A major new malware spam campaign mimicking invites sent via business networking site LinkedIn.com leverages user trust and a kitchen sink of browser exploits in a bid to install the password-stealing ZeuS Trojan.
Google said today that it will begin offering users greater security protections for signing in to Gmail and other Google Apps offerings. This “two-step verification” process — which requires participating users to input a user ID, password and six-digit code sent to their mobile phones — effectively means Google will be offering more secure authentication than many U.S. financial institutions currently provide for their online banking customers.
A security vulnerability in Microsoft Windows XP systems that was first disclosed a week ago is now being actively exploited by malicious Web sites to foist malware on vulnerable PCs, according to reports. Last week, Google researcher Tavis Ormandy disclosed… Read More »
Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.
The security flaw has to do with a weakness in the way the Windows Help and Support Center processes links. Both Windows XP and Server 2003 retrieve help and support information from a fixed set of Web pages that are included on a whitelist maintained by Windows. But Google security research Tavis Ormandy discovered that it was possible to add URLs to that whitelist.
Purveyors of fake anti-virus or “scareware” programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google.
Malicious hackers spend quite a bit of energy and time gaming the Internet search engines in a bid to have their malware-laden sites turn up on the first page of search results for hot, trending news topics. Increasingly, though, computer criminals are taking steps to keep search bots at bay, particularly with legitimate Web sites that have been hacked and booby-trapped with hostile code.
Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.
Microsoft has issued an emergency security update to plug a critical hole in its Internet Explorer Web browser. The IE bug is the same flaw that is being blamed in part for fueling a spate of recent break-ins at Fortune… Read More »
Less than 24 hours after Microsoft acknowledged the existence of an unpatched, critical flaw in all versions of its Internet Explorer Web browser, computer code that can be used to exploit the flaw has been posted online. This was bound… Read More »
The recent targeted cyber attacks against Google, Adobe and other major companies were fueled in part by a previously unknown — and currently unpatched — security flaw in Microsoft’s Internet Explorer Web browser, anti-virus vendor McAfee said today.
