Oracle on Tuesday plans to release patches for 56 new vulnerabilities in a huge number of its products through its scheduled quarterly critical patch update. The company said that the various vulnerabilities in this month’s CPU affect hundreds of Oracle products.
Browsing Tag: vulnerabilities
Hacker forums function as a kind of combination training academy, social network and central bazaar for attackers looking for new tools, methods and techniques. They’re also often patrolled by law enforcement agents and security researchers, but it’s rare that any of the information that those people gather ever makes it into the hands of the public. One security company is now laying out some of the details of a year-long observation of a large hacker forum.
Search-engine poisoning has been the bane of many Internet users’ existence for a long time, and it’s one of many security problems that seems to not be getting any better. In some ways, it may be getting worse, actually. One of the main problems these days is the use of legitimate-looking ads that direct users to malicious sites rather than sites to download applications such as Flash or Firefox.
If there’s one thing that can be said about Apple, it’s that the company operates on its own timeline. It does what it pleases at whatever time suits it, and the customers appear. Actually, they don’t simply appear, they wait expectantly and move as one when asked. This has proven to be enormously profitable for Apple and quite satisfying for most of its customers. But the one area where this has not worked so well is security.
A new exploit pack has appeared on the scene in the last week or so and it already is causing trouble for users, with thousands of compromised Web sites redirecting users to a page that is hosting the pack and exploiting vulnerabilities on their machines to install malware.
Apple has released iOS 5, which includes a significant number of security updates, most notably the removal of the DigiNotar root certificates from the iOS trusted root list. The new operating system for iPhones, iPads and iPods also includes support for newer versions of the TLS protocol and eliminates support for the MD5 algorithm in almost all cases.
Apple has released a new version of its iTunes software, patching an enormous number of vulnerabilities in the popular music application. Version 10.5 of iTunes includes fixes for several dozen flaws in WebKit alone, and also has some updated functionality designed to support new components coming in iOS in the near future.
Microsoft released eight security updates on Tuesday, repairing 22 security holes in its October patch release, with 12 of the 22 described as “consistently exploitable” by the company.
A new version of the Zeus malware has appeared, and this does not seem to be a minor upgrade, but a major custom version of the Trojan, which now sports a P2P capability that does away with the use of the domain-generation algorithm used in earlier versions and instead uses a hardcoded list of IP addresses to provide infected PCs with new software and config files. This is a throwback to the way the malware used to behave, but it comes with a twist: There no longer is a master URL that infected machines contact to get updates, making it much more difficult to track the Trojan’s activities.
BARCELONA–As online crime continues to grow in volume and expand in scope, encompassing a massive number of scams and operations around the world, security researchers, lawmakers and others are pushing for better cooperation among law enforcement agencies and the security community in taking down the attackers behind these schemes. There are precious few examples of successful operations that have succeeded in recent years, but one that can be considered a model of how things can work is the investigation into the m00p malware-writing crew that began more than seven years ago.