| |
 |
Google Picasa JPEG Processing Integer Overflow Vulnerability |
| |
(26 February 2010) |
| |
Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an integer overflow error in
PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Prior versions may also be affected.
Click here to read more
|
| |
|
Adobe pushes out Flash security fix |
| |
(19 February 2010) |
| |
Adobe has published a cross-platform update for Flash that addresses a potentially serious security flaw.
Click here to read more
|
| |
|
Microsoft Office PowerPoint Multiple Vulnerabilities |
| |
(11 February 2010) |
| |
Multiple vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system.
Click here to read more
|
| |
|
Cyberattacks from U.S. "greatest concern" |
| |
(05 February 2010) |
| |
Global companies worry more about cyberattacks from actors based in the United States, not China, according to a survey of 600 information-technology executives released by McAfee on Thursday.
Click here to read more
|
| |
|
Google Chrome Multiple Vulnerabilities |
| |
(29 January 2010) |
| |
Some vulnerabilities and weaknesses have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, or compromise a user's system.
Click here to read more
|
| |
|
Attack on IE 0-day refined by researchers |
| |
(22 January 2010) |
| |
Security researchers start improving the code and publishing their own exploits for IE browser flaw, after the code is published to a malware analysis site.
Click here to read more
|
| |
|
IE flaw gave attackers entry, says McAfee |
| |
(18 January 2010) |
| |
A remotely exploitable flaw in Microsoft's Internet Explorer allowed attackers operating from Chinese servers to infiltrate at least one company, the security firm says.
Click here to read more
|
| |
|
HP Storage Data Protector Buffer Overflow Vulnerabilities |
| |
(22 December 2009) |
| |
Two vulnerabilities have been reported in HP Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
Click here to read more
|
| |
|
Limited attacks target Adobe Acrobat |
| |
(18 December 2009) |
| |
Security groups acknowledge seeing attacks using a critical and unpatched flaw in the Javascript library of Adobe's Acrobat and Reader software.
Click here to read more
|
| |
|
Microsoft, Adobe patch major flaws |
| |
(14 December 2009) |
| |
Both companies release software updates: Microsoft to close 12 holes and Adobe to fix seven vulnerabilities.
Click here to read more
|
| |
|
Roxio Creator Image Rendering Integer Overflow Vulnerability |
| |
(07 December 2009) |
| |
Secunia Research has discovered a vulnerability in Roxio Creator, which can be exploited by malicious people to potentially compromise a user's system.
Click here to read more
|
| |
|
Internet Explorer Layout Handling Memory Corruption Vulnerability |
| |
(01 December 2009) |
| |
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
Click here to read more
|
| |
|
Survey: Majority of Web sites vulnerable |
| |
(20 November 2009) |
| |
Nearly two-thirds of Web sites have at least one serious security issue that would allow someone to remotely attack the site, a study carried out by WhiteHat Security finds.
Click here to read more
|
| |
|
Microsoft Windows Win32k Kernel-Mode Driver Multiple Vulnerabilities |
| |
(16 November 2009) |
| |
Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.
Click here to read more
|
| |
|
Sun Java JDK / JRE Multiple Vulnerabilities |
| |
(06 November 2009) |
| |
A weakness and some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system.
Click here to read more
|
| |
|
Hopes high for Windows 7 security |
| |
(30 October 2009) |
| |
Experts hope that Microsoft's focus on making Windows security more friendly will help secure the operating system's users.
Click here to read more
|
| |
|
Oracle Database Multiple Vulnerabilities |
| |
(23 October 2009) |
| |
Some vulnerabilities have been reported in Oracle Database, which can exploited to disclose sensitive information, cause a DoS (Denial of Service), manipulate certain data, or compromise a vulnerable system.
Click here to read more
|
| |
|
Botnet boosts criminals' revenues from Google |
| |
(15 October 2009) |
| |
Victims whose computers have been compromised will have their searchesredirected from Google and its competitors to fake sites that skim off ad revenue.
Click here to read more
|
| |
|
Phishing scam exposes Hotmail passwords |
| |
(09 October 2009) |
| |
Microsoft warns users that thousands of customer credentials were exposed on a third-party site, apparently the result of a phishing campaign.
Click here to read more
|
| |
|
Firms most often infected by smaller botnets |
| |
(02 October 2009) |
| |
While the big botnets get the media attention, smaller collections of compromised PCs are more commonly found inside infected corporate networks.
Click here to read more
|
| |
|
Social-networking sites short on security |
| |
(25 September 2009) |
| |
Web 2.0 sites that allow user-generated content make up the majority of top distributors of malicious software, stated a report that security firm Websense published this week.
Click here to read more
|
| |
|
Mozilla Firefox Multiple Vulnerabilities |
| |
(18 September 2009) |
| |
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a vulnerable system.
Click here to read more
|
| |
|
Serious security bug found in Windows Vista |
| |
(11 September 2009) |
| |
An independent security consultant publicized this week the details to a critical flaw in the server message block version 2 (SMB2) component of Microsoft's Windows Vista, Windows Server 2008, and the release candidate for Windows 7. The researcher, Laurent Gaffié, claimed in his advisory that the vulnerability causes a Blue Screen of Death, a pernicious crash on Windows system, but other researchers have subsequently concluded that the flaw is actually remotely exploitable, a more serious issue.
