Tag: vulnerability
-
Microsoft alert on Excel vulnerability
Targeted exploitation of zero-day flaw seen in wild. Microsoft has issued a security advisory on an unresolved vulnerability in its Excel software, which has been reported as a vector for targeted attacks in the wild. Few details have emerged on the exact nature of the flaw, but it is known to affect several versions of…
-
SQL attack hacks wide range of sites
CA among victims of major attack linking sites to malware. Huge numbers of legitimate websites – perhaps as many as 100,000 according to some reports – fell victim to hackers over the last couple of weeks thanks to SQL injection problems leaving sites vulnerable. The hacks redirect traffic to sites in China, where click-fraud is…
-
Four IE bugs fixed by Patch Tuesday release
Seven updates, three critical in monthly security update. Microsoft has released its monthly ‘Patch Tuesday’ security bulletin, featuring seven updates of which three are marked ‘critical’ and cover flaws which could allow remote execution of code if exploited on vulnerable systems. The critical issues are with DirectX , Windows Media Format and Internet Explorer ,…
-
Grisoft acquires Exploit Prevention Labs
AVG to incorporate LinkScanner in further consolidation of security offerings. Grisoft , developer of the AVG security product whose free version is widely deployed on home-user desktops, has announced the acquisition of Exploit Prevention Labs , a small firm whose headline product LinkScanner focuses on detecting exploit attempts in web pages before they are visited.…
-
SANS issues vulnerability top 20
Annual study of security risks finds software and humans present dangers. The SANS Institute has released its annual survey of vulnerabilities putting computer systems and networks at risk, finding increasing threat levels in server and client side software as well as a growing trend of risks emerging from human nature rather than programming flaws. The…
-
QuickTime flaw could open Windows PCs to hackers
Firefox users most vulnerable; Internet Explorer users should be wary too. Polish security researcher Krystian Kloskowski has published a proof-of-concept exploit for a vulnerability in Apple ‘s QuickTime media player. The exploit, which makes use of a vulnerability in the way the RTSP-protocol is handled by QuickTime , could give hackers access to PCs that…
-
Five-year-old design flaw found in all Windows versions
Microsoft engineers spend Thanksgiving holidays writing patch. During the Kiwicon conference earlier this month, ethical hacker Beau Butler from New Zealand disclosed a design flaw in Windows that could potentially affect millions of users. Said flaw seems to have been first discovered and, apparently, fixed more than five years ago, but this fix has turned…
-
Two fixes released on lightweight Patch Tuesday
Monthly security update covers just couple of dangers. Microsoft has released its monthly ‘Patch Tuesday’ security bulletin, with only two patches issued, one rated ‘Important’ and the other ‘critical’. The more serious flaw, a problem with URI validation, has been publicly disclosed and can be used to remotely compromise a system. While exploitation methods have…
-
PDF trojan exploits Adobe flaw
Reader/Acrobat vulnerability targeted day after patch release. A vulnerability in Adobe ‘s popular PDF-viewing software Adobe Reader and editing suite Acrobat , first reported a month ago , was patched on Monday in an update released two weeks after the company issued a workaround to minimise exposure. The following day, PDFs containing exploits for the…
-
RealPlayer zero-day flaw exploited
Manufacturer responds rapidly to serious security hole. A zero-day vulnerability in the popular media playing system RealPlayer was spotted being exploited in the wild late last week, with several trojans penetrating vulnerable systems from malicious websites in silent drive-by downloads. The flaw is in a piece of code previously exploited to cause denial of service,…