Malware, spam, information security and data recovery news.
Kaspersky has recently released a detailed description of the “Red October” attack, an espionage operation involving the infection of hundreds of computers targeting government networks, embassies, and scientific organizations. The victims have mostly been in Eastern Europe, according to Securelist, but computers around the world have been infected, including some in the United States. The […]
Oracle has released a Java patch to address the major vulnerability reported a few days ago. Everyone is strongly recommended to install the update. Sophos’ Naked Security blog offers this article that includes information about the vulnerability and the patch. Oracle’s page for the the patch, Java 7 Update 11, includes technical details of the […]
A new 0-day Java vulnerability has been discovered that is already being used in malware distribution kits “in the wild.” No update to fix the problem is yet available. Naked Security has provided an overview of the vulnerability along with links to instructions on how to disable the Java extensions in all major browsers until […]
A significant Yahoo Mail vulnerability has been discovered that has reportedly already resulted in a number of compromised accounts. The attack was first demonstrated by a hacker named Shahin Ramezany, who now claims that Yahoo’s initial fix is easy to work around. The last link even includes a video explaining how the cross-site-scripting (XSS) vulnerability works. […]
Microsoft’s lightweight version of Windows 8 for tablets and ultra-low-end PCs, Windows RT, has apparently been hacked to allow desktop applications to run, albeit only those compiled for the ARM platform. An article from CIO reports that a hacker known as “clrokr” has developed a method for circumventing Windows RT’s code signing restrictions. This would […]
Google has reported that Chrome detected a fraudulent digital security certificate for the *.google.com domain. This could have potentially allowed whoever possessed the certificate to impersonate Google. The problem originated with a mistake by a Turkish Certificate Authority. From the Google blog post by software engineer Adam Langley: TURKTRUST told us that based on our […]
Microsoft has issued an advisory warning of a 0-day vulnerability in Internet Explorer 6, 7, and 8 that could allow malicious code to be executed on a victim’s computer as soon as they visit a compromised web site. More recent versions of Internet Explorer are not affected. Symantec describes the means of infection as a “watering […]
