Search-engine poisoning has been the bane of many Internet users’ existence for a long time, and it’s one of many security problems that seems to not be getting any better. In some ways, it may be getting worse, actually. One of the main problems these days is the use of legitimate-looking ads that direct users to malicious sites rather than sites to download applications such as Flash or Firefox.
Browsing Tag: vulnerabilities
If there’s one thing that can be said about Apple, it’s that the company operates on its own timeline. It does what it pleases at whatever time suits it, and the customers appear. Actually, they don’t simply appear, they wait expectantly and move as one when asked. This has proven to be enormously profitable for Apple and quite satisfying for most of its customers. But the one area where this has not worked so well is security.
A new exploit pack has appeared on the scene in the last week or so and it already is causing trouble for users, with thousands of compromised Web sites redirecting users to a page that is hosting the pack and exploiting vulnerabilities on their machines to install malware.
Apple has released iOS 5, which includes a significant number of security updates, most notably the removal of the DigiNotar root certificates from the iOS trusted root list. The new operating system for iPhones, iPads and iPods also includes support for newer versions of the TLS protocol and eliminates support for the MD5 algorithm in almost all cases.
Apple has released a new version of its iTunes software, patching an enormous number of vulnerabilities in the popular music application. Version 10.5 of iTunes includes fixes for several dozen flaws in WebKit alone, and also has some updated functionality designed to support new components coming in iOS in the near future.
Microsoft released eight security updates on Tuesday, repairing 22 security holes in its October patch release, with 12 of the 22 described as “consistently exploitable” by the company.
A new version of the Zeus malware has appeared, and this does not seem to be a minor upgrade, but a major custom version of the Trojan, which now sports a P2P capability that does away with the use of the domain-generation algorithm used in earlier versions and instead uses a hardcoded list of IP addresses to provide infected PCs with new software and config files. This is a throwback to the way the malware used to behave, but it comes with a twist: There no longer is a master URL that infected machines contact to get updates, making it much more difficult to track the Trojan’s activities.
BARCELONA–As online crime continues to grow in volume and expand in scope, encompassing a massive number of scams and operations around the world, security researchers, lawmakers and others are pushing for better cooperation among law enforcement agencies and the security community in taking down the attackers behind these schemes. There are precious few examples of successful operations that have succeeded in recent years, but one that can be considered a model of how things can work is the investigation into the m00p malware-writing crew that began more than seven years ago.
Google has fixed seven security vulnerabilities in its Chrome browser with a new release on Tuesday. Six of the bugs fixed in Chrome are rated high, with just one listed as critical. The company paid out $10,000 in bounties for the bugs it fixed in this release.
Officials at mobile handset maker HTC said they are working on a patch to fix a problem with many of its Android devices that enables any app with Internet permissions to access a large cache of user and device data that a proprietary tool called HTCLoggers collects. The company said on Monday that it was looking into the claims.