Category Archives: Latest Warnings

Exploit Published for New Internet Explorer Flaw

December 23, 2010

Hackers have released exploit code that can be used to compromise Windows PCs through a previously unknown security flaw present in all versions Internet Explorer, Microsoft warned today.

Dave Forstrom, director of trustworthy computing at Microsoft, said the software giant is not aware of any attacks via this flaw attack customers, “given the public disclosure of this vulnerability, the likelihood of criminals using this information to actively attack our customers may increase.”

Google Debuts “This Site May Be Compromised” Warning

December 17, 2010

19 Comments

Google has added a new security and anti-spam feature to its search engine that promises to increase the number of Web page results that are flagged as potentially having been compromised by hackers.

Fallout from Recent Spear Phishing Attacks?

December 15, 2010

29 Comments

McDonald’s and Walgreens this week revealed that data breaches at partner marketing firms had exposed customer information. There has been a great deal of media coverage treating these and other similar cases as isolated incidents, but all signs indicate they are directly tied to a spate of “spear phishing” attacks against e-mail marketing firms that have siphoned customer data from more than 100 companies in the past few months.

Apple QuickTime Patch Fixes 15 Flaws

December 9, 2010

11 Comments

Apple this week issued an update that plugs at least 15 security holes in its QuickTime media player.

What You Should Know About History Sniffing

December 6, 2010

32 Comments

Researchers have discovered that dozens of Web sites are using simple Javascript tricks to snoop into visitors’ Web browsing history. While these tricks are nothing new, they are in the news again, so it’s a good time to remind readers about ways to combat this sneaky behavior.

Spear Phishing Attacks Snag E-mail Marketers

November 24, 2010

12 Comments

Criminals have been conducting complex, targeted e-mail attacks against employees at more than 100 e-mail service providers (ESPs) over the past several months in a bid to hijack computers at companies that market directly to customers of some of the world’s largest corporations, anti-spam experts warn.

The attacks are a textbook example of how organized thieves can abuse trust relationships between companies to access important resources that are then recycled in future attacks.

Critical Updates for Adobe Reader, Acrobat

November 17, 2010

19 Comments

Adobe on Tuesday issued a critical update to patch at least two security holes in its PDF Reader and Acrobat software, including one flaw that was publicly disclosed earlier this month. Updates are available for Windows, Mac and UNIX versions… Read More »

Flash Update Plugs 18 Security Holes

November 5, 2010

26 Comments

Adobe on Thursday released an update to its Flash Player software that fixes at least 18 security vulnerabilities, including one that is being exploited in targeted attacks.

Microsoft Warns of Attacks on Zero-Day IE Bug

November 3, 2010

10 Comments

Microsoft Corp. today warned Internet Explorer users that attackers are exploiting a previously unknown security hole in the browser to install malicious software. The company is urging users who haven’t already done so to upgrade to IE8, which it said includes technology that makes the vulnerability much more difficult to exploit.

‘Evilgrade’ Gets an Upgrade

November 3, 2010

14 Comments

“Evilgrade,” a toolkit that makes it simple for attackers to install malicious software by exploiting weaknesses in the auto-update feature of many popular software titles, recently received an upgrade of its own and is now capable of hijacking the update process of more than 60 legitimate programs.