vulnerabilities


SQL Injection Hits Social Net for Developers

A SQL injection flaw has been discovered in Rockyou.com – a social networking application development website used by app developers for Bebo, Facebook and Myspace; The flaw could have allowed hackers access to the 32 million usernames and passwords. Read the full article. [eWEEK Europe]

On the Hunt for Conficker

There are several ongoing investigations attempting to find the authors of the Conficker botnet, one of the fastest spreading worms in history, but those responsible for the worm have proven elusive. Read the full article. [TechTarget]

Twitter Domain API Back in Malware Fray

Malware writers have revamped code that uses a popular Twitter command
to generate hard-to-predict domain names, a technique that brings
stealth to their drive-by exploits. Read the full article. [The Register]


Microsoft
today shipped six bulletins with patches for a total of 12 documented
security vulnerabilities in a wide range of widely deployed software
products.  Three of the six bulletins are rated “critical,” Microsoft’s
highest severity rating.
The most serious issues affect the company’s Internet Explorer browser, including the newest IE 8 on Windows 7.

U-Test has just completed a substantive, independent review of three major e-tailing sites–Amazon, Walmart and Target– and found a gaping cross-site scripting security hole in one of them. Read the full article. [The Last Watchdog]

A security researcher has released a proof-of-concept attack that
exploits critical vulnerabilities that Apple patched on Thursday; The
vulns stem from bugs in the Java runtime environment that allow
attackers to remotely execute malicious code. Read the full article. [The Register]

An attacker with access to the target computer simply boots from a USB
flash drive and replaces the BitLocker bootloader with a substitute
bootloader which mimics the BitLocker PIN query process but saves the
PINs entered by the user to disk in unencrypted form. Read the full article. [The H Security]

Here’s an important security heads-up to all computer users: Adobe plans to ship a critical Flash Player update next Tuesday to fix multiple serious security vulnerabilities.The patches will be released alongside updates from Microsoft and will affect all platforms — Windows, Mac OS X and Linux.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.