[img_assist|nid=5253|title=|desc=|link=none|align=right|width=100|height=100]Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities.The Safari 4.1 and 5.0 updates, considered “highly critical,” is available for both Windows and Mac OS X. Exploitation of some of these vulnerabilities could lead to drive-by download (remote code execution) attacks.
[img_assist|nid=5252|title=|desc=|link=none|align=left|width=100|height=100]Adobe said on Monday that it will have a patch available for the newly discovered critical vulnerability in Flash ready by June 10 for most platforms. The patches for Adobe Reader and Acrobat, which also are affected by the flaw, won’t be released until June 29.
[img_assist|nid=5239|title=|desc=|link=none|align=left|width=100|height=100]LIMASSOL, CYPRUS–The operators of large-scale botnets such as Gumblar and others for years have relied upon stealth, creativity and guile to hide their creations from researchers and authorities for as long as possible. This has been especially vital for botnets with centralized command-and-control mechanisms. But the recent success of sophisticated, resilient peer-to-peer botnets has shown that level of effort isn’t necessary anymore.
[img_assist|nid=5234|title=|desc=|link=none|align=right|width=100|height=100]Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.
[img_assist|nid=5235|title=|desc=|link=none|align=left|width=100|height=100]Most skimmers that are openly advertised are little more than scams
designed to separate clueless crooks from their ill-gotten gains. However, start
poking around on some of the more exclusive online fraud forums for
sellers who have built up a reputation in this business and chances are
eventually you will hit upon the real deal. Read the full article. [KrebsonSecurity]
[img_assist|nid=5222|title=|desc=|link=none|align=right|width=100|height=100]Incident-prone social network monolith Facebook has plugged yet another
security leak, this time involving the indexing by search engines of
email addresses not listed on Facebook. Read the full article. [The Register]
[img_assist|nid=5221|title=|desc=|link=none|align=left|width=100|height=100]The OpenOffice.org development team have issued the first point update to the 3.2.x branch
of their open source office suite for Windows, Mac OS, Linux and
Solaris. The maintenance update addresses a number of bugs and security
issues found in the previous 3.2 release, but adds no new features. Read the full article. [The H Security]
[img_assist|nid=5223|title=|desc=|link=none|align=right|width=100|height=100]Researchers have developed a kernel-level Android rootkit in the form of a loadable
kernel module and will demonstrate the proof of concept exploit at the upcoming DefCon conference. Read the demo statement. [DefCon.org]
[img_assist|nid=5217|title=|desc=|link=none|align=left|width=100|height=100]Another mobile-phone manufacturer has fallen victim to an increasingly common attack in which phones’ memory cards are infected with malware during the manufacturing process and then shipped out to customers. The latest victim is Samsung, which has acknowledged that the microSD cards in a batch of its S8500 Wave mobile phones sold in Germany were infected with an autorun Trojan.
In this talk from the Kaspersky Lab Security Analyst Summit in Cyprus, independent security researcher Kurt Baumgartner discusses the inner workings of the infamous Eleonore exploit kit and the business model behind it.