Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Vulnerabilities

Microsoft: Don’t press F1 key in Windows XP

by Shanmuga

"Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE). In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher […]

Read the full article →

Adobe Flash security woes: How to protect yourself

by Shanmuga

"Adobe’s Flash Player software is on 99 percent of Internet-connected desktops, offering up multimedia and video capabilities on a multitude of popular Web sites such as YouTube. But the Adobe Flash platform has been beset by a rash of security problems that give intruders potential access to computers running the software.Issues have included one recent […]

Read the full article →

Flash flaw puts most sites, users at risk

by Shanmuga

"Hackers can exploit a flaw in Adobe’s Flash to compromise nearly every Web site that allows users to upload content, including Google’s Gmail, then launch silent attacks on visitors to those sites, security researchers said today. Adobe did not dispute the researchers’ claims, but said that Web designers and administrators have a responsibility to craft […]

Read the full article →

Microsoft unveils shield for critical Windows flaw

by Shanmuga

"With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component. The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and […]

Read the full article →

Microsoft Warns of Attacks on PowerPoint Vulnerability

by Shanmuga

"Hackers are launching attacks against an unpatched vulnerability in Microsoft Office PowerPoint, the company’s popular presentation program.

Read the full article →

Google plays down security concerns over Docs

by Shanmuga

"Google Docs users shouldn’t lose sleep over the security concerns a security analyst has raised about the hosted suite of office productivity applications, Google said late Friday. In an official blog posting, Jonathan Rochelle, Google Docs’ product manager, details why the company has determined that the issues included in the analyst’s report are far from […]

Read the full article →

Intel Chip Vulnerability Could Lead to Stealthy Rootkits

by Shanmuga

"Security researchers have released proof of concept exploit code for an Intel chip flaw that could be abused to compromise computer systems with stealthy rootkits. The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorized access to SMRAM, a protected region of system memory where the system management […]

Read the full article →

25 Most Dangerous Programming errors revealed

by Shanmuga

"The US National Security Agency has helped put together a list of the world’s most dangerous coding mistakes. The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Read the full article →

Firefox 3.0.4 fixes several security issues

by Shanmuga

Mozilla today released Firefox 3.04 which addresses many several security issues among other bug fixes and exhancements. The update fixes the following critical issues:

Read the full article →

Microsoft Patches Four Windows Security Holes

by Shanmuga

"Microsoft today released a pair of security updates to plug at least four security holes in its Windows operating systems and other software. The software patches are available through Windows Update or via Automatic Updates.

Read the full article →

Google issues first patches for Chrome

by Shanmuga

"Just days after it rolled out Chrome, Google Inc. issued an update after Vietnamese security researchers reported a critical vulnerability in the beta browser.

Read the full article →

Vulnerabilities: Do not open untrusted files using VLC Media

by Shanmuga

"g_ has discovered a moderately critical vulnerability in VLC Media Player, which potentially can be exploited by malicious people to compromise a user’s system.

Read the full article →

Vulnerabilities: An Illustrated Guide to the Kaminsky DNS Vulnerability

by Shanmuga

"The big security news of Summer 2008 has been Dan Kaminsky’s discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends. This all led to a mad dash to patch DNS servers worldwide, and though there have […]

Read the full article →

Vulnerabilities: DNS security flaw also affects email

by Shanmuga

"A newly discovered flaw in the Internet’s core infrastructure not only permits hackers to force people to visit Web sites they didn’t want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said last week.

Read the full article →

Security: Apple releases massive security update

by Shanmuga

"Known as APPLE-SA-2008-03-18 Security Update 2008-002, it contains more than 40 specific fixes for versions of Mac OS X. The most significant updates include Apache, ClamAV, Emacs, OpenSSH, PHP, and X11. To get the update, go to the Software Update pane in System Preferences, or Apple’s Software Downloads Web site. The update "is recommended for […]

Read the full article →

Vulnerabilities: Malicious subtitle file could harm VLC media player

by Shanmuga

"A flaw in the widely-used open-source VLC media player could allow an attacker to execute harmful code on a PC. The problem stems from a buffer overflow that can occur when the player processes subtitle files used for movies, according to a security advisory.

Read the full article →

Microsoft fixes a dozen critical Office flaws in four patches

by Shanmuga

"Microsoft released its March 2008 security bulletin, which includes four bulletins, all deemed critical by Microsoft. The most serious of these affects Microsoft Excel, which alone has six specific "Common Vulnerablities and Exposures" vulnerabilities noted, one of which has been exploited in the wild.

Read the full article →

Mozilla adds 900 fixes and upgrades Firefox 3 beta

by Shanmuga

"Mozilla released the latest beta of Firefox 3, including some 900 bug fixes and highlighting for users that it is for testing purposes only. The release comes less than a week after Microsoft showed off the next version of its browser – Internet Explorer 8 – at its annual Mix show for developers.

Read the full article →

Is it time to consider PDF a threat?

by Shanmuga

"Adobe released patches for its Reader and Acrobat programs last Wednesday, but there’s reason to suspect that the company has closed the barn door long after the cattle fled. According to a blog entry at the SANS Internet Storm Center, this particular vulnerability has been exploited in the wild for several weeks. In this case, […]

Read the full article →

Microsoft Issues Biggest Patch Update in a Year

by Shanmuga

"Microsoft on Tuesday rolled out 11 security updates that patch 17 vulnerabilities in Windows, Office, Internet Explorer, Internet Information Server (IIS) and several other components and technologies. It was the most patch bulletins Microsoft’s has issued since February 2007, even though it yanked one expected update — scheduled last week to fix problems in VBScript […]

Read the full article →

Mozilla patches 11 Firefox bugs

by Shanmuga

"Mozilla Corp. late yesterday patched Firefox to quash 11 bugs, including one from three weeks ago that posed a threat to users who had installed any of the more than 600 add-ons for the open-source browser. Firefox 2.0.0.12 fixed four vulnerabilities that Mozilla ranked "critical," one it pegged "high" and three each rated as "moderate" […]

Read the full article →

Free tool blocks Facebook, MySpace, and Yahoo ActiveX vulnerabilities

by Shanmuga

"A researcher over at the Internet Storm Center has created a powerful GUI that will set the kill-bits on vulnerable ActiveX controls used in Facebook, Myspace, and Yahoo apps. These popular apps came under attack on Monday after researchers Elazar Broad and Krystian Kloskowski disclosed their findings to a online security newsgroup.

Read the full article →

Kill ActiveX

by Shanmuga

"A wave of bugs in the plug-in technology used by Microsoft Corp.’s Internet Explorer browser has some security experts, including those at US-CERT, recommending that users disable all ActiveX controls.

Read the full article →