Attackers interested in getting the most bang for their buck focus on ubiquitous software. Microsoft’s Office, Adobe’s Acrobat and Oracle’s Java have all become popular platforms exploited by cybercriminals intent on compromising end users’ systems. Another platform has quietly made its way onto many systems and become the focus of security researchers, if not cybercriminals: Webkit.
Browsing Tag: vulnerabilities
A new worm called Morto has begun making the rounds on the Internet in the last couple of days, infecting machines via RDP (Remote Desktop Protocol). The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows.
Microsoft has released new versions of several of its software security tools, including its Threat Modeling Tool and a pair of fuzzers. All of the tools are part of the company’s Security Development Lifecycle program, which it has been sharing with external organizations for a few years now.
A day after warning users about a serious bug in the cryptographic function in PHP 5.3.7 and telling them not to upgrade to that release, the maintainers of the scripting language pushed out version 5.3.8, which fixes the crypto problem as well as another security related issue.
Ubuntu has fixed a pile of security vulnerabilities in some of its current releases, including 22 vulnerabilities in the WebKit framework that’s part of the operating system. The WebKit flaws include some issues that could be exploited by remote attackers to run code on vulnerable machines.
Google has patched 11 vulnerabilities in its Chrome browser, one of them critical, and paid out more than $8,500 in rewards to researchers for reporting bugs.
The news last week was that the U.S. House Energy & Commerce Committee has asked the Government Accountability Office to investigate the security of the software that runs medical devices. But a prominent researcher says that security flaws in such devices are common, and that more federal oversight is necessary to change what he describes as a culture of lax security among medical device makers.
The maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved.
A group of researchers have developed a new attack that enables them to find AES keys several times faster than was previously thought possible, reducing the complexity of finding the keys on AES-128, AES-192 and AES-256. However, the attack does not pose any practical threat to currently deployed systems that use the AES encryption algorithm, the researchers said.
Google has a hugely privileged view of the Internet and it uses that position for all kinds of things, one of which is to collect data and intelligence on malicious Web site behavior and malware trends. In a new report based on four years’ worth of data on site and malware activity, the company found that attackers are now deploying highly specialized evasion and obfuscation techniques that play off what researchers and users do and then adjust and adapt.