Released: Microsoft Security Advisory (981374)

Vulnerability in Internet Explorer Could Allow Remote Code Execution Published: March 09, 2010 Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue. Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service … Continue reading Released: Microsoft Security Advisory (981374)

Released: Microsoft Security Bulletins for March 2010

As part of Microsoft’s routine, monthly security update cycle, they released 2 new security updates: MS10-016 -  Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) MS10-017 -  Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) References: Microsoft Security Bulletin Summary for IT Pro Microsoft Security Bulletin Summary for Consumers Microsoft Security Response Center Blog Microsoft Security Research & Defense Blog Please do not download security updates from other sources (email, other website). Get the security updates from Microsoft Update website. You can also get the updates using Automatic Update feature in Windows. Other sources … Continue reading Released: Microsoft Security Bulletins for March 2010

Cybercrimes expand to global brands

While financial institutions still top the phishing radar, cybercriminals are now moving beyond to top brands, with one of the recent victims being a hardware manufacturer, according to the latest Anti-Phishing Work Group report. Released on Sunday, the Anti-Phishing Work Group (APWG) Phishing Activity Trends Report for the fourth quarter of 2009 revealed that 356 brands were hijacked in October, an increase of 4.4 percent over the previous high of 341 recorded last August. The study was compiled using data from APWG and its members MarkMonitor, Websense and Panda Security. http://news.zdnet.co.uk/security/0,1000000189,40079603,00.htm

PayPal tells users to download anti-phishing software

PayPal is asking UK customers to download software from Iconix to help identify genuine e-mails sent by the eBay unit and weed out phishing messages. PayPal, which has long been a favourite target for phishers, says Iconix eMail ID can help protect customers by visually identifying genuine messages. After a customer installs the software, they’ll see an icon (a gold lock with a tick) next to a PayPal logo whenever they receive authentic e-mails from the firm. The free program works with most of the major e-mail services like Gmail, MSN Hotmail, Windows Live Hotmail, Yahoo Mail, Outlook and Outlook … Continue reading PayPal tells users to download anti-phishing software

Panda Security discovers malware on HTC Magic smartphone

Phone had three different types of malicious software programs on its internal memory A Panda Security employee discovered three malware programs on a recently purchased HTC Magic phone when it was plugged it into a Windows computer. Upon further investigation, Panda found that the employee’s phone contained three malware programs: a client for the now-defunct Mariposa botnet, the Conficker worm as well as a password stealer for the Lineage game, said Pedro Bustamante, Panda’s senior research adviser. The malware programs were on the phone’s 8GB microSD memory card, which mounts as an external drive when plugged into a PC, Bustamante … Continue reading Panda Security discovers malware on HTC Magic smartphone

McAfee cuts two percent of workforce

Security company McAfee has cut just under two percent of its global workforce. ZDNet UK understands that about 100 people have been made redundant from various parts of the company. Before the cuts, McAfee employed about 6,100 staff. Most of the redundancies involved engineering employees. McAfee has over 350 researchers globally. McAfee played down the cuts in an email statement sent to ZDNet UK on Friday. http://news.zdnet.co.uk/security/0,1000000189,40077945,00.htm

Don’t Blame Your Community: Ad Blocking Is Not Killing Any Sites

Every so often we hear about a random blog or website that freaks out and claims that ad blockers are "stealing" or somehow damaging websites. But it’s quite a surprise to see a similar argument from a site like Ars Technica — one of the top techie sites out there, which is now owned by Conde Nast. Over the weekend, Ars wrote an odd post claiming that ad blocking "is devastating to the sites you love." Ars decided to run an experiment where it blocked access to its content to any user using an ad blocker (with no warning or … Continue reading Don’t Blame Your Community: Ad Blocking Is Not Killing Any Sites

Confusion about Opera vulnerability

From Secunia Blog: There has lately been some confusion about a vulnerability reported in the Opera browser and rightly so based on the different statements having been issued. The vulnerability was reported as an integer overflow when processing the "Content-Length" header and accompanied by a PoC that always crashed when copying memory due to an overly large size. Based on the provided PoC and report, it immediately seemed like the crash would always occur and executing code would not be possible. Before issuing a Secunia advisory, a security specialist was tasked with thoroughly analysing the vulnerability report, cause of the … Continue reading Confusion about Opera vulnerability

Google Defends Chrome’s Security

Google’s Chrome OS Netbook will feature a host of built-in security technologies designed to protect users from malware and other threats, a Google engineer said at the RSA Conference last week. Will Drewry, a Google software security engineer, said the fact that the company’s Chrome OS is an open source project allows for constant feedback from developers regarding security design. This, he said, should reassure those acquiring a Google Netbook about the product’s security. Google plans to release a consumer version later this year and a business version featuring more management muscle in 2011, Drewry said. http://www.pcworld.com/article/190950/google_defends_chromes_security.html

Unsafe to search using Google Search as per F-Secure

From F-Secure Blog: Criminals like to attack the biggest target because BIGGER generally provides a better Return On Investment (ROI). Windows is a good example. Mac is indeed safer than Windows but it isn’t necessarily because Mac is more secure. Windows has a larger market share and that equals more potential victims. How about search engines? What is the biggest search engine on the block? Google — and the bad guys know it. The result? It’s becoming less and less safe to search via Google. The test result is in http://www.f-secure.com/weblog/archives/00001897.html