Researcher Warns of Twitter Security Flaw

A flaw in Twitter’s website has
left the login credentials of its users vulnerable to hackers,
according to a security researcher who has asked the social
media company to fix the problem.  Read the full story [Reuters]

Critical Security Holes in RealPlayer

RealNetworks has released patches to cover a total of 11 vulnerabilities in several versions of
RealPlayer for Windows, Mac, and Linux.   The flaws, which could lead to code execution attacks, also affect several versions of the
Helix Player for Linux. Read the full advisory [RealNetworks]

Microsoft Knew of IE Zero-Day Flaw Since September

Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.The flaw was in the Microsoft Security Response Center’s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update.

Cisco has discovered a buffer overflow in version 2.6 of CiscoWorks Internetwork Performance Monitor (IPM) and previous versions for Windows; the flaw allows attackers to compromise vulnerable systems remotely, as well as a DDos flaw in Cisco IOS XR. Read the full article. [The H Security]

has released the latest iteration of its flagship Firefox browser with
a few significant security goodies to keep malicious hacker at bay. The update, which is being shipped via the browser’s automatic
update mechanism, includes new features to patch third-party Firefox
plug-ins and lock out rogue add-ons.

Analysis of the 32 million passwords recently exposed in the breach of
social media application developer RockYou last month provides further
proof that consumers routinely use easy to guess login credentials. Read the full article. [The Register]

One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.

Mozilla yesterday reported a “huge increase” in downloads of Firefox in
Germany after that country’s computer security agency urged users of
Microsoft’s Internet Explorer to dump the browser and run a rival
instead. Read the full article. [Computerworld]

Although the first known attacks using the Aurora malware that compromised Google weren’t discovered until late last year, some parts of the malware codebase has been in existence in China for nearly four years, raising questions about how many other attacks it might have been used in during that time frame.

This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.