There’s an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user’s authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way that IE 8 handles CSS style sheets....
Read more »
A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security. The Pushdo or Cutwail network of hacked computers ranked in the top five or so botnets for spam, responsible for as much as 10 percent of all spam,...
Read more »
Apple’s failure to clean up old code in QuickTime leaves people running Internet Explorer (IE) vulnerable to drive-by attacks, a Spanish security researcher said today. Ruben Santamarta, a researcher at Madrid-based Wintercore who revealed a bug in IE8 last month, today outlined the QuickTime plug-in vulnerability. Hackers only need to dupe users into visiting...
Read more »
MANILA (AFP) – – The Philippines on Sunday ordered all government offices to tighten Internet security after its main information website was brought down by hackers. “We are alerting all government agencies to review and improve security of their websites in view of the hacking of the website this afternoon,” presidential spokesman Herminio Coloma...
Read more »
Hard on the heels of a report that a USB drive was used to compromise US military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices. “Much of the malware in circulation has been designed to distribute through these devices,”...
Read more »
Hackers are using tales of dead celebrities to build out Zeus botnets by duping users into compromising their own PCs, security experts said today. The list of celebrities, actors and singers for the most part, with an occasional sports star tossed in, range from Jennifer Anniston and Tom Cruise to Kanye West and Jay...
Read more »
Think twice before opening e-mails concerning credit card charges, business cards, or vacation photos. According to security firm Sophos, criminals have recently launched a large-scale “fake AV” attack online, using massive quantities of e-mail spam. Subject lines in circulation include “You’re invited to view my photos!” and “Your Vistaprint Order Is Confirmed,” among others....
Read more »
There’s been quite a bit of head-scratching over Intel’s decision to purchase McAfee, but, despite all the breathless talk about mobile security and ARM and virus-fighting processors, the chipmaker’s motivations for the purchase are actually fairly straightforward. First, Intel’s management has decided, in the wake of Operation Aurora, to move security up to the...
Read more »
Free antivirus software pioneer Avast, has received a $100 million (£64 million) investment from private equity firm Summit Partners to woo business users and open new offices around the globe. Summit Partners managing director Scott Collins will get a seat on the Czech company’s board in return for its cash and will help the...
Read more »
Intel Corp’s (INTC.O) surprise $7.7 billion bid for McAfee Inc (MFE.N) may trigger more deals as competitors scramble for a piece of the rapidly growing software security sector. Technology giants Oracle Corp (ORCL.O), Hewlett-Packard Co (HPQ.N), IBM Corp (IBM.N) and EMC Corp (EMC.N) — which are all looking to expand the “stack” of hardware...
Read more »
Adobe today patched two vulnerabilities in its popular Reader PDF viewing software, including one that went public last month at the annual Black Hat security conference. Two weeks ago, Adobe promised to fix the Black Hat vulnerability with an emergency, or “out-of-band” security update; earlier this week it set today as the release date....
Read more »
One of the more interesting events at this year’s Defcon hacker conference in Las Vegas late last month was a social engineering contest that targeted big companies like Microsoft, Google and Apple. Participants pretending to be head hunters and survey takers were able to trick employees at the companies into giving out information over...
Read more »
As many as five million Web sites hosted by Network Solutions have been serving up malware, probably for several months, a security expert said today. “This is one of the biggest infections for drive-by download attacks that I’ve seen,” said Wayne Huang, co-founder and CTO of Santa Clara, Calif.-based Armorize Technologies, a Web application...
Read more »
