In its largest patch push so far this year, Microsoft today released 10 security updates to fix at least 34 security vulnerabilities in its Windows operating system and software designed to run on top of it. Separately, Apple has shipped another version of Safari for both Mac and Windows PCs that patches some four dozen security holes in the Web browser.
Adobe Systems Inc. warned late Friday that malicious hackers are exploiting a previously unknown security hole present in current versions of its Adobe Reader, Acrobat and Flash Player software.
“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat,” the company said in a brief blog post published Friday evening. “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.”
If you use your iPhone to connect to open or public Wi-Fi networks, it’s a good idea to tell the device to forget the wireless network’s name after you’re done using it, as failing to do so could make it easier for snoops to eavesdrop on your iPhone data usage.
For example, if you use your iPhone to connect to an open wireless network called “linksys,” — which happens to be the default, out-of-the-box name assigned to all Linksys home Wi-Fi routers — your iPhone will in the future automatically connect to any Wi-Fi network by that same name.
The potential security and privacy threat here is that an attacker could abuse this behavior to sniff the network for passwords and other sensitive information transmitted from nearby iPhones even when the owners of those phones have no intention of connecting to a wireless network, simply by giving his rogue access point a common name.
Not long after I launched this blog, I wrote about the damage wrought by the Eleonore Exploit Kit, an increasingly prevalent commercial hacking tool that makes it easy for criminals to booby-trap Web sites with malicious software. That post generated tremendous public interest because it offered a peek at the statistics page that normally only the criminals operating these kits get to see.
I’m revisiting this topic again because I managed to have a look at another live Eleonore exploit pack panel, and the data seems to reinforce a previous hunch: Today’s attackers care less about the browser you use and more about whether your third-party browser add-ons and plugins are up-to-date.
If you’ve been watching the slow motion train wreck that is Facebook.com’s recent effort to revamp its privacy promises, you may be wondering where to start unraveling all of the privacy “choices” offered by the world’s largest online social network. Fortunately, developers are starting to release free new tools so that you don’t need a masters in Facebook privacy or read a statement longer than the U.S. Constitution to get started.
A laptop stolen from a government contractor last month contained names, addresses and Social Security numbers of more than 207,000 U.S. Army reservists, Krebsonsecurity.com has learned. The U.S. Army Reserve Command began alerting affected reservists on May 7 via e-mail.… Read More »
Microsoft Corp. and Adobe Systems each released security updates on Tuesday. Microsoft issued two “critical” patches that address one security flaw apiece, while Adobe’s patches fix a whole mess of serious vulnerabilities in its software. One of the critical updates… Read More »
Visa on Friday warned banks that it has received reliable intelligence that an organized criminal group plans to attempt to move large amounts of fraudulent payments through a merchant account in Eastern Europe over the weekend.
A number of readers recently have written in to say their banks recently have urged customers to install a security program called Rapport as a way to protect their online bank accounts from fraud. The readers who pinged me all said they didn’t know much about this product, and did I recommend installing it? Since it has been almost two years since I last reviewed the software, I thought it might be useful to touch base with its creators to see how this program has kept pace with the latest threats.
The “Storm Worm,” a prolific strain of malicious software once responsible for blasting out 20 percent of spam sent worldwide before it died an ignominious death roughly 18 months ago, was resurrected this week. Researchers familiar with former strains of the worm say telltale fingerprints in the new version strongly suggest that it was either rebuilt by its original creators or was sold to another criminal malware gang.
