic update

Categories: Web Security

The automatic update is one of the more useful tools ever invented by software developers. Click a couple of buttons and you never have to worry about checking for new security updates again–it happens automagically! But it’s also one of the more frustrating and intrusive mechanisms we’ve seen in recent years, thanks to the tendency of vendors to abuse its power and smush in a bunch of extra applications and add-ons that users may have little use or desire for.

Read more...

Feds should let private sector lead on cybersecurity

Categories: Government

From SearchSecurity.com (Eric Ogren)
The federal government has whipped itself into a frenzy on the issue of cybersecurity recently, as evidenced by the numerous competing bills in the House and Senate and the high-level wrangling over which agency should run cybersecurity. Washington certainly has a key role to play in cybersecurity, but lawmakers and regulators should keep their hands off the Internet as much as possible and look to the private sector to lead on this issue, Eric Ogren writes.

Read more...

Prediction: Apple will recommend security software

Categories: Compliance

From CNet (Jon Oltsik)
As an analyst, it is my job to follow the industry, internalize trends, and then use this information to make predictions. OK, here goes: Within the next 18 months, Apple will begin recommending that Macintosh users install Internet security software on all systems.
Now I realize that this statement is blasphemy to dedicated Mac users, so let me start with a few qualifying statements. I am not comparing Mac OS with Windows, or Apple with Microsoft, and my prediction should not be interpreted as an attack on Apple, its developers, or the security of its code. Read the full story [cnet.com]

Read more...

Indictments fall on Swede for Cisco, NASA attacks

Categories: Malware

From Wired.com (David Kravets)
A Swedish man has been indicted for attacks against NASA’s Ames Research Center and Cisco several years ago that netted the source code to Cisco’s IOS operating system, among other spoils. Wired’s Threat Level is reporting that Phillip Gabriel Pettersson was indicted for the attacks on Monday in California, but likely never will be prosecuted in the U.S.

Read more...

Critical security hole in Google Chrome

Categories: Vulnerabilities

For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities [blogspot.com].
One of the two flaws carry a “critical” rating because of the risk of code execution with the privileges of the logged on user. Read the full story [zdnet.com]

Read more...

Battle brewing over cybersecurity in Washington

Categories: Government

There is a good old-fashioned backroom brawl shaping up in Washington over the cybersecurity issue, and the forces are aligning in some interesting ways on a variety of different sides of the debate. The latest installment in this long-running drama involves not just the fight over which, if any, of the numerous House and Senate bills addressing cybersecurity will ever see the light of day, but also the wisdom of handing authority for federal information security to the White House.

Read more...

Can social networking be secure at work?

Categories: Web Security

From CIO (C.G. Lynch)

As more workers spend a greater part of their days on social networks like Facebook and Twitter, hackers have turned their energies toward spreading their malware across those services, harming workstations and company networks.

That’s the contention of a recent report measuring Web 2.0-targeted hacks that occurred in the first quarter of this year and was conducted by the Secure Enterprise 2.0 Forum, an industry group aimed at enabling the safe use of social media in the workplace. Read the full story [cio.com]

Read more...

Windows 7 retains Windows Explorer security risk

Categories: Vulnerabilities

From InformationWeek (Thomas Claburn)
Windows 7 RC is now available, but Microsoft’s new operating system could use a bit more tinkering to improve security.
Specifically, Windows Explorer provides a way to hide a file’s extension. Virus writers use this feature to disguise executable files as something more innocuous, such as text files, F-Secure’s Mikko Hypponen explains in a blog post [f-secure.com]. By also changing the appearance of a malicious executable’s icon, malware authors have a much easier time convincing users to run malicious software using social engineering techniques. Read the full story [informationweek.com]

Read more...