Nov 20, 2007 3 am
These icons link to social bookmarking sites where readers can share and discover new web pages.
14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable).
A number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors.
Click for more on Multiple FLAC Vulnerabilities Affect Every OS »
No Comments
Nov 15, 2007 2 am
These icons link to social bookmarking sites where readers can share and discover new web pages.
The November security updates fix the so-called URI problem, a critical Windows bug that has been exploited by online criminals.
Microsoft has released its November security updates, fixing a critical Windows bug that has been exploited by online criminals.
Microsoft released just two security updates this month, but security experts say that IT staff will want to install both of them as quickly as possible. The MS07-061 update is particularly critical because the flaw it repairs has been seen in Web-based attack code, said Amol Sarwate, manager of Qualys’s vulnerability research lab. “This was a zero day [flaw] that was being used in the wild by hackers,” he said
Click for more on Patch Tuesday: Microsoft Fixes Critical Windows Bug »
No Comments
Nov 14, 2007 12 am
These icons link to social bookmarking sites where readers can share and discover new web pages.
Hurry, free anti-spyware protection from ZoneAlarm, a $29.99 value. Promotion runs till Nov 14th 5pm PST.
Check Point® Software Technologies Ltd. (Nasdaq:CHKP - News), the worldwide leader in securing the Internet, is today advising PC users to immediately update their Microsoft Windows operating systems, Internet Explorer 7 browser and all security programs to thwart new vulnerabilities that may allow a hacker to gain control of a PC. The company also announced a special 24-hour promotion whereby consumers can download ZoneAlarm Anti-Spyware, a $29.95 value, for free at http://www.zonealarm.com/patchtuesday .
For the next 24-hours, Check Point will give away ZoneAlarm Anti-Spyware free of charge. Users must provide a valid email address (one product per email address). The offer expires at 7 a.m. PST 5 pm PST on Wednesday, Nov. 14. The company also is currently offering a free download of its brand-new ZoneAlarm ForceField virtual browser, another layer of protection available to consumers.
Click for more on Free ZoneAlarm Anti-Spyware for 24-Hours »
1 Comment
Oct 30, 2007 1 am
These icons link to social bookmarking sites where readers can share and discover new web pages.
Microsoft is warning users to avoid suspicious websites and emails after attacks were reported on an unpatched flaw in Internet Explorer 7.
The company would not provide exact figures, but said that a “limited number ” of attacks had been reported.
The attacks target a vulnerability in IE7’s handling of the uniform resource indicator (URI) commands used by browsers to launch third-party applications.
Microsoft disclosed the vulnerability on 10 October, explaining that it arises when the browser fails to check malformed URI instructions in Windows XP and Server 2003. Windows Vista is not believed to be vulnerable.
Click for more on Attackers take aim at IE7 unpatched flaw »
2 Comments
Oct 25, 2007 1 am
These icons link to social bookmarking sites where readers can share and discover new web pages.
Just hours after Adobe fixed a vulnerability in its PDF viewing applications, users became warned of a continuing security threat.
Adobe Acrobat and Adobe Reader became hot programs for spammers after a glitch was discovered to exploit the program’s “mailto” command. Hackers used this in connection with a malicious PDF code to send out bulk e-mails with dangerous PDF attachments.
Click for more on Adobe PDF exploits continue after patch »
No Comments
Oct 19, 2007 9 pm
These icons link to social bookmarking sites where readers can share and discover new web pages.
Hackers are actively exploiting a zero-day hole in RealNetworks’ RealPlayer media player
The in-the-wild attacks, which began late last night (October 18), targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft’s Internet Explorer browser.
Only systems on which both RealPlayer and IE have been installed are vulnerable.
The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page, according to an alert issued by Symantec DeepSight Threat Management System.
The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method and attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host.
Click for more on IE users beware: RealPlayer zero-day flaw under attack »
1 Comment
Oct 12, 2007 12 am
These icons link to social bookmarking sites where readers can share and discover new web pages.
Microsoft is warning of yet another URL-handling bug that can lead to a system hijack.
A mere two days after Patch Tuesday brought a host of remote-code execution vulnerabilities to light, Microsoft issued a security advisory warning of yet another problem: a URL-handling vulnerability that could lead to systems getting hijacked if running Internet Explorer 7 on Windows XP or Windows 2003.
Click for more on Another URL-Handling Bug Hits IE »
No Comments
Oct 10, 2007 6 pm
These icons link to social bookmarking sites where readers can share and discover new web pages.
Adobe said on Wednesday some of its programs contain yet-to-be-fixed flaws that make computers vulnerable to attack.
On October 5, Adobe posted a notice on its Web site that said it had unknowingly incorporated vulnerabilities into versions of Adobe Reader and Acrobat software that could allow malicious programs to get on to a PC without the user’s knowledge.
Click for more on Adobe: Acrobat, Reader vulnerable to hacks »
No Comments
Oct 10, 2007 2 am
These icons link to social bookmarking sites where readers can share and discover new web pages.
Microsoft has released the latest monthly security updates for October 2007.
The updates are available for download from the Microsoft Download Center and also from Windows Update/Microsoft Update.
Critical:
- KB923810
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution
- KB941202
Security Update for Outlook Express and Windows Mail
- KB939653
Cumulative Security Update for Internet Explorer
- KB942695
Vulnerability in Microsoft Word Could Allow Remote Code Execution
Important:
- KB933729
Vulnerability in RPC Could Allow Denial of Service
- KB942017
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site
Microsoft has also released the usual update for the Windows Malicious Software Removal Tool and the Windows Mail Definition Update (x86) (x64).
No Comments
Oct 4, 2007 6 pm
These icons link to social bookmarking sites where readers can share and discover new web pages.
An encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state.
PGP Corporation’s widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled.
Click for more on PGP backdoor? Undocumented Bypass in Whole Disk Encryption »
2 Comments
