Tag: exploit
-
Internet Explorer zero-day used in the wild
Dropped PoisonIvy trojan linked to ‘Nitro’ attacks. Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer that is currently being used in the wild by the ‘ Nitro ‘ gang. The attack, which is probably used in a drive-by download attack, starts with an HTML file that does some preparatory work…
-
Researchers find many popular sites serving drive-by downloads
10 million people exposed to malware served by 25,000 most visited sites alone. Researchers at Barracuda Labs have found that 58 among the 25,000 most popular websites were serving drive-by download exploits at some time in February. The researchers used Alexa to determine the 25,000 most visited websites and scanned these sites during February. On…
-
Microsoft Word for Mac exploit used in targeted attacks
Tibetan NGOs targeted. Researchers at Alienvault have discovered a targeted attack against Tibetan NGOs that uses a three-year-old vulnerability in Microsoft Office for Mac . The attack exploits vulnerability MS09-027, which was discovered and subsequently patched by Microsoft in 2009. On unpatched systems, a specially crafted malicious document allows for remote code execution, giving the…
-
Recently discovered Java vulnerability being added to exploit kit
Kit ‘patched’ to include latest exploit; users urged to patch their software too. Security researcher and journalist Brian Krebs has found evidence that a recently discovered vulnerability in Java is being added to the ‘BlackHole’ exploit kit. The vulnerability was discovered a few weeks ago and makes use of the Rhino Script Engine to run…
-
Mysql.com hacked, serving malware
Root access to site offered on black market. Yesterday, mysql.com, the official website of the popular database management system MySQL , was hacked and visitors to the website were at risk of being infected with malware. The hack of popular websites is nothing new, and with such sites serving as the shop windows of the…
-
DroidKungFu command and control server may be mobile device
Android trojan makes use of root exploit. Researchers at Fortinet have discovered a command and control server for the ‘DroidKungFu’ Android trojan that appears to be a mobile device itself. While malware for mobile devices has become more prevalent in recent months, it is believed attacks are still carried out from static computers and servers.…
-
Adobe releases emergency update for Flash Player
Zero-day exploit actively being abused. Adobe has announced it will release an update for its Flash Player on Friday 15 April, fixing a vulnerability that is currently being exploited. The vulnerability, which affects Flash Player 10.2.x on Windows , Macintosh , Linux and Solaris , can be used by attackers to take control of an…
-
Hefty Patch Tuesday bulletin rounds off bumper year
No sign of an end to vulnerability glut. Microsoft released its monthly Patch Tuesday security bulletin yesterday, with details of a hefty 17 alerts covering 40 separate vulnerabilities. Although only two of this month’s haul were marked as ‘Critical’, many others could be used to launch malicious attacks on vulnerable systems. The Critical alerts included…
-
Giant patch release from Microsoft, Oracle
Record Patch Tuesday combines with swathe of extra fixes for corporates. It’s a busy week for corporate admins as Microsoft ‘s monthly Patch Tuesday security bulletin, containing a bumper 16 separate alerts covering nearly 50 separate vulnerabilities in the company’s software range, emerged the same day as a similarly sizeable raft of fixes from Oracle…
-
Extra-large crop of updates for Patch Tuesday
Fourteen security alerts from Microsoft join two from Adobe. Microsoft ‘s monthly Patch Tuesday security bulletins came out this week, featuring a chunky 14 separate alerts with many covering multiple issues. Eight of the new alerts were rated ‘Critical’, with the remaining six marked as ‘Important’. In addition to Microsoft ‘s updates, Adobe also released…