Mindblown: a blog about philosophy.
-
Access flaw exploited via Word
Microsoft’s employees hunting vulnerabilities instead of Easter eggs. A buffer overrun vulnerability in Microsoft ‘s Jet Database Engine , the underlying database behind Microsoft Access among others, is currently being used in a limited number of targeted attacks. The victim is sent two files as an email attachment, possibly combined in a ZIP file, one…
-
Microsoft acquires Komoku
Anti-rootkit software to become part of Forefront and OneCare. Just before Easter, Microsoft announced it had acquired Komoku , a Maryland-based company that builds anti-rootkit software. Komoku was founded in 2004 and quickly became one of the leaders in the area of rootkit detection. Among its customers are the American ministries of Homeland Security and…
-
Legitimate program becomes trojan downloader
Website of FlashGet attacked; malicious ‘update’ automatically downloaded. By hacking into the website of popular Windows download manager FlashGet , cybercriminals have managed to turn the software into a trojan-downloader. Like many programs, FlashGet regularly connects to its developer’s website to see if there are any updates to be installed. However, attackers have managed to…
-
Hoax email warns about ‘nasty virus’
Phony advice causes removal of site from search engines. Over the last few days an email, written in German, has been seen circulating warning users about a ‘nasty virus’ that is infecting millions of websites. The email indicates that making a simple change to the robots.txt file in the website’s main directory will prevent the…
-
More ‘trusted sites’ carrying iframe danger
Big wave of website infections could affect tens of thousands of sites, Trend Micro latest victim. Earlier this week McAfee reported a major outbreak of website infections, with as many as 20,000 sites thought to have been hit with a single wave of malicious iframe insertion attacks. Since then, Trend Micro ‘s website has been…
-
AV-test.org issues latest figures
In-depth testing covers multiple factors. Independent testing body AV-Test.org has released its latest set of results, with a large group of products tested against a number of criteria including proactive detection, spotting and removing active infections, and outbreak response times, as well as simple detection rates. The results show how companies and their products fare…
-
EU agency research advises sweeping security improvements
ISPs and developers should be held to account, says report. A research paper commissioned by the European Network and Information Security Agency (ENISA) has called for major changes to the way security is currently handled, advising tighter regulations for developers and ISPs and the foundation of an independent agency to monitor cybercrime. The paper, prepared…
-
Latest Patch Tuesday release
March’s Patch Tuesday sees four ‘critical’ updates. Microsoft has released its monthly ‘Patch Tuesday’ security bulletin. This month the bulletin features four ‘critical’ updates, all of which apply to different components of the Office suite of products, and all of which fix vulnerabilities that allow remote code execution on a machine running the affected software.…
-
Latest AV-Comparatives results released
Detection test shows most products improving. Testers at AV-Comparatives have released their latest set of results, with 16 products pitted against a massive set of over 1.6 million malicious samples. In general the products fared well, with all but one achieving the ‘Advanced’ or ‘Advanced+’ level. The standard across the tested products this time was…
-
Cisco announces ‘Patch Wednesdays’
Cisco set to embark on regular release cycle. Following a trend set by Microsoft ‘s monthly ‘Patch Tuesdays’ and Oracle ‘s quarterly security updates, networking giant Cisco has announced it will release patches for its Internetwork Operating System ( IOS ) on fixed dates. The patches, which Cisco calls ‘Security Advisories’, will be released on…
Got any book recommendations?