VB Migration

Tag: vulnerability

  • Avast launches bug bounty programme

    Security firm offers reward for info on bugs. Security firm Avast Software , producer of the popular avast! free anti-virus solution, has announced a bug bounty programme to encourage researchers to responsibly report the vulnerabilities they identify in the company’s security products. Avast is interested in hearing about vulnerabilities that may lead to remote code…

  • Do we need stronger email addresses?

    Skype vulnerability allowed for account hijacking using only email address. A worryingly trivial vulnerability in VoIP service Skype became public this morning, which allowed anyone to take over a user’s Skype account using nothing but the email address linked to the account. The method – which was posted on Russian underground forums a few months…

  • Microsoft releases advisory offering workarounds for IE vulnerability

    German government advises users to use alternative browser. Microsoft has released a security advisory to address the zero-day vulnerability in its Internet Explorer browser that we wrote about yesterday . Among the advised actions to mitigate the vulnerability are the deployment of a mitigation toolkit and turning off active scripting for all but trusted websites.…

  • Internet Explorer zero-day used in the wild

    Dropped PoisonIvy trojan linked to ‘Nitro’ attacks. Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer that is currently being used in the wild by the ‘ Nitro ‘ gang. The attack, which is probably used in a drive-by download attack, starts with an HTML file that does some preparatory work…

  • From spear phishing to watering holes

    Symantec reports increase in ‘watering hole attacks’. Imagine that for some reason you wanted to gain access to my computer. One thing you could do is send me an email with some malware attached, or a link to a site serving malware. That is called spear phishing. Spear-phishing is commonly used in targeted attacks; for…

  • Vulnerability turns McAfee’s anti-malware solution into open relay

    Flaw allows for spam to be sent through customers’ PCs. A vulnerability discovered in McAfee ‘s SaaS for Total Protection , the company’s hosted anti-malware solution, effectively turns a customer’s machine into an open relay, allowing others to send spam through it. Open relays allow anyone to send mail through a machine to any recipient…

  • Recently discovered Java vulnerability being added to exploit kit

    Kit ‘patched’ to include latest exploit; users urged to patch their software too. Security researcher and journalist Brian Krebs has found evidence that a recently discovered vulnerability in Java is being added to the ‘BlackHole’ exploit kit. The vulnerability was discovered a few weeks ago and makes use of the Rhino Script Engine to run…

  • Adobe releases emergency update for Flash Player

    Zero-day exploit actively being abused. Adobe has announced it will release an update for its Flash Player on Friday 15 April, fixing a vulnerability that is currently being exploited. The vulnerability, which affects Flash Player 10.2.x on Windows , Macintosh , Linux and Solaris , can be used by attackers to take control of an…

  • Hefty Patch Tuesday bulletin rounds off bumper year

    No sign of an end to vulnerability glut. Microsoft released its monthly Patch Tuesday security bulletin yesterday, with details of a hefty 17 alerts covering 40 separate vulnerabilities. Although only two of this month’s haul were marked as ‘Critical’, many others could be used to launch malicious attacks on vulnerable systems. The Critical alerts included…

  • Security fixes from Apple and Microsoft

    100 security fixes in latest OS X update; three MS security updates in this month’s patch release. The latest release of Mac operating system OS X ( Mac OS X v10.6.5 ) contains over 100 security updates, including fixes for vulnerabilities in Apache , the Flash Player plug-in, Image Capture and MySQL . A range…