VB Migration

Tag: vulnerability

  • Microsoft alert on Excel vulnerability

    Targeted exploitation of zero-day flaw seen in wild. Microsoft has issued a security advisory on an unresolved vulnerability in its Excel software, which has been reported as a vector for targeted attacks in the wild. Few details have emerged on the exact nature of the flaw, but it is known to affect several versions of…

  • SQL attack hacks wide range of sites

    CA among victims of major attack linking sites to malware. Huge numbers of legitimate websites – perhaps as many as 100,000 according to some reports – fell victim to hackers over the last couple of weeks thanks to SQL injection problems leaving sites vulnerable. The hacks redirect traffic to sites in China, where click-fraud is…

  • Four IE bugs fixed by Patch Tuesday release

    Seven updates, three critical in monthly security update. Microsoft has released its monthly ‘Patch Tuesday’ security bulletin, featuring seven updates of which three are marked ‘critical’ and cover flaws which could allow remote execution of code if exploited on vulnerable systems. The critical issues are with DirectX , Windows Media Format and Internet Explorer ,…

  • Grisoft acquires Exploit Prevention Labs

    AVG to incorporate LinkScanner in further consolidation of security offerings. Grisoft , developer of the AVG security product whose free version is widely deployed on home-user desktops, has announced the acquisition of Exploit Prevention Labs , a small firm whose headline product LinkScanner focuses on detecting exploit attempts in web pages before they are visited.…

  • SANS issues vulnerability top 20

    Annual study of security risks finds software and humans present dangers. The SANS Institute has released its annual survey of vulnerabilities putting computer systems and networks at risk, finding increasing threat levels in server and client side software as well as a growing trend of risks emerging from human nature rather than programming flaws. The…

  • QuickTime flaw could open Windows PCs to hackers

    Firefox users most vulnerable; Internet Explorer users should be wary too. Polish security researcher Krystian Kloskowski has published a proof-of-concept exploit for a vulnerability in Apple ‘s QuickTime media player. The exploit, which makes use of a vulnerability in the way the RTSP-protocol is handled by QuickTime , could give hackers access to PCs that…

  • Five-year-old design flaw found in all Windows versions

    Microsoft engineers spend Thanksgiving holidays writing patch. During the Kiwicon conference earlier this month, ethical hacker Beau Butler from New Zealand disclosed a design flaw in Windows that could potentially affect millions of users. Said flaw seems to have been first discovered and, apparently, fixed more than five years ago, but this fix has turned…

  • Two fixes released on lightweight Patch Tuesday

    Monthly security update covers just couple of dangers. Microsoft has released its monthly ‘Patch Tuesday’ security bulletin, with only two patches issued, one rated ‘Important’ and the other ‘critical’. The more serious flaw, a problem with URI validation, has been publicly disclosed and can be used to remotely compromise a system. While exploitation methods have…

  • PDF trojan exploits Adobe flaw

    Reader/Acrobat vulnerability targeted day after patch release. A vulnerability in Adobe ‘s popular PDF-viewing software Adobe Reader and editing suite Acrobat , first reported a month ago , was patched on Monday in an update released two weeks after the company issued a workaround to minimise exposure. The following day, PDFs containing exploits for the…

  • RealPlayer zero-day flaw exploited

    Manufacturer responds rapidly to serious security hole. A zero-day vulnerability in the popular media playing system RealPlayer was spotted being exploited in the wild late last week, with several trojans penetrating vulnerable systems from malicious websites in silent drive-by downloads. The flaw is in a piece of code previously exploited to cause denial of service,…