Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Vulnerabilities

Microsoft: Don’t press F1 key in Windows XP

by Shanmuga

"Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE). In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher […]

Read the full article →

Microsoft investigates unpatched flaw that affects users running IE7 and IE8

by Shanmuga

"Microsoft on Sunday confirmed it’s investigating an unpatched bug in VBScript that hackers could exploit to plant malware on Windows XP machines running Internet Explorer (IE). The flaw could be used by attackers to inject malicious code onto victims’ PCs, said Maurycy Prodeus, the Polish security analyst with iSEC Security Research who revealed the vulnerability […]

Read the full article →

Adobe Flash security woes: How to protect yourself

by Shanmuga

"Adobe’s Flash Player software is on 99 percent of Internet-connected desktops, offering up multimedia and video capabilities on a multitude of popular Web sites such as YouTube. But the Adobe Flash platform has been beset by a rash of security problems that give intruders potential access to computers running the software.Issues have included one recent […]

Read the full article →

Flash flaw puts most sites, users at risk

by Shanmuga

"Hackers can exploit a flaw in Adobe’s Flash to compromise nearly every Web site that allows users to upload content, including Google’s Gmail, then launch silent attacks on visitors to those sites, security researchers said today. Adobe did not dispute the researchers’ claims, but said that Web designers and administrators have a responsibility to craft […]

Read the full article →

Microsoft unveils shield for critical Windows flaw

by Shanmuga

"With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component. The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and […]

Read the full article →

Microsoft patches the Autorun hole

by Shanmuga

Microsoft has released patches to its Windows operating system which restricts the AutoRun entries in the AutoPlay dialog to only CD and DVD drives. Windows includes a feature known as “AutoRun” which lets automatic arbitrary code execution when removable devices are connected to the computer. Inserting a CD, DVD, USB and Firewire device or even […]

Read the full article →

Microsoft Warns of Attacks on PowerPoint Vulnerability

by Shanmuga

"Hackers are launching attacks against an unpatched vulnerability in Microsoft Office PowerPoint, the company’s popular presentation program.

Read the full article →

Google plays down security concerns over Docs

by Shanmuga

"Google Docs users shouldn’t lose sleep over the security concerns a security analyst has raised about the hosted suite of office productivity applications, Google said late Friday. In an official blog posting, Jonathan Rochelle, Google Docs’ product manager, details why the company has determined that the issues included in the analyst’s report are far from […]

Read the full article →

Questions for Pwn2Own hacker Charlie Miller

by Shanmuga

Interesting interview with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability, posted by Ryan Naraine at ZDNet. Some tidbits from the interview: Why Safari? Why didn’t you go after IE or Safari? It’s really simple. Safari on the Mac is easier to exploit. The things […]

Read the full article →

Intel Chip Vulnerability Could Lead to Stealthy Rootkits

by Shanmuga

"Security researchers have released proof of concept exploit code for an Intel chip flaw that could be abused to compromise computer systems with stealthy rootkits. The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorized access to SMRAM, a protected region of system memory where the system management […]

Read the full article →

25 Most Dangerous Programming errors revealed

by Shanmuga

"The US National Security Agency has helped put together a list of the world’s most dangerous coding mistakes. The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Read the full article →

Serious bug opens major browsers to phishing attack

by Shanmuga

"Here’s how an attack would work: The bad guys would hack a legitimate website and plant HTML code that looks like a pop-up security alert window. The pop-up would then ask the victim to enter password and login information, and possibly answer other security questions used by the banks to verify the identity of their […]

Read the full article →

Firefox 3.0.4 fixes several security issues

by Shanmuga

Mozilla today released Firefox 3.04 which addresses many several security issues among other bug fixes and exhancements. The update fixes the following critical issues:

Read the full article →

Microsoft explains seven-year-old patch delay

by Shanmuga

"Microsoft Corp. late yesterday explained why it had been unable to patch a seven-year-old bug until recently, saying that it was only in the last year that it figured out how to fix the flaw without breaking most network-based applications.

Read the full article →

Microsoft Patches Four Windows Security Holes

by Shanmuga

"Microsoft today released a pair of security updates to plug at least four security holes in its Windows operating systems and other software. The software patches are available through Windows Update or via Automatic Updates.

Read the full article →

Adobe patches 8 bugs in popular PDF apps

by Shanmuga

"Adobe Systems Inc. patched its Reader application for the fifth time this year, plugging eight security holes, including one that was reported to the company more than five months ago.

Read the full article →

Microsoft Plugs Critical Security Holes

by Shanmuga

"Microsoft released four "critical" security bulletins for September’s Patch Tuesday, including a massive update for Microsoft Windows GDI+ that affects multiple products.

Read the full article →

Google issues first patches for Chrome

by Shanmuga

"Just days after it rolled out Chrome, Google Inc. issued an update after Vietnamese security researchers reported a critical vulnerability in the beta browser.

Read the full article →

Opera fixes critical flaws

by Shanmuga

"Browser maker Opera released an update to its software on Thursday, closing serious security vulnerabilities in the versions of its software for Windows, Mac, Linux and other operating systems.

Read the full article →

Vulnerabilities: Do not open untrusted files using VLC Media

by Shanmuga

"g_ has discovered a moderately critical vulnerability in VLC Media Player, which potentially can be exploited by malicious people to compromise a user’s system.

Read the full article →

Vulnerabilities: An Illustrated Guide to the Kaminsky DNS Vulnerability

by Shanmuga

"The big security news of Summer 2008 has been Dan Kaminsky’s discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends. This all led to a mad dash to patch DNS servers worldwide, and though there have […]

Read the full article →

Vulnerabilities: DNS security flaw also affects email

by Shanmuga

"A newly discovered flaw in the Internet’s core infrastructure not only permits hackers to force people to visit Web sites they didn’t want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said last week.

Read the full article →

Security: Apple releases massive security update

by Shanmuga

"Known as APPLE-SA-2008-03-18 Security Update 2008-002, it contains more than 40 specific fixes for versions of Mac OS X. The most significant updates include Apache, ClamAV, Emacs, OpenSSH, PHP, and X11. To get the update, go to the Software Update pane in System Preferences, or Apple’s Software Downloads Web site. The update "is recommended for […]

Read the full article →