Vulnerabilities

Android malware developers in Japan continue to peddle their product across the Internet and through the Google Play marketplace, undeterred by recent arrests in the nation.

There is a bug in the way that Twitter handles a feature that enables users to post messages via SMS and the researcher who discovered the bug says that it allows anyone who knows a user’s mobile number to not only tweet from the user’s account but also modify information in the user’s profile.

UPDATE–Unix and Linux versions of Tectia SSH server as well as the open source versions of Free FTPD and FreeSSHD for Windows are vulnerable to a critical remote authentication bypass exploit published on the Free Disclosure List.

A Romanian bug hunter has discovered a “blended threat” targeting Yahoo’s Developer Network Web site that allows unauthorized access to Yahoo users’ emails and private profile data.At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer.yahoo.com. Yahoo Query Language is the company’s proprietary programming language and used to test queries against Yahoo databases. Authenticated users also can access tables with their own Yahoo account data, such as e-mails and profile data, to mount queries.

Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at F-Secure, exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year.

Highway traffic systems deployed across the United States could be open exploit via what a group of researchers has deemed an “insufficient entropy vulnerability” in the systems’ software.

A rash of zero-day exploits and vulnerabilities in the MySQL database were disclosed to the Full Disclosure  mailing list over the weekend, but experts are saying they’re much ado about nothing.