Vulnerabilities


MS’ Blue Screen Fix MS10-015 Redistributed

Microsoft today said it had restarted distribution of a security update
that had crippled some Windows PCs last month with reboot problems and
Blue Screen of Death error screens. Read the full article. [Computerworld]

RSA 2010: Microsoft Floats Idea to Quarantine Infected Computers

A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users.The informal proposal, made Tuesday by Microsoft Vice President of Trustworthy Computing Scott Charney, was short on specifics, such as who would be responsible for monitoring and isolating malware-riddled machines. But he laid out his case for keeping them away from the general populace, comparing such a move to laws that have gone into effect over the past 20 years banning cigarette smoking in public.  Read the full story [The Register]

Apple Snags former Mozilla Security Chief

Apple has hired former Microsoft and Mozilla security specialist Window Snyder to help secure its Mac ecosystem.Snyder, who last worked as Mozilla’s security chief, confirmed she is joining Apple as senior product manager for security.


Innovations in botnet technology threaten the usefulness of honeypots, one of the main ways to study how bot herders control networks of zombie PCs. Computer scientists led by Cliff Zou and colleagues at the University of Central Florida warn that bot herders can now avoid honeypots – unprotected computers outfitted with monitoring software – set up by security firms. Read the full article. [The Register]

A new report shows malware attacks through Web 2.0 applications continue to be the largest
concern for IT professionals with 69% of organizations reporting at least
one Web 2.0-related attack. Fourteen percent report data leakage over social networks and 18%
indicate incidents occurring over social networks where disciplinary
action was required. Read the full article. [Help Net Security]

Crooks have developed a man-in-the-middle-attack designed to circumvent authentication kit used by dedicated World of Warcraft gamers. The ruse relies on tricking gamers into installing Trojans disguised
as gaming ad-ons. Once applied the malware allows hackers to capture
and relay authentication commands next time a victim logs on to
Blizzard’s servers. Read the full article. [The Register]

The personal health and financial information stored in thousands of
North American home computers may be vulnerable to theft through
file-sharing software, according to a research study published online
in the Journal of the American Medical Informatics Association. Read the full article. [ScienceDaily]

The Lotus iNotes ActiveX control for reading email from within a
browser contains a programming error which can result in a buffer
overflow. This could be exploited by an attacker to infect an iNotes
user with spyware on visiting a crafted web page. Read the full article. [The H Security]

A ring of ticket brokers has been indicted in connection to an elaborate hacking scheme that used bots and other fraudulent means to purchase more than 1 million tickets for concerts, sporting events and other events. The defendants made more than $25 million in profits from the resale of the tickets between 2002 and 2009. Read the full article. [Wired]

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system.

The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.