Click here to read more
|
| |
|
OpenOffice.org Word Document Table Parsing Vulnerabilities |
| |
(04 September 2009) |
| |
Secunia Research has discovered two vulnerabilities in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system.
Click here to read more
|
| |
|
Potential security issue with Lotus Notes file viewer for Microsoft Excel |
| |
(28 August 2008) |
| |
A vulnerability was reported in IBM Lotus Notes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted Microsoft Excel file attachment that, when double-clicked and viewed by the target user, will trigger a buffer overflow in key view and execute arbitrary code on the target system. The code will run with the privileges of the target user. Lotus Domino servers are not affected.
Click here to read more
|
| |
|
Cisco Firewall Services Module ICMP Processing Bug Lets Remote Users Deny Service |
| |
(21 August 2008) |
| |
A vulnerability was reported in Cisco Firewall Services Module. A remote user can cause denial of service conditions.
Click here to read more
|
| |
|
Apple patches iPhone SMS vulnerability |
| |
(14 August 2008) |
| |
Consumer technology firm Apple issued a patch to fix a critical iPhone flaw that could have allowed attackers to execute code just by sending a specially-crafted text message.
Click here to read more
|
| |
|
Adobe Acrobat, Adobe Reader and Adobe Flash Player Hold Critical Vulnerabilities |
| |
(07 August 2008) |
| |
Recently a critical vulnerability was discovered in Adobe Flash Player versions 9.0.159.0 and 10.0.22.87.
A new vulnerability within Adobe Flash, was found to be a zero-day vulnerability that has yet to be patched. This same vulnerability appears to extend to Adobe Reader and Adobe Acrobat version 9.1.2, as well as earlier version 9 variants.
Click the following link for more information.
|
| |
|
Worm Conficker/Downadup/Kido widely propagating |
| |
(13 July 2008) |
| |
It has been observed that worm Win32/Conficker/Downadup/kido is spreading widely by exploiting a previously reported Server Service vulnerability described in CERT-In vulnerability note CIVN-2008-170 and Microsoft Security Bulletin MS08-067.
|
| |
|
MySQL Connector/Net is Missing SSL Certificate Validation |
| |
(03 July 2008) |
| |
A vulnerability was reported in MySQL Connector/Net. A remote user can conduct spoofing attacks. MySQL Connector/Net does not validate the remote server's digital certificate when using SSL. A remote user can conduct man-in-the-middle attacks to gain access to the ostensibly protected data.
Click here to go to the link which provides the patch information. |
| |
|
Oracle Database Server Has Multiple Flaws That Let Remote Users Take Control of the Server |
| |
(01 September 2008) |
| |
Multiple vulnerabilities were reported in Oracle's Database Server. A local as well as a remote user can obtain control of the database server. Users are urged to review the bulletin and apply the required security fix issued by Oracle... |
| |
|
Microsoft Releases June Security Bulletin |
| |
(11 June 2008) |
| |
Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for June 2008. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition
. Users are urged to review the bulletin and apply the required security updates. Click here to go to the microsoft security bulletin for June. |
| |
|
Security bug in HP support app aids hackers |
| |
(09 June 2008) |
| |
Flaws in ActiveX components within HP Instant Support give rise to multiple vulnerabilties... |
| |
|
Phishers Target New Victims on LinkedIn |
| |
(02 June 2008) |
| |
Users of the professional-oriented social networking site LinkedIn are being warned that scam artists are using the site to nab lucrative bank account information from naive victims… |
| |
|
Microsoft Warns Against Using Safari |
| |
(02 June 2008) |
| |
Microsoft warned of a serious risk to people who use Safari on Windows XP or Vista, going so far as to suggest people "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple." … |
| |
|
Web 2.0 Sites a Thriving Marketplace for Malware |
| |
(02 June 2008) |
| |
Malicious software makers are using social networks, video sites, and blogs to peddle their wares to other online criminals…… |
| |
|
ActiveX control bug bites Creative Labs AutoUpdate engine |
| |
(02 June 2008) |
| |
A high-severity security flaw in the Creative Software automatic update engine could put Windows computers at risk of remote code execution attacks |
| |
|
Spammers open new front on social networking sites |
| |
(May 16, 2008) |
| |
Social networking sites have become the new front in the war against spam, according to security watchers. |
| |
|
DIY phishing kits introducing new features |
| |
(May 15, 2008) |
| |
What are some of the main factors for the increase of phishing attacks, and their maturity from passive emails to blended threats attempting to not just steal personal information |
| |
| |
Beijing investigates spam attack |
| |
(May 14, 2008) |
| |
China is investigating a spam attack after almost half of China's mobile phone users received unwanted text messages from advertisers.
|
| |
| |
Six botnets churning out 85 percent of all spam |
| |
(May 14, 2008) |
| |
Back in early February, we covered the rapid rise of the Mega-D botnet and its various social-engineering-based attack methods
|
| |
