Browsing Category: Vulnerabilities

Categories: Podcasts, Vulnerabilities

Dennis Fisher talks with Cormac Herley of Microsoft Research about the paper he co-authored on the realities of the underground economy, why sales of stolen credit cards resemble a market for lemons and how we can get better data on cybercrime activities.

Read more...

Categories: Vulnerabilities

Mozilla has joined this week’s patchapalooza with the release of a Firefox update to fix 11 documented security vulnerabilities.
Six of the 11 issues are in advisories rated “critical” because of the risk of code execution attacks that could allow hackers to take complete control of a compromised machine.  Read the full advisory from Mozilla [mozilla.org]

Read more...

Categories: Vulnerabilities

From The H Security
A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability. Nonetheless, Google considers the vulnerability to be a high risk. Read the full story [h-online.com]

Read more...

From ZDNet (Dancho Danchev)
Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object [paretologic.com] found at a bogus Macintosh PortTube site.
The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.  Read the full story [zdnet.com]

Read more...

Categories: Vulnerabilities

From Computerworld (Matt Hamblen)
The new iPhone 3G S boasts remote data wipe, hardware-based encryption and tethering of the device to a laptop that would seem to please business users interested in protecting data and enhancing productivity.
But no, those steps are not good enough for widespread adoption of the new smartphone inside large businesses, four analysts said today. What iPhone 3G S still needs is a system, run by the enterprise IT staff, to verify — and to provide an audit trail — that the encryption is turned on, and to allow IT to conduct a remote wipe if the device is lost or stolen. Read the full story [computerworld.com]

Read more...

Categories: Vulnerabilities

Adobe has issued its first ever scheduled quarterly update for its Reader/Acrobat product line, a bumber patch to cover 13 serious security vulnerabilities.
The patches, which follow Microsoft’s release of fixes for 31 Windows, IE and Office flaws, address “critical vulnerabilities” in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions.  “These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system,” Adobe warned in an advisory.

Read more...