Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit pack. The addition of a new weapon to this malware arsenal will almost certainly lead to a spike in compromised PCs, as more than 3 billion devices run Java and many of these installations are months out of date.
Comcast says it is revamping the software that new customers need to install to start service with the ISP. The software is not terribly friendly to Mac users running Firefox: It changes the browser’s homepage to comcast.net, and blocks users from changing it to anything else.
Adobe released an emergency security update today to fix a vulnerability that the company warned is being actively exploited in targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. The vulnerability… Read More »
Adobe has released another batch of security updates for its ubiquitous Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks. In the advisory that accompanies this… Read More »
A new crimeware kit for sale on the criminal underground makes it a simple point-and-click exercise to develop malicious software designed to turn Mac OSX computers into bots. According to the vendor of this kit, it is somewhat interchangeable with existing crimeware kits made to attack Windows-based PCs.
With new security updates from vendors like Adobe, Apple and Java coming out on a near-monthly basis, keeping your Web browser patched against the latest threats can be an arduous, worrisome chore. But a new browser plug-in from security firm Qualys makes it quick and painless to find and patch outdated browser components.
A new online resource aims to make it easier to gauge the relative security risk of using different types of popular software, such as Web browsers and media players.
Once or twice each year, some security company trots out a “study” that counts the number of vulnerabilities that were found and fixed in widely used software products over a given period and then pronounces the most profligate offenders in a Top 10 that is supposed to tell us something useful about the relative security of these programs. And nearly without fail, the security press parrots this information as if it were newsworthy.