Web Security

Google Plugs ‘High Risk’ Chrome Holes, Adds PDF Viewer in Sandbox

Google has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.

The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google’s Jason Kersey.

Microsoft Research Develops Zozzle JavaScript Malware Detection Tool

As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware at a very high effectiveness rate.

Enterprises Riding A Tiger With Consumer Devices

Like the old adage that ‘he who rides a tiger is afraid to dismount,’ enterprises today are bounding along on the back of a particularly large and fearsome tiger. It’s called “consumer technology” and its shape is outlined by the myriad of devices and services that modern information workers are bringing to work and using – or want to use – to get their jobs done.

The main server used to distribute the open-source ProFTPD software was compromised over the weekend through the use of a bug in the FTP software itself, and a backdoored version of the software was uploaded and distributed for several days as a result.

Attackers have been using legitimate online services such as VirusTotal and others to check their new pieces of malware against various security suites for some time now, but that’s become less and less effective recently. Now, the creators of some exploit kits are beginning to include less well-known, underground malware-checking services as part of their offerings to buyers of their kits.

A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.