Researchers have found two distinct new malware families that are exploiting the newly discovered Windows shell LNK vulnerability, leading to concerns that the development of a worm could be in the offing.
[img_assist|nid=5887|title=|desc=|link=none|align=right|width=100|height=100]Dell said human error was to blame for mistakes which led it to ship a
number of replacement server motherboards to customers pre-loaded with
spyware. The company declined to say whether it was running anti-virus
software at its factory but said it had taken 16 steps to improve
processes. Read the full article. [The Register]
Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft’s products.
[img_assist|nid=5862|title=|desc=|link=none|align=right|width=100|height=100]A prominent security researcher is urging users of Apple’s Safari browser to immediately turn off the AutoFill feature to block hackers from stealing sensitive information.
According to Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, the AutoFill Web Forms feature can be hacked to steal data from the computer’s address book.
[img_assist|nid=5859|title=|desc=|link=none|align=left|width=100|height=100]Microsoft is changing the way in which it handles vulnerability disclosures, now moving to a model it calls coordinated vulnerability disclosure, in which the researcher and the vendor work together to verify a vulnerability and allow ample time for a patch. However, the new philosophy also recognizes that if there are attacks already happening, it may be necessary to release details of the flaw even before a patch is ready.
Join Dennis Fisher, Ryan Naraine and their special guests, Oliver Day, Andy Ellis, and Robert Hansen as they take a look at the rising sophistication of real-world, web-based cyber attacks from the offensive, defensive and end-user perspective.
[img_assist|nid=5858|title=|desc=|link=none|align=right|width=100|height=100]As more information continues to come out about the Stuxnet worm and the vulnerabilities that it exploits, it’s becoming increasingly clear that this kind of attack may be a preview of the attacks that are likely to become commonplace in the months and years ahead.
[img_assist|nid=5853|title=|desc=|link=none|align=left|width=100|height=100]Cisco has shipped a critical bulletin to warn about a serious security hole in the Cisco Internet Streamer application, which is part of the Cisco Content Delivery System. In an advisory, Cisco warned that exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs.
[img_assist|nid=3570|title=|desc=|link=none|align=right|width=86|height=86]Slovenian police have arrested four suspects over allegations that they developed the Mariposa botnet malware. Read the full article. [The Register]
[img_assist|nid=5852|title=|desc=|link=none|align=left|width=100|height=100]Just days after Colorado officials warned businesses about scammers who are forging corporate identities to commit financial fraud, an official in Georgia said the same has been happening in that state as well. Read the full article. [Computerworld]